Executive summary

It is Valentine’s, and what better way to spend it than reading about Microsoft’s latest patch Tuesday. In this months patch Tuesday, Microsoft has provided updates to address 73 security issues across its product range, including two exploited zero-day vulnerabilities (CVE-2024-21351and CVE-2024-21412). Microsoft is classifying these as a flaw that is publicly disclosed or actively exploited with no official fix available. The two exploited vulnerabilities affect Windows Smart Screen and Internet Shortcut File, allowing security bypasses. They have both been added to the known ‘exploited vulnerabilities catalog’ by the Cybersecurity and Infrastructure Agency (CISA).

In addition to the updates from Microsoft, this week also saw Adobe fixing 38 vulnerabilities and SAP issued 13 new patches for its range of products, in which three of the patches were rated as critical.

What’s the risk to me or my business?

The vulnerabilities, if actively exploited could allow an attacker to bypass security features and inject malicious code, impacting the confidentiality, integrity and availability of data.

Microsoft

There is no official fix for the exploited vulnerabilities, however they both require a user to interact with a malicious file. As such, it is important to make sure users remain vigilant when interacting with their emails. Organisations should follow the vulnerabilities closely, so that they can apply any patches immediately. Other available updates should be applied as soon as possible for the actively exploited vulnerability and all other vulnerabilities that have a critical severity rating. Other patches should be applied in a reasonable time frame.

Technical Summary

CVE-2024-21351: This vulnerability if actively exploited, allows an attacker to bypass Windows SmartScreen. It relies on an authorised attacker sending a malicious file and convincing a user to open it.

CVE-2024-21412: This vulnerability if actively exploited, allows an attacker bypass Windows security features and send malicious files to users. The attacker would still need to user to interact with the file.

Adobe

This month, Adobe has released fixes vulnerabilities impacting Adobe Acrobat and Reader (13, of which 5 are critical), Commerce (9, of which 6 are critical), Substance 3D Painter (13, of which 5 are critical), FrameMaker Publishing Server (1 critical), Audition (1 critical) and Substance 3D Designer (1 critical). Currently, Adobe is not aware of any active exploitation of these vulnerabilities. The vulnerabilities include issues such as arbitrary code execution and memory leaks.

SAP

This month, SAP has released 13 patches, which include 10 new releases and 3 updates from previous releases. These patches address 8 critical vulnerabilities affecting a variety of SAP products. The vulnerabilities encompass a range of issues, including Privilege Escalation, Code Injection, Denial of Service, Information Disclosure, and Improper Authorisation.

Microsoft

Further details on other specific updates within this patch Tuesday can be found here:

https://www.bleepingcomputer.com/news/microsoft/microsoft-february-2024-patch-tuesday-fixes-2-zero-days-73-flaws/

https://www.ghacks.net/2024/02/13/the-windows-security-updates-for-february-2024-are-here/

Adobe

Further details of the vulnerabilities addressed in Adobe Acrobat and Reader be found here:

https://helpx.adobe.com/security/products/acrobat/apsb24-07.html

Further details of the vulnerabilities addressed in Adobe Substance 3D Painter be found here:

https://helpx.adobe.com/security/products/substance3d_painter/apsb24-04.html

Further details of the vulnerabilities addressed in Adobe FrameMaker be found here:

https://helpx.adobe.com/security/products/acrobat/apsb24-07.html

Further details of the vulnerabilities addressed in Adobe Audition be found here:

https://helpx.adobe.com/security/products/audition/apsb24-11.html

Further details of the vulnerabilities addressed in Adobe Substance 3D Designer be found here:

https://helpx.adobe.com/security/products/substance3d_designer/apsb24-13.html

SAP

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/february-2024.html

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity.