February 2024 Security Updates
This release consists of the following 73 Microsoft CVEs:
Tag CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations?
Azure DevOps CVE-2024-20667
Microsoft Office CVE-2024-20673
Azure Stack CVE-2024-20679
Windows Hyper-V CVE-2024-20684
Skype for Business CVE-2024-20695
Trusted Compute Base CVE-2024-21304
Microsoft Defender for Endpoint CVE-2024-21315
Microsoft Dynamics CVE-2024-21327
Microsoft Dynamics CVE-2024-21328
Azure Connected Machine Agent CVE-2024-21329
Windows Kernel CVE-2024-21338
Windows USB Serial Driver CVE-2024-21339
Windows Kernel CVE-2024-21340
Windows Kernel CVE-2024-21341
Role: DNS Server CVE-2024-21342
Windows Internet Connection Sharing (ICS) CVE-2024-21343
Windows Internet Connection Sharing (ICS) CVE-2024-21344
Windows Kernel CVE-2024-21345
Windows Win32K - ICOMP CVE-2024-21346
SQL Server CVE-2024-21347
Windows Internet Connection Sharing (ICS) CVE-2024-21348
Microsoft ActiveX CVE-2024-21349
Microsoft WDAC OLE DB provider for SQL CVE-2024-21350
Windows SmartScreen CVE-2024-21351
Microsoft WDAC OLE DB provider for SQL CVE-2024-21352
Microsoft WDAC ODBC Driver CVE-2024-21353
Windows Message Queuing CVE-2024-21354
Windows Message Queuing CVE-2024-21355
Windows LDAP - Lightweight Directory Access Protocol CVE-2024-21356
Windows Internet Connection Sharing (ICS) CVE-2024-21357
Microsoft WDAC OLE DB provider for SQL CVE-2024-21358
Microsoft WDAC OLE DB provider for SQL CVE-2024-21359
Microsoft WDAC OLE DB provider for SQL CVE-2024-21360
Microsoft WDAC OLE DB provider for SQL CVE-2024-21361
Windows Kernel CVE-2024-21362
Windows Message Queuing CVE-2024-21363
Azure Site Recovery CVE-2024-21364
Microsoft WDAC OLE DB provider for SQL CVE-2024-21365
Microsoft WDAC OLE DB provider for SQL CVE-2024-21366
Microsoft WDAC OLE DB provider for SQL CVE-2024-21367
Microsoft WDAC OLE DB provider for SQL CVE-2024-21368
Microsoft WDAC OLE DB provider for SQL CVE-2024-21369
Microsoft WDAC OLE DB provider for SQL CVE-2024-21370
Windows Kernel CVE-2024-21371
Windows OLE CVE-2024-21372
Microsoft Teams for Android CVE-2024-21374
Microsoft WDAC OLE DB provider for SQL CVE-2024-21375
Microsoft Azure Kubernetes Service CVE-2024-21376
Microsoft Windows DNS CVE-2024-21377
Microsoft Office Outlook CVE-2024-21378
Microsoft Office Word CVE-2024-21379
Microsoft Dynamics CVE-2024-21380
Azure Active Directory CVE-2024-21381
Microsoft Office OneNote CVE-2024-21384
.NET CVE-2024-21386
Microsoft Dynamics CVE-2024-21389
Microsoft WDAC OLE DB provider for SQL CVE-2024-21391
Microsoft Dynamics CVE-2024-21393
Microsoft Dynamics CVE-2024-21394
Microsoft Dynamics CVE-2024-21395
Microsoft Dynamics CVE-2024-21396
Azure File Sync CVE-2024-21397
Microsoft Edge (Chromium-based) CVE-2024-21399
Azure Active Directory CVE-2024-21401
Microsoft Office Outlook CVE-2024-21402
Microsoft Azure Kubernetes Service CVE-2024-21403
.NET CVE-2024-21404
Windows Message Queuing CVE-2024-21405
Microsoft Windows CVE-2024-21406
Microsoft Exchange Server CVE-2024-21410
Internet Shortcut Files CVE-2024-21412
Microsoft Office CVE-2024-21413
Microsoft WDAC OLE DB provider for SQL CVE-2024-21420
We are republising 6 non-Microsoft CVEs:
CNA Tag CVE FAQs? Workarounds? Mitigations?
MITRE Role: DNS Server CVE-2023-50387 No No No
Chrome Microsoft Edge (Chromium-based) CVE-2024-1059 Yes No No
Chrome Microsoft Edge (Chromium-based) CVE-2024-1060 Yes No No
Chrome Microsoft Edge (Chromium-based) CVE-2024-1077 Yes No No
Chrome Microsoft Edge (Chromium-based) CVE-2024-1283 Yes No No
Chrome Microsoft Edge (Chromium-based) CVE-2024-1284 Yes No No
Security Update Guide Blog Posts
Date Blog Post
January 11, 2022 Coming Soon: New Security Update Guide Notification System
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
Relevant Resources
The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.
For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).
KB Article Applies To
5034763 Windows 10, version 21H2, Windows 10, version 22H2
5034770 Windows Server 2022
5034795 Windows Server 2008 (Monthly Rollup)
5034833 Windows Server 2008 R2 (Security-only update)
5035606 Exchange Server 2019
Released: Feb 13, 2024