MS Family February 2024 Routine Security Update Advisory
Overview
Microsoft(https://www.microsoft.com) has released a security update that fixes vulnerabilities in products it has supplied. Users of affected products are advised to update to the latest version.
Affected Products
Azure family
Azure Connected Machine Agent
Azure DevOps Server 2022.1
Azure File Sync v14.0
Azure File Sync v15.0
Azure File Sync v16.0
Azure File Sync v17.0
Azure Kubernetes Service Confidential Containers
Azure Site Recovery
Azure Stack Hub
Microsoft Azure Active Directory B2C
Microsoft Entra Jira Single-Sign-On Plugin
Developer Tools suite
.NET 6.0
.NET 7.0
.NET 8.0
ASP.NET Core 6.0
ASP.NET Core 7.0
ASP.NET Core 8.0
Azure DevOps Server 2019.1.2
Azure DevOps Server 2020.1.2
Microsoft Visual Studio 2022 version 17.4
Microsoft Visual Studio 2022 version 17.6
Microsoft Visual Studio 2022 version 17.8
ESU Family
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Exchange Server Family
Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 13
Microsoft Exchange Server 2019 Cumulative Update 14
Microsoft Dynamics Suite
Microsoft Dynamics 365 (on-premises) version 9.1
Microsoft Dynamics 365 Business Central 2022 Release Wave 2
Microsoft Dynamics 365 Business Central 2023 Release Wave 1
Microsoft Dynamics 365 Business Central 2023 Release Wave 2
Microsoft Dynamics 365 Customer Engagement V9.1
Microsoft Office Suite
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Outlook 2016 (32-bit edition)
Microsoft Outlook 2016 (64-bit edition)
Microsoft PowerPoint 2016 (32-bit edition)
Microsoft PowerPoint 2016 (64-bit edition)
Microsoft Publisher 2016 (32-bit edition)
Microsoft Publisher 2016 (64-bit edition)
Microsoft Teams for Android
Microsoft Visio 2016 (32-bit edition)
Microsoft Visio 2016 (64-bit edition)
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
Skype for Business 2016 (32-bit)
Skype for Business 2016 (64-bit)
Skype for Business Server 2019 CU7
System Center Suite
Microsoft Defender for Endpoint for Windows on Windows 10 Version 1607 for 32-bit Systems
Microsoft Defender for Endpoint for Windows on Windows 10 Version 1607 for x64-based Systems
Microsoft Defender for Endpoint for Windows on Windows 10 Version 1809 for 32-bit Systems
Microsoft Defender for Endpoint for Windows on Windows 10 Version 1809 for ARM64-based Systems
Microsoft Defender for Endpoint for Windows on Windows 10 Version 1809 for x64-based Systems
Microsoft Defender for Endpoint for Windows on Windows 10 Version 21H2 for 32-bit Systems
Microsoft Defender for Endpoint for Windows on Windows 10 Version 21H2 for ARM64-based Systems
Microsoft Defender for Endpoint for Windows on Windows 10 Version 21H2 for x64-based Systems
Microsoft Defender for Endpoint for Windows on Windows 10 Version 22H2 for 32-bit Systems
Microsoft Defender for Endpoint for Windows on Windows 10 Version 22H2 for ARM64-based Systems
Microsoft Defender for Endpoint for Windows on Windows 10 Version 22H2 for x64-based Systems
Microsoft Defender for Endpoint for Windows on Windows 10 for 32-bit Systems
Microsoft Defender for Endpoint for Windows on Windows 10 for x64-based Systems
Microsoft Defender for Endpoint for Windows on Windows 11 Version 22H2 for ARM64-based Systems
Microsoft Defender for Endpoint for Windows on Windows 11 Version 22H2 for x64-based Systems
Microsoft Defender for Endpoint for Windows on Windows 11 Version 23H2 for ARM64-based Systems
Microsoft Defender for Endpoint for Windows on Windows 11 Version 23H2 for x64-based Systems
Microsoft Defender for Endpoint for Windows on Windows 11 version 21H2 for ARM64-based Systems
Microsoft Defender for Endpoint for Windows on Windows 11 version 21H2 for x64-based Systems
Microsoft Defender for Endpoint for Windows on Windows Server 2012
Microsoft Defender for Endpoint for Windows on Windows Server 2012 (Server Core installation)
Microsoft Defender for Endpoint for Windows on Windows Server 2012 R2
Microsoft Defender for Endpoint for Windows on Windows Server 2012 R2 (Server Core installation)
Microsoft Defender for Endpoint for Windows on Windows Server 2016
Microsoft Defender for Endpoint for Windows on Windows Server 2016 (Server Core installation)
Microsoft Defender for Endpoint for Windows on Windows Server 2019
Microsoft Defender for Endpoint for Windows on Windows Server 2019 (Server Core installation)
Microsoft Defender for Endpoint for Windows on Windows Server 2022
Microsoft Defender for Endpoint for Windows on Windows Server 2022 (Server Core installation)
Microsoft Defender for Endpoint for Windows on Windows Server 2022, 23H2 Edition (Server Core installation)
Windows Family
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Server 2022, 23H2 Edition (Server Core installation)
Resolved Vulnerabilities
5 vulnerabilities rated Critical and 66 vulnerabilities rated Important were found.
