Microsoft has patched two vulnerabilities that are under active exploitation (CVE-2024-21412 and CVE-2024-21351.) Both help attackers evade Microsoft Defender controls. A CVSS 9.8 Microsoft Exchange Server elevation of privilege bug, CVE-2024-21410, meanwhile lets a remote attacker authenticate as the user and has some patching complications…
This unpleasant trio is among the highlights of a 75-CVE strong February Patch Tuesday from Redmond and the most severe-looking monthly batch of fixes in some time; it also includes the CVSS 9.8 CVE-2024-21413, which requires no privileges and no user interaction to exploit and which affects Microsoft 365 Apps for Enterprise and Microsoft Office 2016.
Apart from the two under active exploitation and the pre-auth RCE flagged immediately above, the Microsoft Exchange Server vulnerability deserves particular attention and was designated likely to be exploited by attackers according to Microsoft, although it is not currently. (Expect PoC exploits and likely attacks to follow swiftly as attackers reverse engineer the fix.)