Patch Tuesday February 2024 (72 vulnerabilities – 2 zero-days)

Patch Tuesday February 2024 today and Microsoft released fixes for 72 CVE-numbered Windows 11 23H2 and 22H2 (KB5034765) vulnerabilities, along with two zero-days (CVE-2024-21412, CVE-2024-21351) that are already being used by malicious users.

patch tuesday

Η CVE-2024-21412 allows attackers to bypass the Microsoft Defender SmartScreen security feature with trapped Shortcut files with web addresses.

In late December 2023, Trend Micro researcher Peter Girnus and his colleagues in the ZDI Threat Hunting team discovered the Water Hydra APT exploiting the flaw to infect victims with the DarkMe malware.

Several other researchers, including two from Google's threat analysis team, later reported the same vulnerability to Microsoft.

Η CVE-2024-21351 allows bypassing the Windows SmartScreen security feature, which can be exploited to deliver malware by convincing potential victims to open a trapped file.

"The vulnerability allows malicious users to inject code into SmartScreen and potentially execute it, which could potentially lead to data exposure, system unavailability, or both," Microsoft said.

If you are using Windows, it would be a good idea to update.

You can download the update from Microsoft Catalog

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).