Azure family
Critical elevation of privilege vulnerability in Azure Active Directory (CVE-2024-21401)
Critical spoofing vulnerability in Azure Active Directory (CVE-2024-21381)
Critical elevation of privilege vulnerability in Azure Connected Machine Agent (CVE-2024-21329)
Critical remote code execution vulnerability in Azure DevOps (CVE-2024-20667)
Critical elevation of privilege vulnerability in Azure File Sync (CVE-2024-21397)
Moderate privilege escalation vulnerability in Azure Site Recovery (CVE-2024-21364)
Critical-grade spoofing vulnerability in Azure Stack (CVE-2024-20679)
Critical elevation of privilege vulnerability in Microsoft Azure Kubernetes Service (CVE-2024-21403)
Critical remote code execution vulnerability in Microsoft Azure Kubernetes Service (CVE-2024-21376)
Developer Tools Suite
Critical denial of service vulnerabilities in .NET (CVE-2024-21386, CVE-2024-21404)
Exchange Server Suite
Critical elevation of privilege vulnerability in Microsoft Exchange Server (CVE-2024-21410)
Microsoft Dynamics Family
Critical information disclosure vulnerability in Microsoft Dynamics (CVE-2024-21380)
Critical-grade spoofing vulnerabilities in Microsoft Dynamics (CVE-2024-21327, CVE-2024-21389, CVE-2024-21393, CVE-2024-21394, CVE-2024-21396, CVE-2024-21328, CVE-2024-21395)
Microsoft Office Suite
Critical remote code execution vulnerability in Microsoft Office OneNote (CVE-2024-21384)
Critical elevation of privilege vulnerability in Microsoft Office Outlook (CVE-2024-21402)
Critical remote code execution vulnerability in Microsoft Office Outlook (CVE-2024-21378)
Critical remote code execution vulnerability in Microsoft Office Word (CVE-2024-21379)
Urgent-grade remote code execution vulnerability in Microsoft Office (CVE-2024-21413)
Critical-grade remote code execution vulnerability in Microsoft Office (CVE-2024-20673)
Critical information disclosure vulnerability in Microsoft Teams for Android (CVE-2024-21374)
Critical information disclosure vulnerability in Skype for Business (CVE-2024-20695)
System Center Suite
Critical elevation of privilege vulnerability in Microsoft Defender for Endpoint (CVE-2024-21315)
Windows Family
Critical Security Feature Bypass Vulnerability in Internet Shortcut Files (CVE-2024-21412)
Critical Remote Code Execution Vulnerability in Microsoft ActiveX (CVE-2024-21349)
Critical remote code execution vulnerability in Microsoft WDAC ODBC Driver (CVE-2024-21353)
Critical remote code execution vulnerabilities in Microsoft WDAC OLE DB provider for SQL (CVE-2024-21350, CVE-2024-21352, CVE-2024-21358, CVE-2024-21358, CVE-2024-21360, CVE-2024-21361, CVE-2024-21366, CVE-2024-21369, CVE-2024-21375, CVE-2024-21420, CVE-2024-21359, CVE-2024-21365, CVE-2024-21367, CVE-2024-21367, CVE-2024-21368, CVE-2024-21370, CVE-2024-21391)
Critical information disclosure vulnerability in Microsoft Windows DNS (CVE-2024-21377)
Critical spoofing vulnerability in Microsoft Windows (CVE-2024-21406)
Role: Critical denial of service vulnerability in DNS Server (CVE-2023-50387, CVE-2024-21342)
Critical remote code execution vulnerability in SQL Server (CVE-2024-21347)
Critical elevation of privilege vulnerability in Trusted Compute Base (CVE-2024-21304)
Urgent-grade denial of service vulnerability in Windows Hyper-V (CVE-2024-20684)
Urgent critical remote code execution vulnerability in Windows Internet Connection Sharing (ICS) (CVE-2024-21357)
Critical-grade denial-of-service vulnerabilities in Windows Internet Connection Sharing (ICS) (CVE-2024-21343, CVE-2024-21344, CVE-2024-21348)
Critical elevation of privilege vulnerabilities in Windows Kernel (CVE-2024-21338, CVE-2024-21371, CVE-2024-21345)
Critical security feature bypass vulnerability in Windows Kernel (CVE-2024-21362)
Critical remote code execution vulnerability in the Windows Kernel (CVE-2024-21341)
Critical information disclosure vulnerability in the Windows Kernel (CVE-2024-21340)
Critical denial of service vulnerability in Windows LDAP – Lightweight Directory Access Protocol (CVE-2024-21356)
Critical elevation of privilege vulnerabilities in Windows Message Queuing (CVE-2024-21354, CVE-2024-21355, CVE-2024-21405)
Critical remote code execution vulnerability in Windows Message Queuing (CVE-2024-21363)
Critical remote code execution vulnerability in Windows OLE (CVE-2024-21372)
Moderate Security Feature Bypass Vulnerability in Windows SmartScreen (CVE-2024-21351)
Critical remote code execution vulnerability in Windows USB Serial Driver (CVE-2024-21339)
Critical elevation of privilege vulnerability in Windows Win32K – ICOMP (CVE-2024-21346)
Vulnerability Patches
Product-specific vulnerability patches were made available in the February 13, 2024 Update as follows Please use the Windows Update feature for automatic installation or refer to the URLs in the product information below to download and install.
.NET 6.0 versions
https://dotnet.microsoft.com/download/dotnet/6.0
.NET 7.0 versions
https://dotnet.microsoft.com/en-us/download/dotnet/7.0
.NET 8.0 version
https://dotnet.microsoft.com/en-us/download/dotnet/8.0
ASP.NET Core 6.0 version
ASP.NET Core 7.0 Versions
ASP.NET Core 8.0 version
Azure Connected Machine Agent version
Azure DevOps Server 2019.1.2 version
Azure DevOps Server 2020.1.2 version
Azure DevOps Server 2022.1 version
https://msrc.microsoft.com/update-guide/
Azure File Sync v14.0 version
Azure File Sync v15.0 version
Azure File Sync v16.0 version
https://catalog.update.microsoft.com/Search.aspx?q=5023052
Azure File Sync v17.0 version
https://catalog.update.microsoft.com/Search.aspx?q=5023054
Azure Kubernetes Service Confidential Containers version
https://msrc.microsoft.com/update-guide/
Azure Site Recovery version
https://learn.microsoft.com/en-us/azure/site-recovery/service-updates-how-to?source=recommendations
Azure Stack Hub version
https://msrc.microsoft.com/update-guide/
Microsoft 365 Apps for Enterprise editions
https://msrc.microsoft.com/update-guide/
Microsoft Azure Active Directory B2C editions
https://learn.microsoft.com/en-us/azure/active-directory-b2c/authorization-code-flow
Microsoft Defender for Endpoint for Windows on Windows 10 editions
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032199
Microsoft Defender for Endpoint for Windows on Windows 10 Version 1607
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032197
Microsoft Defender for Endpoint for Windows on Windows 10 Version 1809
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196
Microsoft Defender for Endpoint for Windows on Windows 10 Version 21H2 Version 21H2
Microsoft Defender for Endpoint for Windows on Windows 10 Version 22H2
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189
Microsoft Defender for Endpoint for Windows on Windows 11 Version 22H2
Microsoft Defender for Endpoint for Windows on Windows 11 Version 23H2
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190
Microsoft Defender for Endpoint for Windows on Windows 11 version 21H2
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032192
Microsoft Defender for Endpoint for Windows on Windows Server 2012 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034830
Microsoft Defender for Endpoint for Windows on Windows Server 2012 R2 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819
Microsoft Defender for Endpoint for Windows on Windows Server 2016 editions
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032197
Microsoft Defender for Endpoint for Windows on Windows Server 2019 editions
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196
Microsoft Defender for Endpoint for Windows on Windows Server 2022 editions
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032247
Microsoft Defender for Endpoint for Windows on Windows Server 2022, 23H2 Edition
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032202
Microsoft Dynamics 365 (on-premises) version 9.1 version
https://www.microsoft.com/download/details.aspx?familyid=c14f7c99-edb2-4a23-8a31-31dfe6c075dd
