Microsoft Monthly Security Update – 14 February 2024

In Cyber Security by Matsco Engineering Team

 

Microsoft have released a security advisory on the 14th of February 2024 in line with their regular monthly patch schedule which includes a number of updates to address nine (9) Medium Risk and one (1) Low Risk vulnerabilities. 

These updates address vulnerabilities which may impact services through Denial of Service, Elevation of Privilege, Remote Code Execution, Security Restriction Bypass, Information Disclosure and Spoofing. 

For more information please see: Microsoft Security Update

This release consists of security updates for the following products, features and roles:

  • Azure DevOps
  • Microsoft Office
  • Azure Stack
  • Windows Hyper-V
  • Skype for Business
  • Trusted Compute Base
  • Microsoft Defender for Endpoint
  • Microsoft Dynamics
  • Azure Connected Machine Agent
  • Windows Kernel
  • Windows USB Serial Driver
  • Role: DNS Server
  • Windows Internet Connection Sharing (ICS)
  • Windows Win32K - ICOMP
  • SQL Server
  • Microsoft ActiveX
  • Microsoft WDAC OLE DB provider for SQL
  • Windows SmartScreen
  • Microsoft WDAC ODBC Driver
  • Windows Message Queuing
  • Windows LDAP - Lightweight Directory Access Protocol
  • Azure Site Recovery
  • Windows OLE
  • Microsoft Teams for Android
  • Microsoft Azure Kubernetes Service
  • Microsoft Windows DNS
  • Microsoft Office Outlook
  • Microsoft Office Word
  • Azure Active Directory
  • Microsoft Office OneNote
  • .NET
  • Azure File Sync
  • Microsoft Edge (Chromium-based)
  • Microsoft Windows
  • Microsoft Exchange Server
  • Internet Shortcut Files

 

CVE-2024-21351 is being exploited in the wild and the vulnerability allows a malicious actor to inject code into SmartScreen and potentially gain code execution capability, which could potentially lead to some data exposure, lack of system availability, or both.

CVE-2024-21412  is being exploited in the wild and the vulnerability could bypass Mark of the Web (MoTW) warnings in Windows.

Matsco recommends any affected systems are updated as soon as convenient 

Please contact the Matsco Solutions team on the below if you would like any further information or would like to schedule a maintenance.

support@matscosolutions.com

Beijing  +86 400 120 2782
Hong Kong  +852 8101 8418
London   +44 (0)20 7821 4950
New York  +1 866 446 9226
Singapore  +65 6100 1090

Share this Post