Windows 10: The Windows Security Updates for February 2024 are here

This is the Microsoft Windows security updates overview for February 2024. Microsoft patched 73 different security vulnerabilities in its products and six non-Microsoft vulnerabilities on today's Patch Day.

Our overview is a helpful resource for administrators and home users alike. It lists all relevant security updates as well as known issues. You get information on each of the updates and links to official Microsoft support pages.

You also find an Excel spreadsheet with the list of released updates and download instructions below among other information.

Check out the January 2024 Security update overview here.

Microsoft Windows Security Updates: February 2024


You may download this Excel spreadsheet for a list of released security updates and information about each of the updates. Click on the following link to download the Excel file, contained in a ZIP, to the local system: Microsoft Windows ecurity updates February 2024

Executive Summary

• Microsoft patched a critical remote code execution vulnerability in all client and server versions of Windows.
• Windows clients with issues are: Windows 10 version 21H2 and 22H2
• Windows 11 has no known issues according to Microsoft.
• Windows Server clients: Windows Server 2008 and 2008 R2, Windows Server 2022

Product overview


Each supported version of Windows and their critical vulnerabilities are listed below.

• Windows 10 version 22H2: 38 vulnerabilities, 1 critical and 37 important.
  • Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability -- CVE-2024-21357
• Windows 11 version 22H2: 41 vulnerabilities, 2 critical. 38 important, and 1 moderate
  • Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability -- CVE-2024-21357
  • Windows Hyper-V Denial of Service Vulnerability -- CVE-2024-20684
• Windows 11 version 23H2: 41 vulnerabilities, 2 critical. 38 important, and 1 moderate
  • same as Windows 11 version 22H2

Windows Server products

• Windows Server 2008 R2 (extended support only): 27 vulnerabilities: 1 critical and 26 important
  • Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability -- CVE-2024-21357
• Windows Server 2012 R2 (extended support only): vulnerabilities: critical and important
  • no information
• Windows Server 2016: 34 vulnerabilities: 1 critical and 33 important
  • same critical vulnerability fixes as Windows Server 2008 R2
• Windows Server 2019: 39 vulnerabilities: 1 critical and 38 important
  • same critical vulnerability fixes as Windows Server 2008 R2
• Windows Server 2022: 36 vulnerabilities: 2 critical, 33 important, and 1 moderate
  • Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability -- CVE-2024-21357
  • Windows Hyper-V Denial of Service Vulnerability -- CVE-2024-20684

Windows Security Updates


Windows 10 version 22H2

• Support Page: KB5034763

Updates and improvements:

• Fixes an explorer.exe issue that could cause it to stop responding. Microsoft notes that this happened when restarting or shutting down a PC with a "controller accessory attached to it".
• Improves downloads of Windows Metadata and Internet Services (WMIS) by enabling HTTPS support.
• Fixes a bug that affects the Certificate Authority snap-in. The Delta CRL option could not be selected.
• Fixes the cause for error 0xd0000034. This error could be thrown when updating "eligible devices to Windows 11" using Windows Update.
• Security updates.
• Plus all the changes listed in the preview update.

Windows 11 version 22H2 and 23H2

• Support Page: KB5034765

Updates and improvements:

• The update fixes a Narrator issue that caused it to be slow when using Natural Voices.
• Fixes an explorer.exe issue that could cause it to stop responding. Microsoft notes that this happened when restarting or shutting down a PC with a "controller accessory attached to it".
• Improves downloads of Windows Metadata and Internet Services (WMIS) by enabling HTTPS support.
• Security updates.
• Plus all the changes made by the preview update.

Windows Security updates

2024-02 Cumulative Update for Windows 10 Version 1507 (KB5034774)

2024-02 Cumulative Update for Windows 10 Version 1607 (KB5034767)

2024-02 Dynamic Cumulative Update for Windows 10 Version 22H2 and Windows 10 Version 21H2 (KB5034763)

2024-02 Dynamic Cumulative Update for Windows 11 (KB5034766)



Server

2024-02 Cumulative Update for Windows Server 2019 and Windows 10 Version 1809 (KB5034768)

2024-02 Cumulative Update for Microsoft server operating system, version 22H2 for x64-based Systems (KB5034770)

2024-02 Security Monthly Quality Rollup for Windows Server 2008 (KB5034795)

2024-02 Security Only Quality Update for Windows Server 2008 (KB5034833)

2024-02 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB5034819)

2024-02 Security Monthly Quality Rollup for Windows Server 2012 (KB5034830)

2024-02 Security Only Quality Update for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5034809)

2024-02 Security Monthly Quality Rollup for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5034831)

2024-02 Cumulative security Hotpatch for Azure Stack HCI, version 21H2 and Windows Server 2022 Datacenter: Azure Edition for x64-based Systems (KB5034860)

