Windows 10: Microsoft February 2024 Security Updates

February 2024 Security UpdatesThis release consists of the following 73 Microsoft CVEs:Tag CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations?Azure DevOps CVE-2024-20667Microsoft Office CVE-2024-20673Azure Stack CVE-2024-20679Windows Hyper-V CVE-2024-20684Skype for Business CVE-2024-20695Trusted Compute Base CVE-2024-21304Microsoft Defender for Endpoint CVE-2024-21315Microsoft Dynamics CVE-2024-21327Microsoft Dynamics CVE-2024-21328Azure Connected Machine Agent CVE-2024-21329Windows Kerne

:)

 

Microsoft February 2024 Security Updates

February 2024 Security Updates

This release consists of the following 73 Microsoft CVEs:

Tag CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations?

Azure DevOps CVE-2024-20667

Microsoft Office CVE-2024-20673

Azure Stack CVE-2024-20679

Windows Hyper-V CVE-2024-20684

Skype for Business CVE-2024-20695

Trusted Compute Base CVE-2024-21304

Microsoft Defender for Endpoint CVE-2024-21315

Microsoft Dynamics CVE-2024-21327

Microsoft Dynamics CVE-2024-21328

Azure Connected Machine Agent CVE-2024-21329

Windows Kernel CVE-2024-21338

Windows USB Serial Driver CVE-2024-21339

Windows Kernel CVE-2024-21340

Windows Kernel CVE-2024-21341

Role: DNS Server CVE-2024-21342

Windows Internet Connection Sharing (ICS) CVE-2024-21343

Windows Internet Connection Sharing (ICS) CVE-2024-21344

Windows Kernel CVE-2024-21345

Windows Win32K - ICOMP CVE-2024-21346

SQL Server CVE-2024-21347

Windows Internet Connection Sharing (ICS) CVE-2024-21348

Microsoft ActiveX CVE-2024-21349

Microsoft WDAC OLE DB provider for SQL CVE-2024-21350

Windows SmartScreen CVE-2024-21351

Microsoft WDAC OLE DB provider for SQL CVE-2024-21352

Microsoft WDAC ODBC Driver CVE-2024-21353

Windows Message Queuing CVE-2024-21354

Windows Message Queuing CVE-2024-21355

Windows LDAP - Lightweight Directory Access Protocol CVE-2024-21356

Windows Internet Connection Sharing (ICS) CVE-2024-21357

Microsoft WDAC OLE DB provider for SQL CVE-2024-21358

Microsoft WDAC OLE DB provider for SQL CVE-2024-21359

Microsoft WDAC OLE DB provider for SQL CVE-2024-21360

Microsoft WDAC OLE DB provider for SQL CVE-2024-21361

Windows Kernel CVE-2024-21362

Windows Message Queuing CVE-2024-21363

Azure Site Recovery CVE-2024-21364

Microsoft WDAC OLE DB provider for SQL CVE-2024-21365

Microsoft WDAC OLE DB provider for SQL CVE-2024-21366

Microsoft WDAC OLE DB provider for SQL CVE-2024-21367

Microsoft WDAC OLE DB provider for SQL CVE-2024-21368

Microsoft WDAC OLE DB provider for SQL CVE-2024-21369

Microsoft WDAC OLE DB provider for SQL CVE-2024-21370

Windows Kernel CVE-2024-21371

Windows OLE CVE-2024-21372

Microsoft Teams for Android CVE-2024-21374

Microsoft WDAC OLE DB provider for SQL CVE-2024-21375

Microsoft Azure Kubernetes Service CVE-2024-21376

Microsoft Windows DNS CVE-2024-21377

Microsoft Office Outlook CVE-2024-21378

Microsoft Office Word CVE-2024-21379

Microsoft Dynamics CVE-2024-21380

Azure Active Directory CVE-2024-21381

Microsoft Office OneNote CVE-2024-21384

.NET CVE-2024-21386

Microsoft Dynamics CVE-2024-21389

Microsoft WDAC OLE DB provider for SQL CVE-2024-21391

Microsoft Dynamics CVE-2024-21393

Microsoft Dynamics CVE-2024-21394

Microsoft Dynamics CVE-2024-21395

Microsoft Dynamics CVE-2024-21396

Azure File Sync CVE-2024-21397

Microsoft Edge (Chromium-based) CVE-2024-21399

Azure Active Directory CVE-2024-21401

Microsoft Office Outlook CVE-2024-21402

Microsoft Azure Kubernetes Service CVE-2024-21403

.NET CVE-2024-21404

Windows Message Queuing CVE-2024-21405

Microsoft Windows CVE-2024-21406

Microsoft Exchange Server CVE-2024-21410

Internet Shortcut Files CVE-2024-21412

Microsoft Office CVE-2024-21413

Microsoft WDAC OLE DB provider for SQL CVE-2024-21420

We are republising 6 non-Microsoft CVEs:

CNA Tag CVE FAQs? Workarounds? Mitigations?

