TT-CSIRT-426.14.02.24: Critical Patches Issued for Microsoft Products

Microsoft has released security updates to address vulnerabilities in multiple products; the most severe of which could allow for remote code execution. Additionally, two (2) zero day vulnerabilities related to Microsoft products have been identified that are CVE-2024-21351 – Windows SmartScreen Security Feature Bypass Vulnerability and CVE-2024-21412 – Internet Shortcut Files Security Feature Bypass Vulnerability.
Affected Systems:
The following is a list of affected systems:
• .NET
• Azure Active Directory
• Azure Stack
• Internet Shortcut Files
• Microsoft ActiveX
• Microsoft Defender for Endpoint
• Microsoft Dynamics
• Microsoft Edge (Chromiumbased)
• Microsoft Exchange Server (Critical)
• Microsoft Office
• Microsoft Teams for Android
• Microsoft WDAC ODBC Driver
• Microsoft WDAC OLE DB provider for SQL
• Microsoft Windows
• Microsoft Windows DNS
• Role: DNS Server
• Skype for Business
• SQL Server
• Trusted Compute Base
• Windows HyperV
• Windows Internet Connection Sharing (ICS)
• Windows Kernel
• Windows LDAP
• Windows Message Queuing
• Windows OLE
• Windows SmartScreen
• Windows USB Serial Driver
• Windows Win32K ICOMP

TT-CSIRT encourages administrators to review the following releases and take the necessary actions immediately:
https://msrc.microsoft.com/update-guide/
https://www.cisecurity.org/advisory/critical-patches-issued-for-microsoft-products-february-13-2024_2024-020

If you have any queries, comments or require assistance, please feel free to contact the TT-CSIRT via contacts@ttcsirt.gov.tt