Microsoft Monthly Security Update (February 2024)

Release Date: 14 Feb 2024

RISK: Medium Risk

TYPE: Operating Systems - Windows OS

Microsoft has released monthly security update for their products:

Vulnerable Product	Risk Level	Impacts	Notes
Browser	Medium Risk	Remote Code Execution
Azure	Medium Risk	Remote Code Execution Elevation of Privilege Spoofing
Developer Tools	Medium Risk	Remote Code Execution Denial of Service
Windows	Medium Risk	Denial of Service Elevation of Privilege Information Disclosure Remote Code Execution Security Restriction Bypass Spoofing	CVE-2024-21351 is being exploited in the wild. The vulnerability allows a malicious actor to inject code into SmartScreen and potentially gain code execution, which could potentially lead to some data exposure, lack of system availability, or both. CVE-2024-21412 is being exploited in the wild. The vulnerability could bypass Mark of the Web (MoTW) warnings in Windows.
Extended Security Updates (ESU)	Medium Risk	Denial of Service Information Disclosure Remote Code Execution Elevation of Privilege Spoofing
Microsoft Dynamics	Medium Risk	Spoofing Information Disclosure
Microsoft Office	Medium Risk	Remote Code Execution Elevation of Privilege Information Disclosure
System Center	Medium Risk	Elevation of Privilege
Exchange Server	Medium Risk	Elevation of Privilege
Mariner	Low Risk

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 0

Number of 'Medium Risk' product(s): 9

Number of 'Low Risk' product(s): 1

Evaluation of overall 'Risk Level': Medium Risk

Impact

Before installation of the software, please visit the vendor web-site for more details.