Weekly Security Insights
February 20, 2024
Welcome to this week’s Jolera Security Insights update.
Every Tuesday, we’re here to update you on the latest vulnerabilities out in the wild.
As always, if you are already a Jolera customer or partner, you can engage with your relationship manager to ensure you and your clients are secure.
If you’d like assistance with patching vulnerabilities and securing your environment, you can use the form below.
Microsoft Vulnerabilities
Here’s a summary of critical vulnerabilities affecting Microsoft products released on February 20, 2024.
We strongly recommend reviewing these vulnerabilities and applying the necessary security updates to protect your systems.
Release Date |
Product |
Impact |
Max Severity |
CVE Details |
Build Number |
| Feb 20, 2024 | Microsoft Dynamics 365 Business Central 2023 Release Wave 2 | Information Disclosure | Critical | CVE-2024-21380 | Application Build 23.4.15715, Platform Build 20.4.31592 |
| Feb 20, 2024 | Microsoft Exchange Server 2019 Cumulative Update 12 | Elevation of Privilege | Critical | CVE-2024-21410 | 15.2.1544.004 |
| Feb 20, 2024 | Microsoft Exchange Server 2019 Cumulative Update 11 | Elevation of Privilege | Critical | CVE-2024-21410 | 15.2.1544.004 |
| Feb 20, 2024 | Microsoft Exchange Server 2016 Cumulative Update 23 | Elevation of Privilege | Critical | CVE-2024-21410 | N/A |
| Feb 20, 2024 | Microsoft Dynamics 365 Business Central 2022 Release Wave 2 | Information Disclosure | Critical | CVE-2024-21380 | Application Build 22.10.63195, Platform Build 19.10.40206 |
Release
|
Product |
Impact |
Max
|
CVE
|
Build
|
| Feb 20, 2024 | Microsoft Dynamics 365 Business Central 2023 Release Wave 2 | Information Disclosure | Critical | CVE-2024-21380 | Application Build 23.4.15715, Platform Build 20.4.31592 |
| Feb 20, 2024 | Microsoft Exchange Server 2019 Cumulative Update 12 | Elevation of Privilege | Critical | CVE-2024-21410 | 15.2.1544.004 |
| Feb 20, 2024 | Microsoft Exchange Server 2019 Cumulative Update 11 | Elevation of Privilege | Critical | CVE-2024-21410 | 15.2.1544.004 |
| Feb 20, 2024 | Microsoft Exchange Server 2016 Cumulative Update 23 | Elevation of Privilege | Critical | CVE-2024-21410 | N/A |
| Feb 20, 2024 | Microsoft Dynamics 365 Business Central 2022 Release Wave 2 | Information Disclosure | Critical | CVE-2024-21380 | Application Build 22.10.63195, Platform Build 19.10.40206 |
Other Vulnerabilities
Here’s a summary of critical vulnerabilities affecting Microsoft products released on February 20, 2024.
We strongly recommend reviewing these vulnerabilities and applying the necessary security updates to protect your systems.
Adobe has released security updates for Commerce, Substance 3D Painter, Acrobat and Reader, and more.
Adobe Security Updates
Cisco released security updates for multiple products.
Cisco Security Updates
ExpressVPN released a new version to remove the split-tunneling feature after it leaked DNS queries.
ExpressVPN Update
Fortinet released security updates for a new FortiOS SSL VPN RCE, which is exploited in attacks, and two RCE flaws in FortiSIEM.
Fortinet RCE Flaw, FortiSIEM RCE Bugs
Google released the Android February 2024 security updates.
Android Security Bulletin
Ivanti released security updates for a new Connect Secure authentication bypass flaw.
Ivanti Update
JetBrains released security updates for a new critical authentication bypass vulnerability in TeamCity On-Premises.
JetBrains TeamCity Update
Linux distros release patches for new Shim bootloader code execution flaw.
Linux Shim Patch
Mastodon released a security update to fix a vulnerability that allows attackers to take over any remote account.
Mastodon Vulnerability
SAP has released its February 2024 Patch Day updates.
SAP Security Notes
Request Assistance
This comprehensive list includes the critical vulnerabilities and updates for various platforms and products.
We recommend reviewing these updates and applying the necessary patches to ensure your systems are secure.
Stay vigilant and proactive in managing your cybersecurity posture.
