Report Name: Microsoft Patch Tuesday, February 2024
Generated: 2024-03-05 20:50:35

Product Name	Prevalence	U	C	H	M	L	A	Comment
Windows Kernel	0.9		1	2	3		6	Windows Kernel
Windows Win32k	0.9			1			1	The Win32k.sys driver is the kernel side of some core parts of the Windows subsystem. Its main functionality is the GUI of Windows; it's responsible for window management.
Chromium	0.8		1	4	16		21	Chromium is a free and open-source web browser project, mainly developed and maintained by Google
Microsoft Edge	0.8			4	6		10	Web browser
Microsoft Office	0.8			1			1	Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer
Windows DNS	0.8				1		1	Windows component
Windows DNS Client	0.8				1		1	Windows component
Windows Lightweight Directory Access Protocol (LDAP)	0.8				1		1	Windows component
Windows Network Address Translation (NAT)	0.8				2		2	Windows component
Windows OLE	0.8			1			1	Windows component
Windows Pragmatic General Multicast (PGM)	0.8			1			1	Windows component
Windows Printing Service	0.8				1		1	Windows component
Windows SmartScreen	0.8		1				1	SmartScreen is a cloud-based anti-phishing and anti-malware component included in several Microsoft products, including operating systems Windows 8 and later, the applications Internet Explorer, Microsoft Edge
Windows USB Generic Parent Driver	0.8			1			1	Windows component
.NET	0.7			2			2	.NET
Microsoft Outlook	0.6		1		2		3	Microsoft Outlook is a personal information manager software system from Microsoft, available as a part of the Microsoft 365 software suites
Microsoft Word	0.6				1		1	Microsoft Word is a widely used commercial word processor developed by Microsoft. It is a component of the Microsoft Office suite of productivity software but can also be purchased as a standalone product.
Skype for Business	0.6				1		1	Skype for Business
Windows Hyper-V	0.6				1		1	Hardware virtualization component of the client editions of Windows NT
Adobe Systems Incorporated: CVE-2024-20721 Improper Input Validation	0.5				1		1	Adobe Systems Incorporated: CVE-2024-20721 Improper Input Validation
Azure Connected Machine Agent	0.5				1		1	Azure Connected Machine Agent
Azure DevOps Server	0.5				1		1	Azure DevOps Server
Azure Stack Hub	0.5				1		1	Azure Stack Hub
Dynamics 365 Field Service	0.5				1		1	Dynamics 365 Field Service
Dynamics 365 Sales	0.5				2		2	Dynamics 365 Sales
Internet Connection Sharing (ICS)	0.5				1		1	Internet Connection Sharing (ICS)
Internet Shortcut Files	0.5		1				1	Internet Shortcut Files
Microsoft ActiveX Data Objects	0.5			1			1	Microsoft ActiveX Data Objects
Microsoft Azure Active Directory B2C	0.5				1		1	Microsoft Azure Active Directory B2C
Microsoft Azure File Sync	0.5				1		1	Microsoft Azure File Sync
Microsoft Azure Kubernetes Service Confidential Container	0.5			2			2	Microsoft Azure Kubernetes Service Confidential Container
Microsoft Azure Site Recovery	0.5			1			1	Microsoft Azure Site Recovery
Microsoft Dynamics 365 (on-premises)	0.5				3		3	Microsoft Dynamics 365 (on-premises)
Microsoft Dynamics 365 Customer Engagement	0.5				1		1	Microsoft Dynamics 365 Customer Engagement
Microsoft Dynamics Business Central/NAV	0.5				1		1	Microsoft Dynamics Business Central/NAV
Microsoft Entra Jira Single-Sign-On Plugin	0.5			1			1	Microsoft Entra Jira Single-Sign-On Plugin
Microsoft Exchange	0.5		1				1	Microsoft Exchange
Microsoft Message Queuing (MSMQ)	0.5				4		4	Microsoft Message Queuing (MSMQ)
Microsoft ODBC Driver	0.5			1			1	Microsoft ODBC Driver
Microsoft Office OneNote	0.5				1		1	Microsoft Office OneNote
Microsoft Teams for Android	0.5				1		1	Microsoft Teams for Android
Microsoft WDAC ODBC Driver	0.5			1			1	Microsoft WDAC ODBC Driver
Microsoft WDAC OLE DB provider for SQL Server	0.5			15			15	Microsoft WDAC OLE DB provider for SQL Server
Trusted Compute Base	0.5				1		1	Trusted Compute Base
dnsmasq	0.5		1				1	Product detected by a:thekelleys:dnsmasq (exists in CPE dict)

Vulnerability Type	Criticality	U	C	H	M	L	A
Remote Code Execution	1.0		1	26	5		32
Security Feature Bypass	0.9		2	4	6		12
Elevation of Privilege	0.85		2	7	10		19
Information Disclosure	0.83				6		6
Cross Site Scripting	0.8				4		4
Denial of Service	0.7		1	2	6		9
Incorrect Calculation	0.5				1		1
Memory Corruption	0.5		1		9		10
Spoofing	0.4				10		10
Unknown Vulnerability Type	0				1		1

Source	U	C	H	M	L	A
MS PT Extended		1	8	23		32
Qualys		5	3	5		13
Tenable		5	2	4		11
Rapid7		4	1			5
ZDI		4	1			5

Urgent (0)

Critical (7)

1. Elevation of Privilege - Microsoft Exchange (CVE-2024-21410) - Critical [797]

Description: Microsoft Exchange Server Elevation of Privilege Vulnerability

Qualys: CVE-2024-21410: Microsoft Exchange Server Elevation of Privilege Vulnerability Microsoft updated the advisory on Feb 14, 2024, mentioning the active exploitation of the vulnerability. Microsoft Exchange Server is a platform that offers email, calendaring, contact, scheduling, and collaboration features. It runs exclusively on Windows Server operating systems and is designed to be accessed from mobile devices, desktops, and web-based systems. An attacker could use an NTLM credentials-leaking type vulnerability to target an NTLM client, like Outlook. The compromised credentials can then be used to access the Exchange server as the victim’s client and act on the server on the victim’s behalf. Successful exploitation of the vulnerability may allow an attacker to relay a user’s leaked Net-NTLMv2 hash against a vulnerable Exchange Server and authenticate as the user. CISA has acknowledged the active exploitation of the vulnerability by adding this to its Known Exploited Vulnerabilities Catalog. CISA has requested users to patch it before March 7, 2024.

