February Microsoft Patch Update
Patch management is crucial for cybersecurity. Updating software regularly with patches is essential. Unpatched software is a prime target for cyber-attacks, which can cause severe damage to organisations.
Microsoft's February 2024 Patches include security updates for 73 flaws and two actively exploited zero-days.
This Patch release fixes five critical vulnerabilities, including denial of service, Remote code execution, information disclosure, and elevation of privileges vulnerabilities
The number of bugs in each vulnerability category is listed below:
16 Elevation of Privilege Vulnerabilities
3 Security Feature Bypass Vulnerabilities
30 Remote Code Execution Vulnerabilities
5 Information Disclosure Vulnerabilities
9 Denial of Service Vulnerabilities
10 Spoofing Vulnerabilities
Microsoft's February 2024 Patch fixes addressed two dangerous zero-day vulnerabilities.
"Zero-day" refers to a software vulnerability exploited by hackers before the vendor has become aware of it and, crucially, before a patch or update has been issued to fix it. These vulnerabilities are highly prized by malicious actors because they can be used to gain unauthorised access or cause damage without encountering security barriers that have yet to be updated to counteract such exploits.
The name 'zero-day' reflects the number of days the software vendor has had to address the issue, with 'zero' implying no time.
The first, CVE-2024-21351, involves a bypass vulnerability in the Windows SmartScreen Security Feature.
The second, CVE-2024-21412, pertains to an Internet Shortcut Files Security Feature Bypass Vulnerability. Stay informed and secure by understanding these potential threats.
"An unauthenticated attacker could send the targeted user a specially crafted file that is designed to bypass displayed security checks," explains Microsoft.
To learn more about the non-security updates released today, you can review the details on the Microsoft post:
https://msrc.microsoft.com/update-guide/releaseNote/2024-Feb
It is worth revisiting the January patches that Microsoft rolled out.
https://www.thecomputerdepartment.com.au/blog/microsofts-january-patch-update
Users who have kept pace with our coverage might remember that the January rollouts addressed different concerns. Patches released in January include 46 flaws and 12 remote code execution vulnerabilities.
For comprehensive insights on the January patches, we invite our readers to explore the analysis and implications in our January patch update blog.
Your Security is our Priority
Your friendly Support Team
Speak to us about all your computer needs
This is Part of our Cyber Security awareness educational campaign. Through this training, you will learn awareness and key principles, and best practices to protect yourself, your organisation, and the public from cyber attackers. You will also be equipped with the knowledge to identify potential threats and take action before any damage can occur.