NET Framework

2024-01 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 22H2 and Windows 10 Version 21H2 (KB5033909)

2024-01 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system version 21H2 for x64 (KB5033914)

Servicing Stack Updates

2024-02 Servicing Stack Update for Windows Server 2016 and Windows 10 Version 1607 (KB5034862)

2024-02 Servicing Stack Update for Windows 10 Version 1507 (KB5034864)

2024-02 Servicing Stack Update for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5034865)

2024-02 Servicing Stack Update for Windows Server 2012 R2 for x64-based Systems (KB5034866)

2024-02 Servicing Stack Update for Windows Server 2008 (KB5034867)

2024-02 Servicing Stack Update for Windows Server 2012 for x64-based Systems (KB5034868)

Non-Security updates

2024-02 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5034615)

2024-02 Security and Quality Rollup for .NET Framework 4.8 for Windows Server 2012 for x64 (KB5034616)

2024-02 Security and Quality Rollup for .NET Framework 4.8 for Windows Server 2012 R2 for x64 (KB5034617)

2024-02 Security and Quality Rollup for .NET Framework 4.6.2 for Windows Embedded Standard 7, Windows Server 2008 R2, and Windows Server 2008 (KB5034620)

2024-02 Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012 for x64 (KB5034621)

2024-02 Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012 R2 for x64 (KB5034622)

2024-02 Security and Quality Rollup for .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5034687)

2024-02 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 (KB5034688)

2024-02 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 R2 (KB5034689)

2024-02 Security and Quality Rollup for .NET Framework 2.0, 3.0, 3.5 SP1, 4.6.2 for Windows Server 2008 (KB5034690)

2024-02 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 10 Version 22H2 and Windows 10 Version 21H2 (KB5034466)

2024-02 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11 (KB5034467)

2024-02 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 22H2 and Windows 10 Version 21H2 (KB5034468)

2024-02 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system, version 22H2 for x64 (KB5034611)

2024-02 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11 (KB5034612)

2024-02 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system version 21H2 for x64 (KB5034613)

2024-02 Cumulative Update for .NET Framework 4.8 for Windows Server 2016 and Windows 10 Version 1607 (KB5034614)

2024-02 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 and Windows 10 Version 1809 (KB5034619)

2024-02 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server 2019 and Windows 10 Version 1809 (KB5034624)

2024-02 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 11 (KB5034625)

2024-02 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system, version 23H2 for x64 (KB5034626)

2024-02 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Microsoft server operating system version 21H2 for x64 (KB5034682)

2024-02 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows Server 2019 and Windows 10 Version 1809 (KB5034683)

2024-02 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H2 (KB5034684)

2024-02 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2 (KB5034685)

2024-02 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Microsoft server operating system, version 22H2 for x64 (KB5034923)

2024-02 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 11 (KB5034686)

Known Issues


Windows 10 version 22H2

(OLD) Description: Desktop icons may be moved around unexpectedly between monitors when using Copilot on more than one monitor. Users may also experience "other alignment issues" according to Microsoft.

Workaround: none. Microsoft may disable Copilot on multimonitor devices.

(OLD) Description: Copilot in Windows is not supported if the taskbar is located vertically on the right or left side of the screen.

Workaround: align the taskbar horizontally, either at the top or bottom of the screen.

Windows 11 version 22H2 and 23H2

Microsoft lists no known issues.

Security advisories and updates

• ADV 990001 -- Latest Servicing Stack Updates

Microsoft Office Updates

You find Office update information here.

How to download and install the February 2024 security updates




Non-managed Windows systems receive security updates automatically by default. This does not happen immediately after release though. Some administrators may prefer to download updates manually to install them on one or multiple devices.

To update using Windows Update, use the following guide:

1. Select Start, type Windows Update and load the Windows Update item that is displayed.
2. Select check for updates to run a manual check for updates.

Tip: we recommend to create a full system backup prior to installing any updates on Windows machines. The built-in tools are not overly reliable when things go wrong, and the backup enables you to restore the system in case of critical issues.

Direct update downloads


Below are resource pages with direct download links, if you prefer to download the updates to install them manually.

Windows 10 version 22H2

• KB5034763 -- 2024-2 Cumulative Update for Windows 10 Version 21H2

Windows 11 version 22H2

• KB5034765 -- 2024-2 Cumulative Update for Windows 11 version 22H2

Windows 11 version 23H2

• KB5034765 -- 2024-2 Cumulative Update for Windows 11 version 23H2

Additional resources

• February 2024 Security Updates release notes
• List of software updates for Microsoft products
• List of the latest Windows Updates and Services Packs
• Security Updates Guide
• Microsoft Update Catalog site
• Our in-depth Windows update guide
• How to install optional updates on Windows 10
• Windows 11 Update History
• Windows 10 Update History

Thank you for being a Ghacks reader. The post The Windows Security Updates for February 2024 are here appeared first on gHacks Technology News.

read more...