Tenable: Update February 15: The blog has been updated for CVE-2024-21413, which Microsoft had mistakenly added the "exploitation detected" tag in their advisory for a short period on February 14. In addition, CVE-2024-21410 has been updated to indicate that is has been exploited.

Tenable: CVE-2024-21410 | Microsoft Exchange Server Elevation of Privilege Vulnerability

Tenable: CVE-2024-21410 is a critical EoP vulnerability with a CVSSv3 score of 9.8 and is rated “Exploitation More Likely” according to the Microsoft Exploitability Index. Successful exploitation of this flaw would allow an attacker to relay a New Technology LAN Manager Version 2 (NTLMv2) hash against a vulnerable server. NTLM hashes could be abused in NTLM relay or pass-the-hash attacks to further an attacker's foothold into an organization. On February 14, Microsoft updated their advisory to note that this vulnerability has been exploited, making this the third zero-day vulnerability for this months Patch Tuesday release.

Tenable: At the time this blog was published, no known exploitation has been observed for CVE-2024-21410. However with the update to the advisory on February 14 to indicate that exploitation has been detected, this is a vulnerability to remediate as quickly as possible.

Rapid7: Exchange admins may have enjoyed a rare two-month break from patching, but this month sees the publication of CVE-2024-21410, a critical elevation of privilege vulnerability in Exchange. Microsoft explains that an attacker could use NTLM credentials previously acquired via another means to act as the victim on the Exchange server using an NTLM relay attack. One possible avenue for that credential acquisition: an NTLM credential-leaking vulnerability in Outlook such as CVE-2023-36761, which Rapid7 wrote about back in September 2023.

Rapid7: Compounding the concern for defenders: Exchange 2016 is listed as affected, but no patch is yet listed on the CVE-2024-21410 advisory. Exchange 2019 patches are available for CU13 and the newly minted CU14 series. According to Microsoft, Exchange installations where Extended Protection for Authentication (EPA) is already enabled are protected, although Microsoft strongly recommends installing the latest Cumulative Update. Further resources are provided on the advisory, including Microsoft’s generic guidance on mitigating Pass the Hash-style attacks, as well as Microsoft’s Exchange Server Health Checker script, which includes an overview of EPA status. The Exchange 2019 CU14 update series enables EPA by default.

Rapid7: A day after initial publication, Microsoft updated the advisory for CVE-2024-21410 to indicate that they had in fact previously been aware of exploitation.

Rapid7: 2024-02-14: Updated Exchange vulnerability CVE-2024-21410 after Microsoft adjusted the advisory to indicate that they were aware of in-the-wild exploitation.

ZDI: CVE-2024-21410 – Microsoft Exchange Server Elevation of Privilege Vulnerability. *Note: On February 14, Microsoft updated their advisory to indicate this bug is being actively exploited in the wild

2. Security Feature Bypass - Internet Shortcut Files (CVE-2024-21412) - Critical [770]

Description: Internet Shortcut Files Security Feature Bypass Vulnerability

Qualys: CVE-2024-21412: Internet Shortcut Files Security Feature Bypass Vulnerability An internet shortcut file is a small file that contains a target URI or GUID to an object or the name of a target program file. Internet shortcuts are typically text files with the .URL extension. An unauthenticated attacker may exploit the vulnerability by sending the targeted user a specially crafted file to bypass displayed security checks. However, the attacker would have no way to force a user to view the attacker-controlled content. Instead, the attacker must convince them to act by clicking the file link. CISA has acknowledged the active exploitation of the vulnerability by adding this to its Known Exploited Vulnerabilities Catalog. CISA has requested users to patch it before March 5, 2024.

Tenable: Microsoft’s February 2024 Patch Tuesday Addresses 73 CVEs (CVE-2024-21351, CVE-2024-21412)

Tenable: CVE-2024-21412 | Internet Shortcut Files Security Feature Bypass Vulnerability

Tenable: CVE-2024-21412 is a security feature bypass in Internet Shortcut Files. It was assigned a CVSSv3 score of 8.1 and is rated important. Exploitation of this flaw requires an attacker to convince their intended target to open a malicious Internet Shortcut File using social engineering.

Rapid7: If further evidence were ever needed that clicking Internet Shortcut files from unknown sources is typically a bad idea, CVE-2024-21412 provides it. An attacker who convinces a user to open a malicious Internet Shortcut file can bypass the typical dialog which warns that “files from the internet can potentially harm your computer”. Microsoft notes that it has seen exploitation in the wild, although the requirement for user interaction helps keep the severity rating below critical, both for CVSS and Microsoft’s proprietary ranking system.

ZDI: CVE-2024-21412 – Internet Shortcut Files Security Feature Bypass Vulnerability. This is the bug found by Peter Girnus and the rest of the ZDI Threat Hunting team. I won’t go into great detail about the technical aspects of the bug because my colleagues at Trend Micro Research have already done that here. The video above also provides some context and a demonstration of the vulnerability. This bug is currently targeting forex traders with a remote access trojan through forum posts and responses, but we expect it to spread now that it is publicly known. Trend Micro customers are already protected by various filters and virtual patches, but everyone else should test and deploy this fix as soon as possible.

