Four MS CVE need to respond and three of them CVE-2024-21412 (CVSS score 8.1) CVE-2024-21351 (CVSS score 7.6) CVE-2024-21410 (CVSS score 9.8) are being ACTIVELY EXPLOITED 0-DAYS vulnerabilities

1. CVE-2024-21412 (CVSS score 8.1) and CVE-2024-21351 (CVSS score 7.6)  are being ACTIVELY EXPLOITED 0-DAYS vulnerabilities
   

2. CVE-2024-21412 also being exploited by malware.
   

3. Outlook user need to patch the CVE-2024-21413
   
   
4. