Microsoft Releases Patches for 73 Security Flaws, Including Two Zero-Days Under Active Exploitation

Giulio Saggin
Giulio Saggin
Wednesday 14 February 2024
Microsoft Releases Patches for 73 Security Flaws, Including Two Zero-Days Under Active Exploitation
Photo by Windows on Unsplash

Microsoft has rolled out patches addressing 73 security vulnerabilities across its software suite as part of the February 2024 Patch Tuesday updates. Among these are two zero-day vulnerabilities currently under active exploitation.

Of the total vulnerabilities patched, 5 are classified as Critical, 65 as Important, and 3 as Moderate in severity. This update also includes fixes for 24 flaws in the Chromium-based Edge browser since January's Patch Tuesday release.

The two zero-day vulnerabilities being actively exploited are:

  1. CVE-2024-21351 (CVSS score: 7.6) - Windows SmartScreen Security Feature Bypass Vulnerability

  2. CVE-2024-21412 (CVSS score: 8.1) - Internet Shortcut Files Security Feature Bypass Vulnerability. Read More about this vulnerability here.

CVE-2024-21351 allows malicious actors to inject code into SmartScreen, potentially leading to data exposure or system unavailability. CVE-2024-21412 enables attackers to bypass security checks by sending specially crafted files to targeted users.

Both vulnerabilities have been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), with federal agencies urged to apply updates by March 5, 2024.

Additionally, Microsoft has patched five critical flaws, including CVE-2024-21410, an elevation of privilege vulnerability in Microsoft Exchange Server, which could result in the disclosure of a user's NTLM version 2 hash.

The update also addresses 15 remote code execution flaws in Microsoft WDAC OLE DB provider for SQL Server and fixes CVE-2023-50387, a 24-year-old design flaw in the DNSSEC specification known as KeyTrap, which can lead to denial-of-service attacks on DNS resolvers.

This patch aims to bolster the security posture of Microsoft's software suite and mitigate the risks posed by these vulnerabilities. Users and organizations are advised to apply the patches promptly to safeguard against potential exploitation and security breaches.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.


SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203