MITRE Role: DNS Server CVE-2023-50387 No No No

Chrome Microsoft Edge (Chromium-based) CVE-2024-1059 Yes No No

Chrome Microsoft Edge (Chromium-based) CVE-2024-1060 Yes No No

Chrome Microsoft Edge (Chromium-based) CVE-2024-1077 Yes No No

Chrome Microsoft Edge (Chromium-based) CVE-2024-1283 Yes No No

Chrome Microsoft Edge (Chromium-based) CVE-2024-1284 Yes No No

Security Update Guide Blog Posts

Date Blog Post

January 11, 2022 Coming Soon: New Security Update Guide Notification System

February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API

January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners

December 8, 2020 Security Update Guide: Let’s keep the conversation going

November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide

Relevant Resources

• The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
  
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
  
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
  
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
  

Known Issues

You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To

5034763 Windows 10, version 21H2, Windows 10, version 22H2

5034770 Windows Server 2022

5034795 Windows Server 2008 (Monthly Rollup)

5034833 Windows Server 2008 R2 (Security-only update)

5035606 Exchange Server 2019

Released: Feb 13, 2024

February 2024 Security Updates - Release Notes - Security Update Guide - Microsoft

 

Microsoft January 2024 Security Updates

January 2024 Security Updates This release consists of the following 48 Microsoft CVEs: Tag CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations? SQL Server CVE-2024-0056 .NET and Visual Studio CVE-2024-0057 Windows Scripting CVE-2024-20652 Windows Common Log File System Driver CVE-2024-20653 Windows ODBC Driver CVE-2024-20654 Windows Online Certificate Status Protocol (OCSP) SnapIn CVE-2024-20655 Visual Studio CVE-2024-20656 Windows Group Policy CVE-2024-20657 Microsoft Virtual Hard Drive CVE-2024-20658 Windows Message Queuing CVE-2024-20660 Windows Message Queuing CVE-2024-20661 Windows Online Certificate Status Protocol (OCSP) SnapIn CVE-2024-20662 Windows Message Queuing CVE-2024-20663 Windows Message Queuing CVE-2024-20664 Windows BitLocker CVE-2024-20666 .NET Core & Visual Studio CVE-2024-20672 Windows Authentication Methods CVE-2024-20674 Azure Storage Mover CVE-2024-20676 Microsoft Office CVE-2024-20677 Windows Message Queuing CVE-2024-20680 Windows Subsystem for Linux CVE-2024-20681 Windows Cryptographic Services CVE-2024-20682 Windows Win32K CVE-2024-20683 Windows Win32 Kernel Subsystem CVE-2024-20686 Windows AllJoyn API CVE-2024-20687 Windows Nearby Sharing CVE-2024-20690 Windows Themes CVE-2024-20691 Windows Local Security Authority Subsystem Service (LSASS) CVE-2024-20692 Windows Collaborative Translation Framework CVE-2024-20694 Windows Libarchive CVE-2024-20696 Windows Libarchive CVE-2024-20697 Windows Kernel CVE-2024-20698 Windows Hyper-V CVE-2024-20699 Windows Hyper-V CVE-2024-20700 Unified Extensible Firmware Interface CVE-2024-21305 Microsoft Bluetooth Driver CVE-2024-21306 Remote Desktop Client CVE-2024-21307 Windows Kernel-Mode Drivers CVE-2024-21309 Windows Cloud Files Mini Filter Driver CVE-2024-21310 Windows Cryptographic Services CVE-2024-21311 .NET Framework CVE-2024-21312 Windows TCP/IP CVE-2024-21313 Windows Message Queuing CVE-2024-21314 Windows Server Key Distribution Service CVE-2024-21316 Microsoft Office SharePoint CVE-2024-21318 Microsoft Identity Services CVE-2024-21319 Windows Themes CVE-2024-21320 Microsoft Devices CVE-2024-21325 We are republishing 5 non-Microsoft CVEs: CNA Tag CVE FAQs? Workarounds? Mitigations? MITRE Corporation SQLite CVE-2022-35737 Chrome Microsoft Edge (Chromium-based) CVE-2024-0222 Chrome Microsoft Edge (Chromium-based) CVE-2024-0223 Chrome Microsoft Edge (Chromium-based) CVE-2024-0224 Chrome Microsoft Edge (Chromium-based) CVE-2024-0225 Security Update Guide Blog Posts Date Blog Post January 11, 2022 Coming Soon: New Security Update Guide Notification System February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners December 8, 2020 Security Update Guide: Let’s keep the conversation going November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide Relevant Resources

• The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

Known Issues You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel. For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane). KB Article Applies To nstalls KB Article Title 5034121 Windows 11, version 21H2 5034122 Windows 10, version 21H2, Windows 10, version 22H2 5034123 Windows 11, version 22H2, Windows 11, version 23H2 5034127 Windows 10, version 1809, Windows Server 2019 5034167 Windows Server 2008 R2 (Security-only update) 5034169 Windows Server 2008 R2 (Monthly Rollup) 5034173 Windows Server 2008 (Monthly Rollup) 5034176 Windows Server 2008 (Security-only update) Released: Jan 9, 2024 January 2024 Security Updates - Release Notes - Security Update Guide - Microsoft

 

Cumulative updates for Windows 10 and 11 - February 2024

The following release notes coincide with Cumulative updates for all the supported versions of Windows, released on Feb 13th, 2024.

Windows 11

Windows 11, version 23H2
February 13, 2024—KB5034765 (OS Builds 22621.3155 and 22631.3155) - Microsoft Support

Windows 10

February 13, 2024—KB5034763 (OS Builds 19044.4046 and 19045.4046) - Microsoft Support