2024 February Patch Tuesday

Hosted by Chris Goettl and Todd Schell
Patch Tuesday Webinar
Wednesday, February 14, 2024

Copyright © 2024 Ivanti. All rights reserved. 2
Agenda
§ February 2024 Patch Tuesday Overview
§ In the News
§ Bulletins and Releases
§ Between Patch Tuesdays
§ Q & A

February 2024 Patch Tuesday is feeling like a return to
normalcy. Microsoft has resolved 73 new CVEs, two of
which are confirmed Zero-day vulnerabilities. Most of
the risk this month can be wiped off your systems by
deploying the Windows OS updates, but there are
additional concerns to investigate in Windows AppX
Installer and Exchange Server.
For more details check out this month's Patch Tuesday
blog.
February Patch Tuesday 2024

In the News

In the News
§ Attackers Exploit Microsoft Security-Bypass Zero-Day Bugs
§ Fat Patch Tuesday, February 2024 Edition
§ Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days
§ Just one bad packet can bring down a vulnerable DNS server thanks to DNSSEC
§ Hong Kong Video Deepfake Scam Nets $25M
§ Chipmaker Patch Tuesday: AMD and Intel Patch Over 100 Vulnerabilities
§ Linux Kernel Becomes Its Own CNA

§ CVE-2024-21351 Windows Smartscreen Security Feature Bypass Vulnerability
§ CVSS 3.1 Scores: 7.6 / 6.6
§ Severity: Moderate
§ Impact: All Windows 10 operating systems and newer
§ Per Microsoft – The vulnerability allows a malicious actor to inject code into SmartScreen and
potentially gain code execution, which could potentially lead to some data exposure, lack of system
availability, or both. An attacker must send the user a malicious file and convince the user to open it.
Known Exploited Vulnerabilities

§ CVE-2024-21412 Internet Shortcut Files Security Bypass Vulnerability
§ CVSS 3.1 Scores: 8.1 / 7.1
§ Severity: Important
§ Impact: All Windows 10 operating systems and newer
§ Per Microsoft – An unauthenticated attacker could send the targeted user a specially crafted file that is
designed to bypass displayed security checks. However, the attacker would have no way to force a
user to view the attacker-controlled content. Instead, the attacker would have to convince them to take
action by clicking on the file link.
Known Exploited Vulnerabilities

CVE-2023-40547
§ CVSS 3: 9.8 (8.3 Red Hat)
§ Flaw in Shim (a small open-source bootloader
maintained by Red Hat)
§ Enables an attacker to craft a specific malicious
HTTP request, leading to a completely controlled
out-of-bounds write primitive and complete
system compromise.
Exploitation:
Only exploitable during early boot phase. An
attacker needs to perform a Man-in-the-Middle or
compromise the boot server to be able to exploit this
vulnerability successfully.
Five other vulnerabilities affecting Shim were
discovered this week:
CVE-2023-40551
CVE-2023-40550
CVE-2023-40549
CVE-2023-40548
CVE-2023-40546
New and Notable Linux Vulnerabilities: 1
Highlighted by TuxCare

CVE-2023-6780
§ CVSS 3: 9.8
§ glibc vulnerability that affects most distributions
out there.
§ It is possible to abuse a buffer to trigger
undefined behavior which can then further be
exploited to gain elevated privileges in a local
system.
Mitigation
This function is called by the syslog and vsyslog
functions. The problem happens when these
functions are called with a very long message,
causing an incorrect calculation of the buffer size to
store the message, resulting in the undefined
behavior.
How to Mitigate:
Upgrade glibc to version 2.39 or higher

CVE-2024-1086
§ CVSS 3: 7.8
§ Use-after-free that can lead to crashes or
undefined behavior
§ Found in the Netfilter subsystem in the Linux
kernel (concerning the firewall and packet
filtering) The nf_tables component can be
exploited to achieve local privilege escalation.
§ This bug happens in the "TO" module (one way
to perform packet redirection with netfilter),
which was found to contain a code-path with a
use-after-free bug.
Additional Context:
Netfilter enables various networking-related
operations to be implemented in the form of
customized handlers, providing functions and
operations for packet filtering, network address
translation, and port translation, which provide the
functionality required for directing packets through a
network and prohibiting packets from reaching
sensitive locations within a network.
Mitigation
Either prevent the affected Netfilter (“to(nf_tables)”)
kernel module from being loaded or disable user
namespaces.

Microsoft Patch Tuesday Updates of Interest
Advisory 990001
Latest Servicing Stack Updates (SSU)
§ https://msrc.microsoft.com/update-
guide/en-US/vulnerability/ADV990001
§ ESU OS and Windows 10 (see graphic)
Azure and Development Tool Updates
§ .NET 6, 7, & 8
§ ASP.NET 6, 7, & 8
§ Azure Active Directory B2C
§ Azure File Sync v14.0 - v17.0
§ Azure Kubernetes Service Confidential
Containers
§ Azure Site Recovery
§ Microsoft Entra Jira Single-Sign-On
Plugin
§ Visual Studio 2022 v17.4 – v17.8
Source: Microsoft

Windows 10
and 11 Lifecycle
Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
22H2 10/18/2022 10/14/2025
21H2 11/16/2021 6/11/2024
Windows 10 Home and Pro
22H2 10/18/2022 10/14/2025
Windows 11 Home and Pro
23H2 10/31/2023 11/11/2025
22H2 9/20/2022 10/8/2024
Windows 11 Enterprise and Education
23H2 10/31/2023 11/10/2026
22H2 9/20/2022 10/14/2025
21H2 10/4/2021 10/8/2024
Source: Microsoft
https://docs.microsoft.com/en-us/lifecycle/faq/windows

Server Long-term Servicing Channel Support
Server LTSC Support
Version Editions Release Date Mainstream Support Ends Extended Support Ends
Windows Server 2022 Datacenter and Standard 08/18/2021 10/13/2026 10/14/2031
Windows Server 2019
(Version 1809)
Datacenter, Essentials, and Standard 11/13/2018 01/09/2024 01/09/2029
Windows Server 2016
(Version 1607)
Datacenter, Essentials, and Standard 10/15/2016 01/11/2022 01/11/2027
https://learn.microsoft.com/en-us/windows-server/get-started/windows-server-release-info
§ Focused on server long-term stability
§ Major version releases every 2-3 years
§ 5 years mainstream and 5 years extended support
§ Server core or server with desktop experience available
Source: Microsoft

Patch Content Announcements
Announcements Posted on Community Forum Pages
§ https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
§ Subscribe to receive email for the desired product(s)
Content Info: Endpoint Security
Content Info: Endpoint Manager
Content Info: macOS Updates
Content Info: Linux Updates
Content Info: Patch for Configuration Manager
Content Info: ISEC and Neurons Patch
Content Info: Neurons Patch for InTune

Bulletins and Releases

Copyright © 2024 Ivanti. All rights reserved.
APSB24-07: Security Update for Adobe Acrobat and Reader
§ Maximum Severity: Critical
§ Affected Products: Adobe Acrobat and Reader (DC Continuous and Classic 2020)
§ Description: Adobe has released a security update for Adobe Acrobat and Reader for Windows
and macOS. This update addresses 13 vulnerabilities; 5 are critical. See
https://helpx.adobe.com/security/products/acrobat/apsb24-07.html for more details.
§ Impact: Remote Code Execution, Denial of Service, Information Disclosure
§ Fixes 13 Vulnerabilities: See bulleting link for details.
§ Restart Required: Requires application restart
1

MS24-02-W11: Windows 11 Update
§ Affected Products: Microsoft Windows 11 Version 21H2, 22H2, 23H2 and Edge Chromium
§ Description: This bulletin references KB 5034766 (21H2) and KB 5034765 (22H2/23H2).
§ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing,
Elevation of Privilege, and Information Disclosure
§ Fixes 41 Vulnerabilities: CVE-2024-21351 and CVE-2024-21412 are known exploited. See the
Security Update Guide for the complete list of CVEs.
§ Restart Required: Requires restart
§ Known Issues: None reported
1

MS24-02-W10: Windows 10 Update
§ Affected Products: Microsoft Windows 10 Versions 1607, 1809, 21H2, 22H2, Server 2016,
Server 2019, Server 2022, Server 2022 Datacenter: Azure Edition and Edge Chromium
§ Description: This bulletin references 6 KB articles. See KBs for the list of changes.
§ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing,
Elevation of Privilege, and Information Disclosure
§ Fixes 44 Vulnerabilities: CVE-2024-21351 and CVE-2024-21412 are known exploited. See the
Security Update Guide for the complete list of CVEs.
§ Known Issues: See next slide
1

February Known Issues for Windows 10
§ KB 5034763 – Windows 10 Enterprise and Education, version 21H2 Windows 10 IoT Enterprise,
version 21H2 Windows 10 Enterprise Multi-Session, version 21H2 Windows 10, version 22H2,
all editions
§ [Copilot Not Supported] Copilot in Windows (in preview) is not currently supported when
your taskbar is located vertically on the right or left of your screen. Workaround: To
access Copilot in Windows, make sure your taskbar is positioned horizontally on the top or
bottom of your screen.
§ [Icon Display] Windows devices using more than one (1) monitor might experience issues
with desktop icons moving unexpectedly between monitors or other icon alignment issues
when attempting to use Copilot in Windows (in preview).
§ Microsoft is working on a resolution for both issues.

February Known Issues for Windows 10 (cont)
§ KB 5034770 – Windows Server 2022
§ [Image File Execution] After you install KB5034129 (Jan), chromium-based internet
browsers, such as Microsoft Edge, might not open correctly. Browsers affected by this issue
might display a white screen and become unresponsive when you open them.
Devices that have browser specific Image File Execution Options (IFEO) might be affected
by this issue. When an entry for Microsoft Edge (msedge.exe) or other chromium-based
browsers is found in the Windows registry, the issue might occur. A registry entry can be
created by developer tools or when certain debugging and diagnostic settings are in place
for browsers.Microsoft is working on a resolution for both issues.
§ Workaround: See KB for registry editing options. Microsoft is working on a resolution and
will provide an update shortly.

MS24-02-EXCH: Security Updates for Exchange Server
§ Affected Products: Microsoft Exchange Server 2016 CU23 and Exchange Server 2019 CU13 &
CU14
§ Description: This bulletin references KB 5035606. This cumulative update addresses 18
reported issues listed in the KB and now enables Extended Protection by default. See the KB
article and the Exchange Server blog for details.
§ Impact: Elevation of Privilege
§ Fixes 1 Vulnerability: CVE-2024-21410 is not publicly disclosed or known exploited.
§ Known Issues: When Setup.exe is used to run /PrepareAD, /PrepareSchema or
/PrepareDomain, the installer reports that Extended Protection was configured by the installer,
and it displays the following error message:
Exchange Setup has enabled Extended Protection on all the virtual directories on this machine.
1

§ Affected Products: Microsoft 365 Apps, Office 2019 and Office LTSC 2021
§ Description: This month’s update resolved various bugs and performance
issues in Office applications. Information on the security updates is available at
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.
§ Impact: Remote Code Execution, Elevation of Privilege
§ Fixes 6 Vulnerabilities: CVE-2024-20673, CVE-2024-21378, CVE-2024-21379, CVE-2024-
21384, CVE-2024-21402, and CVE-2024-21413 are not known to be exploited or publicly
disclosed
MS24-02-O365: Security Updates Microsoft 365 Apps,
Office 2019 and Office LTSC 2021
1

§ Affected Products: Excel 2016, Office 2016, Outlook 2016, Powerpoint 2016, Publisher 2016,
Teams for Android, Visio 2016, Word 2016, and Skype for Business 2016
§ Description: This security update resolves multiple security issues in Microsoft Office suite. This
bulletin references 12 KB articles and Release Notes for Android.
§ Impact: Remote Code Execution, Information Disclosure
21378, CVE-2024-21379, and CVE-2024-21413 are not known to be exploited or publicly
disclosed.
MS24-02-OFF: Security Updates for Microsoft Office
1

Between
Patch Tuesdays

Windows Release Summary
§ Security Updates (with CVEs): Azul Zulu (4), Corretto (4), Google Chrome (4), Firefox (1), Firefox
ESR (1), Foxit PDF Editor (1), Foxit PDF Reader Consumer (1), Java 8 (1), Java Development Kit 11
(1), Java Development Kit 17 (1), Java Development Kit 21 (1), Pulse Secure VPN (1), Thunderbird (1)
§ Security Updates (w/o CVEs): Adobe Acrobat DC and Acrobat Reader DC (1), CCleaner (1), Cisco
Webex Meetings Desktop App (1), ClickShare App Machine-Wide Installer (1), Falcon Sensor for
Windows (1), Citrix Workspace App (1), Docker For Windows (1), Dropbox (2), Eclipse Adoptium (4),
Evernote (6), Firefox (1), FileZilla (1), GoodSync (2), Google Earth Pro (1), Grammarly for Windows
(4), Jabra Direct (1), Node.JS (Current) (1), Notepad++ (1), Opera (4), VirtualBox (2), Python (2),
RedHat OpenJDK (4), Skype (4), Slack Machine-Wide Installer (2), Splunk Universal Forwarder (3),
Tableau Desktop (5), Tableau Prep Builder (1), Tableau Reader (1), TeamViewer (1), VMware Horizon
Client (1), Zoom Client (1), Zoom Client (3), Zoom VDI (3)
§ Non-Security Updates: 8x8 Work Desktop (1), Amazon WorkSpaces (1), Box Drive (1), Bitwarden (1),
Camtasia (2), Cisco WebEx Teams (1), Google Drive File Stream (1), GeoGebra Classic (1), GoTo
Connect (1), KeePass Pro (1), KeePass Classic (1), NextCloud Desktop Client (1), PDF-Xchange PRO
(1), Password Safe (1), RingCentral App (Machine-Wide Installer) (1), Rocket.Chat Desktop Client (1),
WeCom (1), WinMerge (1)

Windows Third Party CVE Information
§ Azul Zulu 21.32.17 (21.0.2) Note: FX version of JDK also supported
§ ZULU21-240122, QZULUJDK213217
§ Fixes 8 Vulnerabilities: CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-
2024-20922, CVE-2024-20923, CVE-2024-20925, CVE-2024-20945, CVE-2024-20952
§ ZULU17-240122, QZULUJDK174815 and QZULUJRE174815
2024-20922, CVE-2024-20923, CVE-2024-20925, CVE-2024-20932, CVE-2024-
20945, CVE-2024-20952
2024-20922, CVE-2024-20923, CVE-2024-20925, CVE-2024-20926, CVE-2024-
20945, CVE-2024-20952

Windows Third Party CVE Information (cont)
§ Azul Zulu 8.76.0.17 (8u402) Note: FX version of JDK also supported
§ Fixes 9 Vulnerabilities: CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20922,
CVE-2024-20923, CVE-2024-20925, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952
§ Java Development Kit 21 Update 21.0.2
§ JDK17-240116, QJDK2102
CVE-2024-20945, CVE-2024-20952
§ JDK17-240116, QJDK17010
CVE-2024-20945, CVE-2024-20952

§ JDK11-240116, QJDK11022
CVE-2024-20945, CVE-2024-20952
§ Java 8 Update 401 – JRE and JDK
§ JAVA8-240116, QJDK8U401 and QJRE8U401
§ Corretto 21.0.2.13.1
§ CRTO21-240116, QCRTOJDK2102
CVE-2024-20952

§ Corretto 17.0.10.7.1
CVE-2024-20952
§ Corretto 11.0.22.7.1
CVE-2024-20945, CVE-2024-20952
§ Corretto 8.402.06.1 – JRE and JDK
§ CRTO8-240116, QCRTOJRE8402

Windows Third Party CVE Information
§ Google Chrome 120.0.6099.225
§ CHROME-240116, QGC12006099225
§ Fixes 3 Vulnerabilities: CVE-2024-0517, CVE-2024-0518, CVE-2024-0519
§ CHROME-240123, QGC1210616786
CVE-2024-0808, CVE-2024-0809, CVE-2024-0810, CVE-2024-0811, CVE-2024-0812, CVE-2024-
0813, CVE-2024-0814
§ CHROME-240130, QGC12106167140
§ CHROME-240206, QGC12106167161
§ Fixes 2 Vulnerabilities: CVE-2024-1283, CVE-2024-1284

§ Firefox 122.0
§ FF-240123, QFF1220
0750, CVE-2024-0751, CVE-2024-0752, CVE-2024-0753, CVE-2024-0754, CVE-2024-0755
§ Firefox ESR 115.7.0
§ FFE-240123, QFFE11570
§ Fixes 9 Vulnerabilities: CVE-2024-0741, CVE-2024-0742, CVE-2024-0746, CVE-2024-0747, CVE-
2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0755
§ Thunderbird 115.7.0
§ TB-240123, QTB11570
2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0755

§ Foxit PDF Editor 12.1.4
§ FPDFE-240130, QFPDFE1214MSP
CVE-2023-40194, CVE-2023-41257, CVE-2023-42089, CVE-2023-42090, CVE-2023-42091,
§ Foxit PDF Reader Consumer 12.1.4.15400
§ FPDFRC-240122, QFPDFRC12141540
§ Fixes 29 Vulnerabilities: See Previous
§ Pulse Secure VPN Desktop Client 22.7.1.28369
§ PSVPN-240202, QPSVPN22711

Apple Release Summary
§ Security Updates (with CVEs): Apple macOS Monterey (1), Apple macOS Ventura (1), Apple
macOS Sonoma (1), Google Chrome (3), Docker Desktop (1), Evernote (1), Microsoft Office
2019 Excel (1), Firefox (1), Firefox ESR (1), Microsoft Edge (3), Microsoft Office 2019 OneNote
(1), Microsoft Office 2019 Outlook (1), Microsoft Office 2019 PowerPoint (1), Safari for
Monterey (1), Thunderbird (1), Microsoft Office 2019 Word (1)
§ Security Updates (w/o CVEs): Brave (1), SeaMonkey (1)
§ Non-Security Updates: Adobe Acrobat DC and Acrobat Reader DC (1), Apple macOS
Sonoma (1), Brave (3), Docker Desktop for Mac (1), draw.io (2), Dropbox (2), Evernote (4),
Firefox (1), Google Drive (1), Grammarly (7), Hazel (1), IntelliJ IDEA (1), LibreOffice (1),
Microsoft AutoUpdate (1), Microsoft Edge (2), OneDrive for Mac (2), Microsoft Office 2019
Outlook (2), PyCharm Professional for Mac (2), PowerShell (1), Python (2), Slack (1), Spotify
(2), Microsoft Teams (Mac) (2), Visual Studio Code (3), Zoom Client for Mac (1)

Apple Updates with CVE Information
§ macOS Monterey 12.7.3
§ HT214057
2023-42888, CVE-2023-42915, CVE-2023-42937, CVE-2024-23207, CVE-2024-
23212, CVE-2024-23222
§ macOS Ventura 13.6.4
§ HT214058
2023-40528, CVE-2023-42887, CVE-2023-42888, CVE-2023-42915, CVE-2023-
42935, CVE-2023-42937, CVE-2024-23207, CVE-2024-23212, CVE-2024-23222,
CVE-2024-23224
§ Safari 17.3 for Ventura and Monterey
§ HT214056
2024-23222

Apple Updates with CVE Information (cont)
§ macOS Sonoma 14.3
§ HT214061
2024-23207, CVE-2024-23208, CVE-2024-23209, CVE-2024-23210, CVE-2024-
23211, CVE-2024-23212, CVE-2024-23213, CVE-2024-23214, CVE-2024-23215,
CVE-2024-23217, CVE-2024-23218, CVE-2024-23222, CVE-2024-23223, CVE-2024-
23224

Apple Third Party CVE Information
§ CHROMEMAC-240116
§ CHROMEMAC-240130
§ CHROMEMAC-240206

Apple Third Party CVE Information (cont)
§ Docker Desktop 4.27.2
§ DOCKERMAC-240208
24557
§ Evernote 10.74.1
§ ENOT-240131
§ Fixes 1 Vulnerability: CVE-2023-50643
§ Microsoft Office 2019 Excel 16.81
§ EXCEL19-240116
§ Microsoft Office 2019 OneNote 16.81
§ ONENOTE19-240116

§ Microsoft Office 2019 Outlook 16.81
§ OUTLOOK19-240116
§ Microsoft Office 2019 Powerpoint 16.81
§ POWERPOINT19-240116
§ Microsoft Office 2019 Word 16.81
§ WORD19-240116

§ Microsoft Edge 120.0.2210.144
§ MEDGEMAC-240117
§ MEDGEMAC-240126
21383, CVE-2024-21385, CVE-2024-21387, CVE-2024-21388
§ MEDGEMAC-240201

§ Firefox 122.0
§ FF-240123
0750, CVE-2024-0751, CVE-2024-0752, CVE-2024-0753, CVE-2024-0754, CVE-2024-0755
§ Firefox ESR 115.7.0
§ FFE-240123
2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0755
§ Thunderbird 115.7.0
§ TB-240123
2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0755

Q & A

2024 February Patch Tuesday

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to 2024 February Patch Tuesday

Similar to 2024 February Patch Tuesday (20)

More from Ivanti

More from Ivanti (10)

Recently uploaded

Recently uploaded (20)

2024 February Patch Tuesday