Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days

From thehackernews.com

Microsoft has released patches to address 73 security flaws spanning its software lineup as part of its Patch Tuesday updates for February 2024, including two zero-days that have come under active exploitation.

Of the 73 vulnerabilities, 5 are rated Critical, 65 are rated Important, and three and rated Moderate in severity. This is in addition to 24 flaws that have been fixed in the Chromium-based Edge browser since the release of the January 24 Patch Tuesday updates.

The two flaws that are listed as under active attack at the time of release are below –

  • CVE-2024-21351 (CVSS score: 7.6) – Windows SmartScreen Security Feature Bypass Vulnerability
  • CVE-2024-21412 (CVSS score: 8.1) – Internet Shortcut Files Security Feature Bypass Vulnerability

“The vulnerability allows a malicious actor to inject code into SmartScreen and potentially gain code execution, which could potentially lead to some data exposure, lack of system availability, or both,” Microsoft said about CVE-2024-21351.

Read more…