Microsoft Dynamics 365 Business Central 2022 Release Wave 2 Version
https://www.microsoft.com/en-us/download/details.aspx?id=105805
Microsoft Dynamics 365 Business Central 2023 Release Wave 1 version
https://www.microsoft.com/en-us/download/details.aspx?id=105806
Microsoft Dynamics 365 Business Central 2023 Release Wave 2 version
https://www.microsoft.com/en-us/download/details.aspx?id=105810
Microsoft Dynamics 365 Customer Engagement V9.1 version
https://www.microsoft.com/download/details.aspx?familyid=c14f7c99-edb2-4a23-8a31-31dfe6c075dd
Microsoft Entra Jira Single-Sign-On Plugin version
https://msrc.microsoft.com/update-guide/
Microsoft Excel 2016 version
https://www.microsoft.com/download/details.aspx?familyid=ae195ecc-c97f-40b3-b5c8-84532c0b9fde
Microsoft Exchange Server 2019 Cumulative Update 13 version
Microsoft Exchange Server 2019 Cumulative Update 14 version
https://www.microsoft.com/download/details.aspx?familyID=9fbd842e-828a-408a-b562-5632a8a827ab
Microsoft Office 2016 version
https://www.microsoft.com/download/details.aspx?familyid=3f798cca-1d11-494e-82a5-f8e8cbe4d716
https://www.microsoft.com/download/details.aspx?familyid=0019c7f4-e4f2-4741-8cfb-0fd2311b71f4
https://www.microsoft.com/download/details.aspx?familyid=eced3839-7e06-43be-a013-ff34c4a3e4a7
https://www.microsoft.com/download/details.aspx?familyid=f6e4a256-d7fb-4ad0-a998-d3cdd5ea4bd8
https://www.microsoft.com/download/details.aspx?familyid=8315c33e-7682-4031-a323-f8c01c53dac1
Microsoft Office 2019 version
Microsoft Office LTSC 2021 version
https://msrc.microsoft.com/update-guide/
Microsoft Outlook 2016 version
https://www.microsoft.com/download/details.aspx?familyid=3612a0d1-032c-4c0e-8a8a-eb5ff91d8e31
Microsoft PowerPoint 2016 version
https://www.microsoft.com/download/details.aspx?familyid=eda04ab0-b2ef-498c-953c-a2c506c194a6
Microsoft Publisher 2016 version
https://www.microsoft.com/download/details.aspx?familyid=bfc358f2-ea3b-456a-aea9-8e4028a579fb
Microsoft Teams for Android version
https://msrc.microsoft.com/update-guide/
Microsoft Visio 2016 version
https://www.microsoft.com/download/details.aspx?familyid=1b56f25c-c5c4-4d77-9022-a4df85dbc532
Microsoft Visual Studio 2022 version 17.4 version
Microsoft Visual Studio 2022 version 17.6
Microsoft Visual Studio 2022 version 17.8
https://msrc.microsoft.com/update-guide/
Microsoft Word 2016 version
https://www.microsoft.com/download/details.aspx?familyid=adbbc6b3-6fc1-42c7-b782-18539f2e89dd
Skype for Business 2016 (32-bit) version
Skype for Business 2016 (64-bit) version
https://www.microsoft.com/download/details.aspx?familyid=63f19bfc-cbbb-415b-83da-53e2e170c61f
Windows 10 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774
Windows 10 Version 1607
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767
Windows 10 Version 1809
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768
Windows 10 Version 21H2
Windows 10 Version 22H2
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763
Windows 11 Version 22H2
Windows 11 Version 23H2
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765
Windows 11 Version 21H2
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766
Windows Server 2008 R2 with Service Pack 1 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034831
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034809
Windows Server 2008 Service Pack 2 editions
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034795
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034833
Windows Server 2012 editions
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034830
Windows Server 2012 R2 editions
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819
Windows Server 2016 editions
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767
Windows Server 2019 editions
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768
Windows Server 2022 editions
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770
Windows Server 2022, 23H2 Edition
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769