CVE-2024-21342
published 2024-02-13CVE-2024-21342: Windows DNS Client Denial of Service Vulnerability
PriorityP336high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
2.56%
83.0th percentile
Windows DNS Client Denial of Service Vulnerability
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_11_22h2 | < 10.0.22621.3155 | 10.0.22621.3155 |
| microsoft | windows_11_23h2 | < 10.0.22621.3155 | 10.0.22621.3155 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.3155 | 10.0.22621.3155 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.3155 | 10.0.22631.3155 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.3155 | 10.0.22631.3155 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.709 | 10.0.25398.709 |
| msrc | windows_11_version_22h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_22h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_23h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_23h2_for_x64-based_systems | — | — |
| msrc | windows_server_2022_23h2_edition | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-95rw-m3jj-r8jm: Windows DNS Client Denial of Service Vulnerability
ghsa_unreviewed·2024-02-13
CVE-2024-21342 [HIGH] CWE-400 GHSA-95rw-m3jj-r8jm: Windows DNS Client Denial of Service Vulnerability
Windows DNS Client Denial of Service Vulnerability
Microsoft
Windows DNS Client Denial of Service Vulnerability
vendor_msrc·2024-02-13·CVSS 7.5
CVE-2024-21342 [HIGH] CWE-400 Windows DNS Client Denial of Service Vulnerability
Windows DNS Client Denial of Service Vulnerability
Role: DNS Server: Role: DNS Server
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Denial of Service
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765
Reference: https://support.microsoft.com/help/5034765
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769
Reference: https://support.microsoft.com/help/5034769
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 73 flaws
blogs_bleepingcomputer·2024-02-13·CVSS 7.6
[HIGH] Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 73 flaws
## Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 73 flaws
## Lawrence Abrams
16 Elevation of Privilege Vulnerabilities
3 Security Feature Bypass Vulnerabilities
30 Remote Code Execution Vulnerabilities
5 Information Disclosure Vulnerabilities
9 Denial of Service Vulnerabilities
10 Spoofing Vulnerabilities
The total count of 73 flaws does not include 6 Microsoft Edge flaws fixed on February 8th and 1 Mariner flaw.
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5034765 cumulative update and the Windows 10 KB5034763 update .
## Two zero-days fixed
This month's Patch Tuesday fixes two actively exploited zero-day vulnerabilities, which Microsoft classifies as a flaw that is publicly disclosed or ac
Trendmicro
The February 2024 Security Update Review
blogs_trendmicro·2024-02-12·CVSS 7.5
[HIGH] The February 2024 Security Update Review
## The February 2024 Security Update Review
Get the Feburary 2024 security update and review.
By: Dustin Childs 2024/02/12 Read time: ( words)
Save to Folio
It’s the second patch Tuesday of the year, and Adobe and Microsoft have released a fresh crop of security updates just in time to be our Valentine. Take a break from your other activities and join us as we review the details of their latest advisories. For those interested in the Microsoft 0-day discovered by the ZDI Threat Hunting Team, you can watch this special edition of the Patch Report:
If you’d rather watch the full video recap covering the entire release, you can check out here:
CVE
Title
Severity
CVSS
Public
Exploited
Type
CVE-2024-21412
Internet Shortcut Files Security Feature Bypass Vulnerability
Important
8.
Trendmicro
The February 2024 Security Update Review
blogs_trendmicro·2024-02-12
The February 2024 Security Update Review
# The February 2024 Security Update Review
Get the Feburary 2024 security update and review.
By: Dustin Childs
2024/02/12
Read time: ( words)
Save to Folio
It’s the second patch Tuesday of the year, and Adobe and Microsoft have released a fresh crop of security updates just in time to be our Valentine. Take a break from your other activities and join us as we review the details of their latest advisories. For those interested in the Microsoft 0-day discovered by the ZDI Threat Hunting Team, you can watch this special edition of the Patch Report:
If you’d rather watch the full video recap covering the entire release, you can check out here:
Adobe Patches for February 2024
For February, Adobe released six patches addressing 29 CVEs in Adobe Acrobat and Reader, Commerce, Substance 3D
Trendmicro
The February 2024 Security Update Review
blogs_trendmicro·2024-02-12·CVSS 7.5
[HIGH] The February 2024 Security Update Review
## The February 2024 Security Update Review
Get the Feburary 2024 security update and review.
By: Dustin Childs Feb 12, 2024 Read time: ( words)
Save to Folio
It’s the second patch Tuesday of the year, and Adobe and Microsoft have released a fresh crop of security updates just in time to be our Valentine. Take a break from your other activities and join us as we review the details of their latest advisories. For those interested in the Microsoft 0-day discovered by the ZDI Threat Hunting Team, you can watch this special edition of the Patch Report:
If you’d rather watch the full video recap covering the entire release, you can check out here:
CVE
Title
Severity
CVSS
Public
Exploited
Type
CVE-2024-21412
Internet Shortcut Files Security Feature Bypass Vulnerability
Important
Trendmicro
The February 2024 Security Update Review
blogs_trendmicro·2024-02-12·CVSS 7.5
[HIGH] The February 2024 Security Update Review
## The February 2024 Security Update Review
Get the February 2024 security update and review.
By: Dustin Childs Feb 12, 2024 Read time: ( words)
Save to Folio
It’s the second patch Tuesday of the year, and Adobe and Microsoft have released a fresh crop of security updates just in time to be our Valentine. Take a break from your other activities and join us as we review the details of their latest advisories. For those interested in the Microsoft 0-day discovered by the ZDI Threat Hunting Team, you can watch this special edition of the Patch Report:
If you’d rather watch the full video recap covering the entire release, you can check out here:
CVE
Title
Severity
CVSS
Public
Exploited
Type
CVE-2024-21412
Internet Shortcut Files Security Feature Bypass Vulnerability
Important
2024-02-13
Published