3. Elevation of Privilege - Windows Kernel (CVE-2024-21338) - Critical [768]

Description: Windows Kernel Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-21378 is a remote code execution vulnerability in Microsoft Outlook. To exploit the vulnerability, the attacker must be authenticated with LAN-access and have credentials for a valid Exchange user. An attacker may exploit the vulnerability by sending a malicious file and convincing the user to open it. On successful exploitation, an attacker could gain high privileges, which include read, write, and delete functionality.  CVE-2024-21346 is an elevation of privilege vulnerability in Win32k. An attacker may exploit the vulnerability to gain SYSTEM privileges.  CVE-2024-21379 is a remote code execution vulnerability in Microsoft Word. On successful exploitation, an attacker could gain high privileges, which include read, write, and delete functionality. CVE-2024-21345 is an elevation of privilege vulnerability in Windows Kernel. An authenticated attacker could run a specially crafted application and give them control of the targeted destination and source of the copy. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-21371 is an elevation of privilege vulnerability in Windows Kernel. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-21338 is an elevation of privilege vulnerability in Windows Kernel. An attacker must first log on to the system to exploit this vulnerability. After that, an attacker could run a specially crafted application to exploit the vulnerability and take control of an affected system.

Tenable: CVE-2024-21338, CVE-2024-21345 and CVE-2024-21371 | Windows Kernel Elevation of Privilege Vulnerability

Tenable: CVE-2024-21338, CVE-2024-21345 and CVE-2024-21371 are EoP vulnerabilities affecting the Windows Kernel. The vulnerabilities were each given different CVSSv3 scores varying from 8.8 for CVE-2024-21345 to 7.0 for CVE-2024-21371 with each rated as “Exploitation More Likely.” An attacker could exploit these vulnerabilities as part of post-compromise activity to elevate privileges to SYSTEM.

4. Security Feature Bypass - Windows SmartScreen (CVE-2024-21351) - Critical [698]

Description: Windows SmartScreen Security Feature Bypass Vulnerability

Qualys: CVE-2024-21351: Windows SmartScreen Security Feature Bypass Vulnerability Windows SmartScreen is a security feature in Microsoft Windows operating systems that protects against malicious software and websites. SmartScreen is a background application that employs a cloud-based component to scan web pages you visit for security risks updated regularly. To exploit the vulnerability, an authenticated attacker must send a specially crafted malicious file compromised by them. An attacker may exploit the vulnerability to bypass the SmartScreen user experience. The vulnerability could allow a malicious attacker to inject code into SmartScreen and potentially gain code execution, potentially leading to data exposure, lack of system availability, or both. CISA has acknowledged the active exploitation of the vulnerability by adding this to its Known Exploited Vulnerabilities Catalog. CISA has requested users to patch it before March 5, 2024.

Tenable: Microsoft’s February 2024 Patch Tuesday Addresses 73 CVEs (CVE-2024-21351, CVE-2024-21412)

Tenable: CVE-2024-21351 | Windows SmartScreen Security Feature Bypass Vulnerability

Tenable: CVE-2024-21351 is a security feature bypass vulnerability in Windows SmartScreen. It was assigned a CVSSv3 score of 7.6 and is rated moderate. An attacker could exploit this vulnerability by convincing a target to open a malicious file. Successful exploitation would bypass SmartScreen security features. According to Microsoft, this vulnerability has been exploited in the wild as a zero-day, though no specific details about exploitation were available at the time this blog was published.

Rapid7: CVE-2024-21351 describes a security feature bypass vulnerability in Windows SmartScreen. Microsoft has already seen evidence of exploitation in the wild. Successful exploitation requires that the attacker convince the user to open a malicious file. Successful exploitation bypasses the SmartScreen user experience and potentially allows code injection into SmartScreen to achieve remote code execution. Of interest: other critical SmartScreen bypass vulnerabilities from the past couple of years (e.g. CVE-2023-36025 from November 2023) have not included language describing code injection into SmartScreen itself, focusing instead on the security feature bypass only. Microsoft’s own researchers reported both CVE-2024-21351 and CVE-2023-36025.

ZDI: CVE-2024-21351 – Windows SmartScreen Security Feature Bypass Vulnerability. This is the other actively exploited bug being patched this month, and it appears to be very similar to the previous ITW exploit. Windows uses Mark-of-the-Web (MotW) to distinguish files that originate from an untrusted location. SmartScreen bypasses in Windows Defender allow attackers to evade this inspection and run code in the background. Microsoft does not indicate how widespread these attacks may be but you should expect exploits to increase as threat actors add this to their toolkits. Again, test and deploy this update quickly.

5. Remote Code Execution - Microsoft Outlook (CVE-2024-21413) - Critical [695]

Description: Microsoft Outlook Remote Code Execution Vulnerability

Qualys: CVE-2024-21413: Microsoft Office Remote Code Execution Vulnerability An attacker who exploits the vulnerability may bypass the Office Protected View and open it in editing instead of the protected mode. An attacker could gain high privileges, which include read, write, and delete functionality.

Tenable: Update February 15: The blog has been updated for CVE-2024-21413, which Microsoft had mistakenly added the "exploitation detected" tag in their advisory for a short period on February 14. In addition, CVE-2024-21410 has been updated to indicate that is has been exploited.

Tenable: CVE-2024-21413 | Microsoft Outlook Remote Code Execution Vulnerability

Tenable: CVE-2024-21413 is a RCE vulnerability affecting Microsoft Outlook. This flaw was originally rated as “Exploitation Less Likely” when released by Microsoft on February 13. However on February 14, Microsoft updated the advisory to note that this RCE had been exploited in the wild as a zero-day. Later on the same day, Microsoft updated the advisory again, removing the "Exploitation Detected" tag and revising the advisory to reflect the exploitability as "Exploitation Unlikely."

Rapid7: Microsoft Office typically shields users from a variety of attacks by opening files with Mark of the Web in Protected View, which means Office will render the document without fetching potentially malicious external resources. CVE-2024-21413 is a critical RCE vulnerability in Office which allows an attacker to cause a file to open in editing mode as though the user had agreed to trust the file. The Outlook Preview Pane is listed as an attack vector, and no user interaction is required. Microsoft assesses this vulnerability as a critical CVSSv3 base score of 9.8, as well as critical under their own proprietary severity ranking scale. Administrators responsible for Office 2016 installations who apply patches outside of Microsoft Update should note that the advisory lists no fewer than five separate patches which must be installed to achieve remediation of CVE-2024-21413; individual update KB articles further note that partially-patched Office installations will be blocked from starting until the correct combination of patches has been installed.

ZDI: CVE-2024-21413 – Microsoft Outlook Remote Code Execution Vulnerability. *Note: On February 14, Microsoft updated their advisory to indicate this bug is being actively exploited in the wild - then they changed the bulletin again and said it wasn’t

6. Denial of Service - dnsmasq (CVE-2023-50387) - Critical [613]

Description: Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.

7. Memory Corruption - Chromium (CVE-2024-0519) - Critical [603]

Description: Chromium: CVE-2024-0519 Out of bounds memory access in V8. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware of reports that an exploit for CVE-2024-0519 exists in the wild.

MS PT Extended: CVE-2024-0519 was published before February 2024 Patch Tuesday from 2024-01-10 to 2024-02-12

High (39)

8. Remote Code Execution - Microsoft Edge (CVE-2024-21399) - High [502]

Description: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

MS PT Extended: CVE-2024-21399 was published before February 2024 Patch Tuesday from 2024-01-10 to 2024-02-12

9. Remote Code Execution - Microsoft Azure Kubernetes Service Confidential Container (CVE-2024-21376) - High [497]

Description: Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability

10. Elevation of Privilege - Microsoft Entra Jira Single-Sign-On Plugin (CVE-2024-21401) - High [494]

Description: Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability

11. Remote Code Execution - Windows OLE (CVE-2024-21372) - High [478]

Description: Windows OLE Remote Code Execution Vulnerability

12. Elevation of Privilege - Microsoft Azure Kubernetes Service Confidential Container (CVE-2024-21403) - High [470]

Description: Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

13. Remote Code Execution - Chromium (CVE-2024-0517) - High [454]

Description: Chromium: CVE-2024-0517 Out of bounds write in V8. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-0517 was published before February 2024 Patch Tuesday from 2024-01-10 to 2024-02-12

14. Remote Code Execution - Windows Pragmatic General Multicast (PGM) (CVE-2024-21357) - High [454]

Description: Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

Qualys: CVE-2024-21357: Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability Pragmatic General Multicast (PGM), a.k.a. ‘reliable multicast,’ is a scalable receiver-reliable protocol. PGM allows receivers to detect loss, request retransmission of lost data, or notify an application of unrecoverable loss. PGM is best suited for applications that require duplicate-free multicast data delivery from multiple sources to multiple receivers. This vulnerability can only be exploited on the systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network. An attacker must take additional actions before exploitation to prepare the target environment.

Rapid7: Microsoft is patching CVE-2024-21357, a flaw in Windows Pragmatic General Multicast (PGM). When thus vulnerability was first published on Patch Tuesday, the CVSSv3 base score was a relatively mild 7.5, but a day later Microsoft adjusted the CVSSv3 base score so that the Attack Vector was switched from Adjacent to Network, which bumps the CVSSv3 base score up to 8.1. Exploitability language in the FAQ was adjusted from "limited to systems on the same network switch or virtual network" to "Windows Pragmatic General Multicast (PGM) produces multicast traffic that runs on layer 4 and is routable. Therefore this vulnerability can be exploited over the network". This adjustment — which the advisory rather optimistically describes as an informational change only — increases the potential risk posed by CVE-2024-21357.

Rapid7: Unsurprisingly, Microsoft rates CVE-2024-21357 as critical under its own proprietary severity scale. A discrepancy between the two severity ranking systems is always worth noting, and this has quickly proven to be the case here.

Rapid7: 2024-02-14: Updated Windows PGM vulnerability CVE-2024-21357 after Microsoft adjusted the advisory to indicate that this vulnerability is exploitable across different networks, when they had previously indicated that attacks would be limited to the same network switch or VLAN.

15. Elevation of Privilege - Microsoft Edge (CVE-2024-21326) - High [451]

Description: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

MS PT Extended: CVE-2024-21326 was published before February 2024 Patch Tuesday from 2024-01-10 to 2024-02-12

16. Elevation of Privilege - Microsoft Azure Site Recovery (CVE-2024-21364) - High [447]

Description: Microsoft Azure Site Recovery Elevation of Privilege Vulnerability

17. Denial of Service - .NET (CVE-2024-21386) - High [441]

Description: .NET Denial of Service Vulnerability

18. Denial of Service - .NET (CVE-2024-21404) - High [441]

Description: .NET Denial of Service Vulnerability

19. Remote Code Execution - Windows Kernel (CVE-2024-21341) - High [435]

Description: Windows Kernel Remote Code Execution Vulnerability

Tenable: |CVE-2024-21341||Windows Kernel Remote Code Execution Vulnerability||6.8|

20. Remote Code Execution - Microsoft Office (CVE-2024-20673) - High [430]

Description: Microsoft Office Remote Code Execution Vulnerability

ZDI: Moving on to the other code execution bugs, SQL clients are having a moment with 18 different patches. Thankfully, each of these bugs requires an affected client to connect to a malicious SQL Server, so practical exploitation is unlikely without significant social engineering. It’s the same scenario for the bug in ActiveX, too. The more concerning bugs are in Word and Outlook and have the Preview Pane as an attack vector. Word bugs are typically open-and-own, but having one that hits in the Preview Pane is definitely a rarity. The other RCEs in Office components are more traditional, but CVE-2024-20673 also requires users of the 32- and 64-bit versions of Office 2016 to install multiple updates to be protected. Speaking of extra steps, there are additional actions required to address the bug in the Azure Kubernetes Service. As stated by Microsoft in the bulletin:. Customers who do not have

21. Remote Code Execution - Microsoft WDAC ODBC Driver (CVE-2024-21353) - High [428]

Description: Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability

22. Elevation of Privilege - Microsoft Edge (CVE-2024-21385) - High [427]

Description: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

MS PT Extended: CVE-2024-21385 was published before February 2024 Patch Tuesday from 2024-01-10 to 2024-02-12

23. Security Feature Bypass - Chromium (CVE-2024-0804) - High [425]

Description: Chromium: CVE-2024-0804 Insufficient policy enforcement in iOS Security UI. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-0804 was published before February 2024 Patch Tuesday from 2024-01-10 to 2024-02-12

24. Elevation of Privilege - Windows Kernel (CVE-2024-21345) - High [420]

Description: Windows Kernel Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-21378 is a remote code execution vulnerability in Microsoft Outlook. To exploit the vulnerability, the attacker must be authenticated with LAN-access and have credentials for a valid Exchange user. An attacker may exploit the vulnerability by sending a malicious file and convincing the user to open it. On successful exploitation, an attacker could gain high privileges, which include read, write, and delete functionality.  CVE-2024-21346 is an elevation of privilege vulnerability in Win32k. An attacker may exploit the vulnerability to gain SYSTEM privileges.  CVE-2024-21379 is a remote code execution vulnerability in Microsoft Word. On successful exploitation, an attacker could gain high privileges, which include read, write, and delete functionality. CVE-2024-21345 is an elevation of privilege vulnerability in Windows Kernel. An authenticated attacker could run a specially crafted application and give them control of the targeted destination and source of the copy. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-21371 is an elevation of privilege vulnerability in Windows Kernel. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-21338 is an elevation of privilege vulnerability in Windows Kernel. An attacker must first log on to the system to exploit this vulnerability. After that, an attacker could run a specially crafted application to exploit the vulnerability and take control of an affected system.

Tenable: CVE-2024-21338, CVE-2024-21345 and CVE-2024-21371 | Windows Kernel Elevation of Privilege Vulnerability

Tenable: CVE-2024-21338, CVE-2024-21345 and CVE-2024-21371 are EoP vulnerabilities affecting the Windows Kernel. The vulnerabilities were each given different CVSSv3 scores varying from 8.8 for CVE-2024-21345 to 7.0 for CVE-2024-21371 with each rated as “Exploitation More Likely.” An attacker could exploit these vulnerabilities as part of post-compromise activity to elevate privileges to SYSTEM.

25. Remote Code Execution - Microsoft ActiveX Data Objects (CVE-2024-21349) - High [416]

Description: Microsoft ActiveX Data Objects Remote Code Execution Vulnerability

26. Remote Code Execution - Microsoft WDAC OLE DB provider for SQL Server (CVE-2024-21350) - High [416]

Description: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

27. Remote Code Execution - Microsoft WDAC OLE DB provider for SQL Server (CVE-2024-21352) - High [416]

Description: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

28. Remote Code Execution - Microsoft WDAC OLE DB provider for SQL Server (CVE-2024-21358) - High [416]

Description: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

29. Remote Code Execution - Microsoft WDAC OLE DB provider for SQL Server (CVE-2024-21359) - High [416]

Description: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

30. Remote Code Execution - Microsoft WDAC OLE DB provider for SQL Server (CVE-2024-21360) - High [416]

Description: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

31. Remote Code Execution - Microsoft WDAC OLE DB provider for SQL Server (CVE-2024-21361) - High [416]

Description: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

32. Remote Code Execution - Microsoft WDAC OLE DB provider for SQL Server (CVE-2024-21365) - High [416]

Description: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

33. Remote Code Execution - Microsoft WDAC OLE DB provider for SQL Server (CVE-2024-21366) - High [416]

Description: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

34. Remote Code Execution - Microsoft WDAC OLE DB provider for SQL Server (CVE-2024-21367) - High [416]

Description: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

35. Remote Code Execution - Microsoft WDAC OLE DB provider for SQL Server (CVE-2024-21368) - High [416]

Description: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

36. Remote Code Execution - Microsoft WDAC OLE DB provider for SQL Server (CVE-2024-21369) - High [416]

Description: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

37. Remote Code Execution - Microsoft WDAC OLE DB provider for SQL Server (CVE-2024-21370) - High [416]

Description: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

38. Remote Code Execution - Microsoft WDAC OLE DB provider for SQL Server (CVE-2024-21375) - High [416]

Description: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

39. Remote Code Execution - Microsoft WDAC OLE DB provider for SQL Server (CVE-2024-21391) - High [416]

Description: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

40. Remote Code Execution - Microsoft WDAC OLE DB provider for SQL Server (CVE-2024-21420) - High [416]

Description: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

41. Security Feature Bypass - Chromium (CVE-2024-0814) - High [413]

Description: Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

MS PT Extended: CVE-2024-0814 was published before February 2024 Patch Tuesday from 2024-01-10 to 2024-02-12

42. Security Feature Bypass - Microsoft Edge (CVE-2024-20675) - High [413]

Description: Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

MS PT Extended: CVE-2024-20675 was published before February 2024 Patch Tuesday from 2024-01-10 to 2024-02-12

43. Elevation of Privilege - Windows Win32k (CVE-2024-21346) - High [408]

Description: Win32k Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-21378 is a remote code execution vulnerability in Microsoft Outlook. To exploit the vulnerability, the attacker must be authenticated with LAN-access and have credentials for a valid Exchange user. An attacker may exploit the vulnerability by sending a malicious file and convincing the user to open it. On successful exploitation, an attacker could gain high privileges, which include read, write, and delete functionality.  CVE-2024-21346 is an elevation of privilege vulnerability in Win32k. An attacker may exploit the vulnerability to gain SYSTEM privileges.  CVE-2024-21379 is a remote code execution vulnerability in Microsoft Word. On successful exploitation, an attacker could gain high privileges, which include read, write, and delete functionality. CVE-2024-21345 is an elevation of privilege vulnerability in Windows Kernel. An authenticated attacker could run a specially crafted application and give them control of the targeted destination and source of the copy. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-21371 is an elevation of privilege vulnerability in Windows Kernel. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-21338 is an elevation of privilege vulnerability in Windows Kernel. An attacker must first log on to the system to exploit this vulnerability. After that, an attacker could run a specially crafted application to exploit the vulnerability and take control of an affected system.

44. Remote Code Execution - Windows USB Generic Parent Driver (CVE-2024-21339) - High [407]

Description: Windows USB Generic Parent Driver Remote Code Execution Vulnerability

45. Remote Code Execution - Microsoft ODBC Driver (CVE-2024-21347) - High [404]

Description: Microsoft ODBC Driver Remote Code Execution Vulnerability

46. Security Feature Bypass - Chromium (CVE-2024-20709) - High [401]

Description: {'ms_cve_data_all': 'Adobe Systems Incorporated: CVE-2024-20709 Javascript Implementation PDF Vulnerability. This CVE was assigned by Adobe Systems Incorporated. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': 'Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2024-20709 was published before February 2024 Patch Tuesday from 2024-01-10 to 2024-02-12

Medium (58)

47. Elevation of Privilege - Windows Kernel (CVE-2024-21371) - Medium [397]

Description: Windows Kernel Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-21378 is a remote code execution vulnerability in Microsoft Outlook. To exploit the vulnerability, the attacker must be authenticated with LAN-access and have credentials for a valid Exchange user. An attacker may exploit the vulnerability by sending a malicious file and convincing the user to open it. On successful exploitation, an attacker could gain high privileges, which include read, write, and delete functionality.  CVE-2024-21346 is an elevation of privilege vulnerability in Win32k. An attacker may exploit the vulnerability to gain SYSTEM privileges.  CVE-2024-21379 is a remote code execution vulnerability in Microsoft Word. On successful exploitation, an attacker could gain high privileges, which include read, write, and delete functionality. CVE-2024-21345 is an elevation of privilege vulnerability in Windows Kernel. An authenticated attacker could run a specially crafted application and give them control of the targeted destination and source of the copy. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-21371 is an elevation of privilege vulnerability in Windows Kernel. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-21338 is an elevation of privilege vulnerability in Windows Kernel. An attacker must first log on to the system to exploit this vulnerability. After that, an attacker could run a specially crafted application to exploit the vulnerability and take control of an affected system.

Tenable: CVE-2024-21338, CVE-2024-21345 and CVE-2024-21371 | Windows Kernel Elevation of Privilege Vulnerability

Tenable: CVE-2024-21338, CVE-2024-21345 and CVE-2024-21371 are EoP vulnerabilities affecting the Windows Kernel. The vulnerabilities were each given different CVSSv3 scores varying from 8.8 for CVE-2024-21345 to 7.0 for CVE-2024-21371 with each rated as “Exploitation More Likely.” An attacker could exploit these vulnerabilities as part of post-compromise activity to elevate privileges to SYSTEM.

48. Remote Code Execution - Microsoft Word (CVE-2024-21379) - Medium [397]

Description: Microsoft Word Remote Code Execution Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-21378 is a remote code execution vulnerability in Microsoft Outlook. To exploit the vulnerability, the attacker must be authenticated with LAN-access and have credentials for a valid Exchange user. An attacker may exploit the vulnerability by sending a malicious file and convincing the user to open it. On successful exploitation, an attacker could gain high privileges, which include read, write, and delete functionality.  CVE-2024-21346 is an elevation of privilege vulnerability in Win32k. An attacker may exploit the vulnerability to gain SYSTEM privileges.  CVE-2024-21379 is a remote code execution vulnerability in Microsoft Word. On successful exploitation, an attacker could gain high privileges, which include read, write, and delete functionality. CVE-2024-21345 is an elevation of privilege vulnerability in Windows Kernel. An authenticated attacker could run a specially crafted application and give them control of the targeted destination and source of the copy. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-21371 is an elevation of privilege vulnerability in Windows Kernel. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-21338 is an elevation of privilege vulnerability in Windows Kernel. An attacker must first log on to the system to exploit this vulnerability. After that, an attacker could run a specially crafted application to exploit the vulnerability and take control of an affected system.

49. Security Feature Bypass - Windows Kernel (CVE-2024-21362) - Medium [394]

Description: Windows Kernel Security Feature Bypass Vulnerability

Tenable: |CVE-2024-21362||Windows Kernel Security Feature Bypass Vulnerability||5.5|

50. Elevation of Privilege - Microsoft Edge (CVE-2024-21388) - Medium [392]

Description: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

MS PT Extended: CVE-2024-21388 was published before February 2024 Patch Tuesday from 2024-01-10 to 2024-02-12

51. Elevation of Privilege - Microsoft Azure File Sync (CVE-2024-21397) - Medium [387]

Description: Microsoft Azure File Sync Elevation of Privilege Vulnerability

52. Remote Code Execution - Microsoft Outlook (CVE-2024-21378) - Medium [385]

Description: Microsoft Outlook Remote Code Execution Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-21378 is a remote code execution vulnerability in Microsoft Outlook. To exploit the vulnerability, the attacker must be authenticated with LAN-access and have credentials for a valid Exchange user. An attacker may exploit the vulnerability by sending a malicious file and convincing the user to open it. On successful exploitation, an attacker could gain high privileges, which include read, write, and delete functionality.  CVE-2024-21346 is an elevation of privilege vulnerability in Win32k. An attacker may exploit the vulnerability to gain SYSTEM privileges.  CVE-2024-21379 is a remote code execution vulnerability in Microsoft Word. On successful exploitation, an attacker could gain high privileges, which include read, write, and delete functionality. CVE-2024-21345 is an elevation of privilege vulnerability in Windows Kernel. An authenticated attacker could run a specially crafted application and give them control of the targeted destination and source of the copy. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-21371 is an elevation of privilege vulnerability in Windows Kernel. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-21338 is an elevation of privilege vulnerability in Windows Kernel. An attacker must first log on to the system to exploit this vulnerability. After that, an attacker could run a specially crafted application to exploit the vulnerability and take control of an affected system.

Tenable: CVE-2024-21378 | Microsoft Outlook Remote Code Execution Vulnerability

Tenable: CVE-2024-21378 is a RCE vulnerability affecting Microsoft Outlook. This flaw is rated as “Exploitation More Likely” and was assigned a CVSSv3 score of 8.0. In order to exploit this flaw, an attacker would need to be authenticated with LAN-access and have a valid login for an Exchange user. If the attacker meets those requirements, they would then have to send their maliciously crafted file to a user and entice them to open it. According to Microsoft, the preview pane is an attack vector, meaning that simply previewing a specially crafted file can cause the exploit to trigger.

53. Information Disclosure - Windows Kernel (CVE-2024-21340) - Medium [381]

Description: Windows Kernel Information Disclosure Vulnerability

Tenable: |CVE-2024-21340||Windows Kernel Information Disclosure Vulnerability||4.6|

54. Remote Code Execution - Microsoft Office OneNote (CVE-2024-21384) - Medium [380]

Description: Microsoft Office OneNote Remote Code Execution Vulnerability

55. Denial of Service - Windows DNS Client (CVE-2024-21342) - Medium [377]

Description: Windows DNS Client Denial of Service Vulnerability

56. Incorrect Calculation - Chromium (CVE-2024-0808) - Medium [377]

Description: Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)

MS PT Extended: CVE-2024-0808 was published before February 2024 Patch Tuesday from 2024-01-10 to 2024-02-12

57. Memory Corruption - Chromium (CVE-2024-1283) - Medium [377]

Description: Chromium: CVE-2024-1283 Heap buffer overflow in Skia. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-1283 was published before February 2024 Patch Tuesday from 2024-01-10 to 2024-02-12

58. Memory Corruption - Chromium (CVE-2024-1284) - Medium [377]

Description: Chromium: CVE-2024-1284 Use after free in Mojo. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-1284 was published before February 2024 Patch Tuesday from 2024-01-10 to 2024-02-12

59. Security Feature Bypass - Chromium (CVE-2024-0333) - Medium [377]

Description: Chromium: CVE-2024-0333 Insufficient data validation in Extensions. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-0333 was published before February 2024 Patch Tuesday from 2024-01-10 to 2024-02-12

60. Security Feature Bypass - Chromium (CVE-2024-0809) - Medium [377]

Description: Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)

MS PT Extended: CVE-2024-0809 was published before February 2024 Patch Tuesday from 2024-01-10 to 2024-02-12

61. Information Disclosure - Windows DNS (CVE-2024-21377) - Medium [376]

Description: Windows DNS Information Disclosure Vulnerability

62. Cross Site Scripting - Microsoft Dynamics 365 (on-premises) (CVE-2024-21395) - Medium [369]

Description: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

63. Remote Code Execution - Azure DevOps Server (CVE-2024-20667) - Medium [369]

Description: Azure DevOps Server Remote Code Execution Vulnerability

64. Remote Code Execution - Microsoft Message Queuing (MSMQ) (CVE-2024-21363) - Medium [369]

Description: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

65. Elevation of Privilege - Microsoft Edge (CVE-2024-21337) - Medium [368]

Description: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

MS PT Extended: CVE-2024-21337 was published before February 2024 Patch Tuesday from 2024-01-10 to 2024-02-12

66. Memory Corruption - Chromium (CVE-2024-0518) - Medium [365]

Description: Chromium: CVE-2024-0518 Type Confusion in V8. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-0518 was published before February 2024 Patch Tuesday from 2024-01-10 to 2024-02-12

67. Memory Corruption - Chromium (CVE-2024-0806) - Medium [365]

Description: Chromium: CVE-2024-0806 Use after free in Passwords. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-0806 was published before February 2024 Patch Tuesday from 2024-01-10 to 2024-02-12

68. Memory Corruption - Chromium (CVE-2024-0807) - Medium [365]

Description: Chromium: CVE-2024-0807 Use after free in WebAudio. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-0807 was published before February 2024 Patch Tuesday from 2024-01-10 to 2024-02-12

69. Memory Corruption - Chromium (CVE-2024-1059) - Medium [365]

Description: Chromium: CVE-2024-1059 Use after free in WebRTC. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-1059 was published before February 2024 Patch Tuesday from 2024-01-10 to 2024-02-12

70. Memory Corruption - Chromium (CVE-2024-1060) - Medium [365]

Description: Chromium: CVE-2024-1060 Use after free in Canvas. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-1060 was published before February 2024 Patch Tuesday from 2024-01-10 to 2024-02-12

71. Memory Corruption - Chromium (CVE-2024-1077) - Medium [365]

Description: Chromium: CVE-2024-1077 Use after free in Network. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-1077 was published before February 2024 Patch Tuesday from 2024-01-10 to 2024-02-12

72. Security Feature Bypass - Chromium (CVE-2024-0810) - Medium [365]

Description: Chromium: CVE-2024-0810 Insufficient policy enforcement in DevTools. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-0810 was published before February 2024 Patch Tuesday from 2024-01-10 to 2024-02-12

73. Security Feature Bypass - Chromium (CVE-2024-0811) - Medium [365]

Description: Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)

MS PT Extended: CVE-2024-0811 was published before February 2024 Patch Tuesday from 2024-01-10 to 2024-02-12

74. Denial of Service - Windows Lightweight Directory Access Protocol (LDAP) (CVE-2024-21356) - Medium [353]

Description: Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

75. Denial of Service - Windows Network Address Translation (NAT) (CVE-2024-21343) - Medium [353]

Description: Windows Network Address Translation (NAT) Denial of Service Vulnerability

76. Denial of Service - Windows Network Address Translation (NAT) (CVE-2024-21344) - Medium [353]

Description: Windows Network Address Translation (NAT) Denial of Service Vulnerability

77. Memory Corruption - Chromium (CVE-2024-0813) - Medium [353]

Description: Chromium: CVE-2024-0813 Use after free in Reading Mode. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-0813 was published before February 2024 Patch Tuesday from 2024-01-10 to 2024-02-12

78. Information Disclosure - Microsoft Edge (CVE-2024-21382) - Medium [352]

Description: Microsoft Edge for Android Information Disclosure Vulnerability

MS PT Extended: CVE-2024-21382 was published before February 2024 Patch Tuesday from 2024-01-10 to 2024-02-12

