From thehackernews.com
Microsoft has released patches to address 73 security flaws spanning its software lineup as part of its Patch Tuesday updates for February 2024, including two zero-days that have come under active exploitation.
Of the 73 vulnerabilities, 5 are rated Critical, 65 are rated Important, and three and rated Moderate in severity. This is in addition to 24 flaws that have been fixed in the Chromium-based Edge browser since the release of the January 24 Patch Tuesday updates.
The two flaws that are listed as under active attack at the time of release are below –
- CVE-2024-21351 (CVSS score: 7.6) – Windows SmartScreen Security Feature Bypass Vulnerability
- CVE-2024-21412 (CVSS score: 8.1) – Internet Shortcut Files Security Feature Bypass Vulnerability
“The vulnerability allows a malicious actor to inject code into SmartScreen and potentially gain code execution, which could potentially lead to some data exposure, lack of system availability, or both,” Microsoft said about CVE-2024-21351.