Skip to main content

Login to eCAT

Customer Support
Contact Sales
Blog

Post-Patch Tuesday Roundup: February 2024

Welcome to the Softcat Patch Tuesday roundup for February 2024, where we offer insight into the major patches released this month. In this edition, we will focus on the patches by Microsoft, Fortinet, Cisco, Ivanti, Adobe and VMware.

Security

Post patch tuesday image 1
Aoibhín Hamill

Aoibhín Hamill

Cyber Managed Services Advisor

Welcome to the Softcat Patch Tuesday roundup for February 2024, where we offer insight into the major patches released this month. In this edition, we will focus on the patches by Microsoft, Fortinet, Cisco, Ivanti, Adobe and VMware.

Several zero-day exploits have been discovered and announced in this update, and some of them are actively being exploited in real-world attacks.

Microsoft

In their February Patch Tuesday release, Microsoft has addressed 74 vulnerabilities, two of which are  zero-day vulnerabilities that are already being exploited in active attacks. The patches cover a broad array of applications and services, including Windows, Exchange, .Net, Office, SharePoint, Azure, and more. Additionally, there have been 6 Edge/Chromium based vulnerabilities identified and 1 Mariner flaw, although no specific advisory notes were issued.

This month's vulnerabilities chiefly revolve around Azure AD, Azure Site Recovery, Office, Exchange, and AKS. Outlined below are the critical vulnerabilities detailed in this month’s Patch Tuesday:

CVE-2024-21351: This zero-day security feature bypass vulnerability allows a malicious actor to inject code into SmartScreen, potentially gaining code execution and compromising data confidentiality and system availability. The attack complexity is moderate, as it requires convincing the victim to interact with the malicious file. However, it does not require sophisticated technical skills. The impact could result in total loss of integrity if the attacker successfully execute arbitrary code. This vulnerability has a CVSS of 7.6.

CVE-2024-21412: This vulnerability allows an attacker to bypass security features by exploiting the way Internet Shortcut Files (commonly .url files) are handled. These files are used to create shortcuts to websites or network resources. By crafting a malicious .url file, an attacker can deceive the victim into opening it, leading to unintended execution of arbitrary code or unauthorized actions. The exploit complexity of this zero-day is moderate, as social engineering is required to entice victims to open the file. This vulnerability has a CVSS of 8.1, Users should exercise caution when opening Internet Shortcut Files from untrusted sources and keep their systems up-to-date with security patches.

CVE-2024-21364: CVE-2024-21364 impacts Microsoft Azure Site Recovery (ASR). The vulnerability allows a local attacker to execute code, granting them elevated privileges (specifically, the IUSR or Anonymous User Identity). Additionally, they could uncover the MySQL root password, potentially compromising other encrypted credentials. This vulnerability is rated as Critical with a CVSS of 9.3.

CVE-2024-21376: This vulnerability allows an attacker to access the untrusted AKS Kubernetes node and AKS Confidential Container. By doing so, they can potentially take over confidential guests and containers beyond the network stack it might be bound to. The attack complexity is high, requiring the attacker to prepare the target environment to improve exploit reliability. This vulnerability  is rated as Critical with a CVSS of 9.0

CVE-2024-21401 This is an Elevation of Privilege (EoP) vulnerability that affects the Microsoft Entra Jira Single-Sign-On Plugin. From this, an attacker has the ability to gain unauthorized access to elevated privilege, running the risk of compromising the security of the Jira system. Therefore, successful exploitation of this vulnerability could lead to unauthorized actions, data exposure, or other security breaches. This vulnerability has a Critical CVSS of 9.8. Users of the affected plugin should apply any available security updates or patches to address this issue.

CVE-2024-21410: This is also an EoP vulnerability, which affects Microsoft Exchange Server. This flaw has a CVSS of 9.8. This vulnerability allows a remote, unauthenticated attacker to exploit the flaw and relay NTLM credentials against a vulnerable Exchange server. By doing so, the attacker can impersonate other users on the affected server. The likelihood of exploitation is high, as indicated by the Microsoft Exploitability Index. System administrators should promptly apply the relevant patches to prevent unauthorized privilege escalation.