79. Security Feature Bypass - Adobe Systems Incorporated: CVE-2024-20721 Improper Input Validation (CVE-2024-20721) - Medium [351]

Description: {'ms_cve_data_all': 'Adobe Systems Incorporated: CVE-2024-20721 Improper Input Validation Denial of Service Vulnerability', 'nvd_cve_data_all': 'Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2024-20721 was published before February 2024 Patch Tuesday from 2024-01-10 to 2024-02-12

80. Elevation of Privilege - Microsoft Outlook (CVE-2024-21402) - Medium [347]

Description: Microsoft Outlook Elevation of Privilege Vulnerability

81. Spoofing - Windows Printing Service (CVE-2024-21406) - Medium [347]

Description: Windows Printing Service Spoofing Vulnerability

82. Elevation of Privilege - Azure Connected Machine Agent (CVE-2024-21329) - Medium [342]

Description: Azure Connected Machine Agent Elevation of Privilege Vulnerability

83. Elevation of Privilege - Microsoft Message Queuing (MSMQ) (CVE-2024-21354) - Medium [342]

Description: Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability

84. Information Disclosure - Microsoft Dynamics Business Central/NAV (CVE-2024-21380) - Medium [338]

Description: Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability

Qualys: CVE-2024-21380: Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability Dynamics NAV is an enterprise resource planning (ERP) app that helps businesses with finance, manufacturing, customer relationship management (CRM), supply chains, analytics, and electronic commerce. Small and medium-sized companies and local subsidiaries of large international groups use it. An attacker must win a race condition to exploit the vulnerability. An authenticated attacker must convince a user to click on a specially crafted URL to be compromised by them. Successful exploitation of the vulnerability may allow an attacker to craft a payload enabling them to access sensitive user data, which could result in unauthorized access to the victim’s account or compromise of other confidential information.

85. Cross Site Scripting - Microsoft Dynamics 365 (on-premises) (CVE-2024-21389) - Medium [333]

Description: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

86. Cross Site Scripting - Microsoft Dynamics 365 (on-premises) (CVE-2024-21393) - Medium [333]

Description: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

87. Cross Site Scripting - Microsoft Dynamics 365 Customer Engagement (CVE-2024-21327) - Medium [333]

Description: Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability

88. Information Disclosure - Skype for Business (CVE-2024-20695) - Medium [331]

Description: Skype for Business Information Disclosure Vulnerability

89. Elevation of Privilege - Microsoft Message Queuing (MSMQ) (CVE-2024-21355) - Medium [330]

Description: Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability

90. Elevation of Privilege - Microsoft Message Queuing (MSMQ) (CVE-2024-21405) - Medium [330]

Description: Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability

91. Spoofing - Microsoft Azure Active Directory B2C (CVE-2024-21381) - Medium [330]

Description: Microsoft Azure Active Directory B2C Spoofing Vulnerability

92. Denial of Service - Windows Hyper-V (CVE-2024-20684) - Medium [320]

Description: Windows Hyper-V Denial of Service Vulnerability

Qualys: CVE-2024-20684: Windows Hyper-V Denial of Service Vulnerability Windows Hyper-V allows hardware virtualization. IT professionals and software developers use virtualization to test software on multiple operating systems. Hyper-V enables working professionals to perform these tasks smoothly. With the help of Hyper-V, one can create virtual hard drives, virtual switches, and numerous different virtual devices, all of which can be added to virtual machines. Successful exploitation of the vulnerability may allow a Hyper-V guest to affect the functionality of the Hyper-V host.

93. Denial of Service - Internet Connection Sharing (ICS) (CVE-2024-21348) - Medium [315]

Description: Internet Connection Sharing (ICS) Denial of Service Vulnerability

94. Information Disclosure - Microsoft Teams for Android (CVE-2024-21374) - Medium [314]

Description: Microsoft Teams for Android Information Disclosure Vulnerability

95. Elevation of Privilege - Trusted Compute Base (CVE-2024-21304) - Medium [294]

Description: Trusted Compute Base Elevation of Privilege Vulnerability

96. Spoofing - Chromium (CVE-2024-0805) - Medium [288]

Description: Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)

MS PT Extended: CVE-2024-0805 was published before February 2024 Patch Tuesday from 2024-01-10 to 2024-02-12

97. Spoofing - Microsoft Edge (CVE-2024-21387) - Medium [288]

Description: Microsoft Edge for Android Spoofing Vulnerability

MS PT Extended: CVE-2024-21387 was published before February 2024 Patch Tuesday from 2024-01-10 to 2024-02-12

98. Spoofing - Azure Stack Hub (CVE-2024-20679) - Medium [285]

Description: Azure Stack Hub Spoofing Vulnerability

99. Unknown Vulnerability Type - Chromium (CVE-2024-0812) - Medium [276]

Description: {'ms_cve_data_all': 'Chromium: CVE-2024-0812 Inappropriate implementation in Accessibility. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': 'Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2024-0812 was published before February 2024 Patch Tuesday from 2024-01-10 to 2024-02-12

100. Spoofing - Microsoft Edge (CVE-2024-21383) - Medium [264]

Description: Microsoft Edge (Chromium-based) Spoofing Vulnerability

MS PT Extended: CVE-2024-21383 was published before February 2024 Patch Tuesday from 2024-01-10 to 2024-02-12

101. Spoofing - Dynamics 365 Field Service (CVE-2024-21394) - Medium [261]

Description: Dynamics 365 Field Service Spoofing Vulnerability

102. Spoofing - Dynamics 365 Sales (CVE-2024-21328) - Medium [261]

Description: Dynamics 365 Sales Spoofing Vulnerability

103. Spoofing - Dynamics 365 Sales (CVE-2024-21396) - Medium [261]

Description: Dynamics 365 Sales Spoofing Vulnerability

104. Spoofing - Microsoft Edge (CVE-2024-21336) - Medium [252]

Description: Microsoft Edge (Chromium-based) Spoofing Vulnerability