February 2024

Episode 04   Published February 13, 2024 21 minute watch

Summary

Of February 2024 Patch Tuesday, three vulnerabilities are worth dropping everything for. Kikta calls CVE-2024-21401, the Microsoft Entra Jira SSO plugin elevation-of-privilege bug, the standout: an unauthenticated attacker can take over a Jira instance, and because IT, security, and engineering teams stash sensitive data in tickets, that single takeover sets up a second breach. The panel also flags CVE-2024-21351, a Windows SmartScreen bypass already exploited in the wild, and CVE-2024-23218, a macOS Sonoma CoreCrypto timing side channel that decrypts RSA PKCS#1 v1.5 ciphertexts without the private key.