CVE-2024-21413: This is a remote code execution (RCE) vulnerability which affects Outlook. This vulnerability allows an attacker to execute arbitrary code remotely within the context of the Outlook application. Specifically, the flaw resides in the handling of certain file types, allowing an attacker to craft a malicious file that, when opened by a victim using Outlook, triggers the execution of code. Successful exploitation of this vulnerability could lead to unauthorized code execution, potentially compromising the victim’s system and data. The CVSS of this flaw is also a Critical 9.8.

 

Fortinet

Fortinet have had a challenging couple of weeks in the news lately, particularly after disclosing two maximum severity bugs impacting FortiSIEM, and announcing a critical security vulnerability in FortiOS. Users are urged to apply all applicable security patches swiftly to keep their networks secured. The vulnerabilities to note in this Patch update are:

CVE-2024-21762: FortiOS Out-of-bound Write Vulnerability in sslvpnd | CVSS 9.6 – Critical

CVE-2024-23113: FortiOS Format String Vulnerability 9 | CVSS 9.8 – Critical

CVE-2023-44487: FortiOS and FortiProxy HTTP/2 Rapid Reset Vulnerability | CVSS 5.3 – Medium

CVE-2023-47537: FortiOS Improper Certificate Validation Vulnerability | CVSS 4.4 – Medium

 

Ivanti

Ivanti faced critical security flaws in its VPN software in recent weeks, patches were released efficiently. However, during the remediation process two supplementary vulnerabilities were discovered.

CVE-2024-22024: XML external entity (XXE) for Ivanti Connect Secure and Ivanti Policy Secure | CVSS 8.3 – High

CVE-2024-21888: A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administration | CVSS 8.8 – High

CVE-2024-21893: A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication. | CVSS 8.2 – High

 

Cisco

Several vulnerabilities have recently affected Cisco Expressway Series: a critical component in unified communications. Notably the first two vulnerabilities listed below involve cross-site request forgery (CSRF). Users have been strongly advised to apply updates immediately to maintain network security.

CVE-2024-20252: Cisco Expressway Series Cross-Site Request Forgery Vulnerabilities | CVSS 9.6 – Critical

CVE-2024-20254: Cisco Expressway Series Cross-Site Request Forgery Vulnerabilities | CVSS 9.6 – Critical                  

CVE-2024-20255: Cisco Expressway Series Cross-Site Request Forgery Vulnerability | CVSS 8.2 – High

 

VMware

VMware have noted five moderate to high vulnerabilities in this update in Aria Operations for Networks. The high vulnerability is listed below:

CVE-2024-22237: Aria Operations for Networks contains a local privilege escalation vulnerability | CVSS 7.8

 

Adobe

Adobe has released six patches this month, addressing 29 vulnerabilities.

Adobe Commerce – 2 Critical and 2 Important

Substance 3D Painter – 6 Critical

Acrobat and Reader – 5 Critical and 8 Important

Audition – 1 Critical

Substance 3D Designer – 1 Critical

For the latest protections, users are encouraged to update to the recommended versions. All of the above vulnerabilities are rated as a priority 3 by Adobe, meaning they relate to a product that has historically not been a target for attackers.

SAP

SAP has released 13 new security notes and 3 updates to previous security notes. Eight of these CVEs are rated “High” or “Hot News” (Very High). The products affected by the high to very high rated CVEs are:

- SAP Business Client | CVSS 10

- SAP ABA (Application Basis) | CVSS 9.1

- SAP NetWeaver AS Java (User Admin Application) | CVSS 8.8

- SAP NetWeaver AS Java (Guided Procedures) | CVSS 8.6

- SAP CRM WebClient UI | CVSS 7.6

- IDES Systems | CVSS 7.4

- SAP Cloud Connector | CVSS 7.4

- SAP GUI for Windows and SAP GUI for Java | CVSS 7.3

As always, users are recommended to install the latest security updates when possible to protect their systems from potential threats.