 

Microsoft January 2024 Security Updates

January 2024 Security Updates This release consists of the following 48 Microsoft CVEs: Tag CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations? SQL Server CVE-2024-0056 .NET and Visual Studio CVE-2024-0057 Windows Scripting CVE-2024-20652 Windows Common Log File System Driver CVE-2024-20653 Windows ODBC Driver CVE-2024-20654 Windows Online Certificate Status Protocol (OCSP) SnapIn CVE-2024-20655 Visual Studio CVE-2024-20656 Windows Group Policy CVE-2024-20657 Microsoft Virtual Hard Drive CVE-2024-20658 Windows Message Queuing CVE-2024-20660 Windows Message Queuing CVE-2024-20661 Windows Online Certificate Status Protocol (OCSP) SnapIn CVE-2024-20662 Windows Message Queuing CVE-2024-20663 Windows Message Queuing CVE-2024-20664 Windows BitLocker CVE-2024-20666 .NET Core & Visual Studio CVE-2024-20672 Windows Authentication Methods CVE-2024-20674 Azure Storage Mover CVE-2024-20676 Microsoft Office CVE-2024-20677 Windows Message Queuing CVE-2024-20680 Windows Subsystem for Linux CVE-2024-20681 Windows Cryptographic Services CVE-2024-20682 Windows Win32K CVE-2024-20683 Windows Win32 Kernel Subsystem CVE-2024-20686 Windows AllJoyn API CVE-2024-20687 Windows Nearby Sharing CVE-2024-20690 Windows Themes CVE-2024-20691 Windows Local Security Authority Subsystem Service (LSASS) CVE-2024-20692 Windows Collaborative Translation Framework CVE-2024-20694 Windows Libarchive CVE-2024-20696 Windows Libarchive CVE-2024-20697 Windows Kernel CVE-2024-20698 Windows Hyper-V CVE-2024-20699 Windows Hyper-V CVE-2024-20700 Unified Extensible Firmware Interface CVE-2024-21305 Microsoft Bluetooth Driver CVE-2024-21306 Remote Desktop Client CVE-2024-21307 Windows Kernel-Mode Drivers CVE-2024-21309 Windows Cloud Files Mini Filter Driver CVE-2024-21310 Windows Cryptographic Services CVE-2024-21311 .NET Framework CVE-2024-21312 Windows TCP/IP CVE-2024-21313 Windows Message Queuing CVE-2024-21314 Windows Server Key Distribution Service CVE-2024-21316 Microsoft Office SharePoint CVE-2024-21318 Microsoft Identity Services CVE-2024-21319 Windows Themes CVE-2024-21320 Microsoft Devices CVE-2024-21325 We are republishing 5 non-Microsoft CVEs: CNA Tag CVE FAQs? Workarounds? Mitigations? MITRE Corporation SQLite CVE-2022-35737 Chrome Microsoft Edge (Chromium-based) CVE-2024-0222 Chrome Microsoft Edge (Chromium-based) CVE-2024-0223 Chrome Microsoft Edge (Chromium-based) CVE-2024-0224 Chrome Microsoft Edge (Chromium-based) CVE-2024-0225 Security Update Guide Blog Posts Date Blog Post January 11, 2022 Coming Soon: New Security Update Guide Notification System February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners December 8, 2020 Security Update Guide: Let’s keep the conversation going November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide Relevant Resources

• The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

Known Issues You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel. For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane). KB Article Applies To nstalls KB Article Title 5034121 Windows 11, version 21H2 5034122 Windows 10, version 21H2, Windows 10, version 22H2 5034123 Windows 11, version 22H2, Windows 11, version 23H2 5034127 Windows 10, version 1809, Windows Server 2019 5034167 Windows Server 2008 R2 (Security-only update) 5034169 Windows Server 2008 R2 (Monthly Rollup) 5034173 Windows Server 2008 (Monthly Rollup) 5034176 Windows Server 2008 (Security-only update) Released: Jan 9, 2024 January 2024 Security Updates - Release Notes - Security Update Guide - Microsoft

 

Microsoft January 2024 Security Updates

January 2024 Security Updates

This release consists of the following 48 Microsoft CVEs:

Tag CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations?

SQL Server CVE-2024-0056

.NET and Visual Studio CVE-2024-0057

Windows Scripting CVE-2024-20652

Windows Common Log File System Driver CVE-2024-20653

Windows ODBC Driver CVE-2024-20654

Windows Online Certificate Status Protocol (OCSP) SnapIn CVE-2024-20655

Visual Studio CVE-2024-20656

Windows Group Policy CVE-2024-20657

Microsoft Virtual Hard Drive CVE-2024-20658

Windows Message Queuing CVE-2024-20660

Windows Message Queuing CVE-2024-20661

Windows Online Certificate Status Protocol (OCSP) SnapIn CVE-2024-20662

Windows Message Queuing CVE-2024-20663

Windows Message Queuing CVE-2024-20664

Windows BitLocker CVE-2024-20666

.NET Core & Visual Studio CVE-2024-20672

Windows Authentication Methods CVE-2024-20674

Azure Storage Mover CVE-2024-20676

Microsoft Office CVE-2024-20677

Windows Message Queuing CVE-2024-20680

Windows Subsystem for Linux CVE-2024-20681

Windows Cryptographic Services CVE-2024-20682

Windows Win32K CVE-2024-20683

Windows Win32 Kernel Subsystem CVE-2024-20686

Windows AllJoyn API CVE-2024-20687

Windows Nearby Sharing CVE-2024-20690

Windows Themes CVE-2024-20691

Windows Local Security Authority Subsystem Service (LSASS) CVE-2024-20692

Windows Collaborative Translation Framework CVE-2024-20694

Windows Libarchive CVE-2024-20696

Windows Libarchive CVE-2024-20697

Windows Kernel CVE-2024-20698

Windows Hyper-V CVE-2024-20699

Windows Hyper-V CVE-2024-20700

Unified Extensible Firmware Interface CVE-2024-21305

Microsoft Bluetooth Driver CVE-2024-21306

Remote Desktop Client CVE-2024-21307

Windows Kernel-Mode Drivers CVE-2024-21309

Windows Cloud Files Mini Filter Driver CVE-2024-21310

Windows Cryptographic Services CVE-2024-21311

.NET Framework CVE-2024-21312

Windows TCP/IP CVE-2024-21313

Windows Message Queuing CVE-2024-21314

Windows Server Key Distribution Service CVE-2024-21316

Microsoft Office SharePoint CVE-2024-21318

Microsoft Identity Services CVE-2024-21319

Windows Themes CVE-2024-21320

Microsoft Devices CVE-2024-21325

We are republishing 5 non-Microsoft CVEs:

CNA Tag CVE FAQs? Workarounds? Mitigations?

MITRE Corporation SQLite CVE-2022-35737

Chrome Microsoft Edge (Chromium-based) CVE-2024-0222

Chrome Microsoft Edge (Chromium-based) CVE-2024-0223

Chrome Microsoft Edge (Chromium-based) CVE-2024-0224

Chrome Microsoft Edge (Chromium-based) CVE-2024-0225

Security Update Guide Blog Posts

Date Blog Post

January 11, 2022 Coming Soon: New Security Update Guide Notification System

February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API

January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners

December 8, 2020 Security Update Guide: Let’s keep the conversation going

November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide

Relevant Resources

• The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
  
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
  
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
  
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
  

Known Issues

You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To

nstalls KB Article Title

5034121 Windows 11, version 21H2

5034122 Windows 10, version 21H2, Windows 10, version 22H2

5034123 Windows 11, version 22H2, Windows 11, version 23H2

5034127 Windows 10, version 1809, Windows Server 2019

5034167 Windows Server 2008 R2 (Security-only update)

5034169 Windows Server 2008 R2 (Monthly Rollup)

5034173 Windows Server 2008 (Monthly Rollup)

5034176 Windows Server 2008 (Security-only update)

Released: Jan 9, 2024

January 2024 Security Updates - Release Notes - Security Update Guide - Microsoft

 

Microsoft February 2019 Security Updates

Release Notes
February 2019 Security Updates
Release Date: February 12, 2019

The February security release consists of security updates for the following software:


Adobe Flash Player
Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
ChakraCore
.NET Framework
Microsoft Exchange Server
Microsoft Visual Studio
Azure IoT SDK
Microsoft Dynamics
Team Foundation Server
Visual Studio Code
Please note the following information regarding the security updates:


A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates.


ADV190003
ADV190007 *
ADV990001
CVE-2019-0540 *
CVE-2019-0600
CVE-2019-0601
CVE-2019-0602
CVE-2019-0615
CVE-2019-0616
CVE-2019-0619
CVE-2019-0621
CVE-2019-0628
CVE-2019-0635
CVE-2019-0636
CVE-2019-0643
CVE-2019-0648
CVE-2019-0658
CVE-2019-0660
CVE-2019-0661
CVE-2019-0664
CVE-2019-0669
CVE-2019-0676
CVE-2019-0686 *
CVE-2019-0724 *
CVE-2019-0741
Known Issues


4487026
4487020
4486996
4487017
4487044
4483452
4345836
4471392
4471391
4487052
https://portal.msrc.microsoft.com/en...3-000d3a33c573