All About Microsoft Windows And Technology !!!

Microsoft Patch Tuesday Updates for Windows 11 and 10 (February 2024)

This month's Patch Tuesday fixes two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351). Microsoft patched total 73 vulnerabilities are rated Critical while the remaining 68 are rated Important or Moderate.

In the latest edition of Microsoft Patch Tuesday Update February 2024, Microsoft has taken significant steps to enhance the security of its systems by addressing a total of 73 vulnerabilities. Among them,  two of which are confirmed to be exploited, five of which are rated as critical, and the remaining 66 are rated Important in severity.

The two flaws that are listed as under active attack

  • CVE-2024-21351 (CVSS score: 7.6) – Windows SmartScreen Security Feature Bypass Vulnerability
  • CVE-2024-21412 (CVSS score: 8.1) – Internet Shortcut Files Security Feature Bypass Vulnerability

Five critical flaws today patched by Microsoft

  • CVE-2024-20684 (CVSS score: 6.5) – Windows Hyper-V Denial of Service Vulnerability
  • CVE-2024-21357 (CVSS score: 7.5) – Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
  • CVE-2024-21380 (CVSS score: 8.0) – Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability
  • CVE-2024-21410 (CVSS score: 9.8) – Microsoft Exchange Server Elevation of Privilege Vulnerability
  • CVE-2024-21413 (CVSS score: 9.8) – Microsoft Outlook Remote Code Execution Vulnerability

All this little world is corrected through various cumulative updates

You can search for Windows updates and hit the check for updates button to get the latest Windows updates installed on your device.

Download Windows 11 KB5034765

Microsoft Patch Tuesday Update February 2024

The February edition of Microsoft Patch Tuesday encompasses a wide range of updates aimed at addressing vulnerabilities across various components and applications. Key areas receiving patches include Microsoft Office and Components, Microsoft Azure Kubernetes Service, Microsoft Dynamics, Microsoft Windows Codecs Library, Visual Studio Code, Windows Cloud Files Mini Filter Driver, and more.

Two Zero-day and Four critical Vulnerabilities Patched

The February Patch Tuesday update from Microsoft addresses several significant vulnerabilities, including two Zero-day discovery and five Critical vulnerabilities affect various Microsoft products and services, ranging from bypassing security features to remote code execution and denial of service attacks.

  1. CVE-2024-21412 (Internet Shortcut Files): This vulnerability affects Windows machines by allowing attackers to bypass security warnings. Users would need to click on a specially crafted file to be affected.
  2. CVE-2024-21351 (Windows SmartScreen): This vulnerability affects Windows Defender SmartScreen, potentially exposing partial data and causing system availability issues. Attackers could bypass SmartScreen by convincing users to open malicious files.
  3. CVE-2024-21410 (Microsoft Exchange Server): This critical vulnerability allows attackers to authenticate as users by exploiting NTLM hashes on vulnerable Exchange servers. Before Exchange Server 2019 CU14, relay protections were not enabled by default.
  4. CVE-2024-21413 (Microsoft Outlook): This critical vulnerability enables attackers to execute remote code by sending malicious links that bypass security features, potentially leading to credential exposure and privileged functionality.
  5. CVE-2024-21380 (Microsoft Dynamics Business Central): This critical vulnerability allows attackers to interact with other SaaS tenants’ applications and content by convincing users to click on specially crafted URLs, potentially leading to unauthorized access.
  6. CVE-2024-21357 (Windows Pragmatic General Multicast – PGM): This critical vulnerability allows remote code execution within the same network or virtual network systems connected to Windows PGM, with high attack complexity.
  7. CVE-2024-20684 (Microsoft Windows Hyper-V): This critical vulnerability allows attackers to target Hyper-V guest virtual machines, affecting the functionality of the Hyper-V host. However, Microsoft considers exploitation less likely due to it being a local DoS attack.

For windows 11 and windows 10

For the client OS, KB5034765 for Windows 11 version 23H2 advances the build number to 22631.3155. And KB5034763 for Windows 10 bumps to OS build 19045.4046.

Windows 11 KB5034765 fixes a problem causing the search to malfunction on the Start menu due to a deadlock. the Copilot in Windows icon will now appear on the right side of the system tray on the taskbar.  Addresses an issue that affects Narrator announcements, and resolves a critical issue impacting explorer.exe, which could lead to unresponsiveness when restarting or shutting down a PC with a connected controller accessory. Additionally, the update enhances the security of device metadata downloads from the Windows Metadata and Internet Services (WMIS) over HTTPS, ensuring a more secure browsing experience.

Windows 10 KB5034763 brings a richer weather experience to your lock screen and Modify OS to comply with Europe’s Digital Markets Act (DMA). This update also fixes explorer.exe unresponsiveness with controller accessories, improves HTTPS security for device metadata downloads, enables “Delta CRL” selection in Certificate Authority snap-in, and resolves error 0xd0000034 during Windows 11 upgrades.

These updates are crucial for enhancing the security and stability of Microsoft’s ecosystem, including Edge Chromium-based products, by patching potential vulnerabilities and mitigating security risks.

You can read the complete changelog here KB5034765 and KB5034763

Here are the direct links for a download and a manual installation.

If you are looking to download Windows 10 ISO, you can get it from here.

Also read:

You might also like
Leave a comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More