Patchday February 2024: Microsoft releases 72 patches

Patchday February 2024 is the second patchday of the year. As usual, it takes place on the second Tuesday of the month. On this day, Microsoft releases patches for security vulnerabilities and risks for all its applications and recommends that users of Windows, Azure, Office and all other programs apply the updates as soon as possible.

Two extremely critical and three critical vulnerabilities fixed on Patchday February 2024

The Common Vulnerability Scoring System (CVSS) rates how dangerous common vulnerabilities and exposures (CVEs) - i.e. security gaps in software - are on a scale of 1 to 10. On Patchday February 2024, Microsoft removed two CVEs that almost reached the top of the scale with a score of 9.8.

A bug fix is an Exchange Server patch. The bug allows hackers to impersonate another person on Exchange servers and thus gain access to data. To fix the bug, Exchange Server 2019 Cumulative Update 14 (CU14) must be installed and Extended Protection for Authentication (EPA) must be activated. Microsoft has published an article explaining exactly how to fix the bug.

The second highly critical bug affects Microsoft Office. Hackers are able to bypass the read-only view of documents and access an editable version of a document directly. This can of course cause all kinds of damage. For the new Office versions, the security gap is automatically closed with an update. Users of Office 2016 will have to install several updates to completely eliminate the threat.

The other critical risks relate to Dynamics, Hyper-V and Pragmatic General Multicast (PGM).

Microsoft discovers two public threats during the February 2024 patchday

The advantage of most bugs in programs and applications is that they are not publicly known. This makes it harder for hackers to exploit bugs - after all, they have to find them first.

During the February 2024 patchday, however, Microsoft discovered two bugs that are known to the public and therefore offer a large attack surface. It was therefore all the more important to provide security updates for these on Patchday February 2024.

The first is a Trojan that spreads via Internet shortcuts. The users most at risk were users of certain Internet forums on which the Trojan is spread.

The other known bug is a vulnerability in Windows Defender. Attackers can use this vulnerability to bypass the scanning of files from insecure sources and inject malicious code directly into the system.

Both bugs are included in the February 2024 patchday update. As the risks are publicly known, you should install the updates as soon as possible. It is to be expected that cybercriminals will now want to exploit these bugs even more.

Work safely with Microsoft applications through skill it

Further bug fixes on Patchday February 2024 affect Azure, Dynamics and other Microsoft applications. The tech giant is always keen to guarantee users security in their applications. But it will be even more secure if we ensure security ourselves.

In our four-day course Microsoft Security Operations Analyst you will learn how to detect and respond to threats.

Or become a Microsoft Cybersecurity Architect and learn how to create entire cybersecurity solutions and develop defense strategies to ensure security in your own network.