InfoSecBulletin Cybersecurity for mankind
Microsoft released updates for 73 vulnerabilities, including two zero-day flaws being actively exploited, which makes for a busy February for system administrators.
In February’s Patch Tuesday update, there were fixes for five critical vulnerabilities and 30 remote code execution flaws. However, the two zero-day vulnerabilities were security feature bypass bugs.
Delay patching leaves about 50,000 Fortinet firewalls to zero-day attack
Daily Security Update Dated: 21.01.2025
126 Linux kernel Vulns Allow Attackers Exploit 78 Linux Sub-Systems
CERT-UA alerts about “security audit” requests through AnyDesk
Oracle Critical Pre-Release update addressed 320 flaw
OWASP Reveils Top 10 Smart Contract Vulnerabilities for 2025
Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS
Intel holds 22 employees from one Bangladeshi University
VPN Surge 1500% in USA after TikTok Shut Down
MITRE Launches D3FEND 1.0; The Milestone for Cybersecurity Ontology
The CVE-2024-21412 is related to Internet Shortcut Files and has a CVSS score of 8.1. It is rated as “important” because it requires user interaction to be successful, says Mike Walters, president of Action1.
“In the exploitation scenario, an attacker must send a specifically crafted file to a target user and persuade them to open it, since the attacker cannot compel the user to engage with the malicious content directly,” he explained.
Although the vulnerability was not publicly disclosed, it has been found to be exploitable. It is important for organizations to apply the official patches and updates from Microsoft to fix this vulnerability.
The CVE-2024-21351 zero-day vulnerability bypasses the SmartScreen security feature in Microsoft Defender. Its impact is rated as moderate with a CVSS score of 7.6. Although it’s being exploited, there’s currently no available proof-of-concept, according to Walters.
“For this vulnerability, an attacker must distribute a malicious file to a user and persuade them to open it, allowing them to circumvent the SmartScreen checks and potentially compromise the system’s security,” he added.
Time to Patch Two Critical RCE Bugs:
There are also two important vulnerabilities to be aware of this month, with CVSS scores of 9.8. CVE-2024-21410 allows attackers to act as the victim and perform operations on Microsoft Exchange Server.
“This flaw allows a remote, unauthenticated attacker to relay NTLM (Windows NT Lan Manager) credentials and impersonate other users on the Exchange server,” explained Qualys product manager, Saeed Abbasi.
“The exploitation process involves targeting an NTLM client, such as Outlook, to leak NTLM credentials through a vulnerability. These credentials can then be relayed back to the Exchange server, granting the attacker the same privileges as the victim.”
CVE-2024-21413 There is a serious vulnerability in Office that enables an attacker to make a file open in editing mode, as if the user had given permission to trust the file. The exploit can happen through the Outlook Preview Pane, without requiring any action from the user.
Administrators using Office 2016 should be aware that they need to install five separate patches to fix CVE-2024-21413, if they apply patches outside of Microsoft Update. This was warned by Adam Barnett, lead software engineer at Rapid7.
Individual KB articles indicate that partially patched Office installations will be blocked from starting until the correct patches have been installed.
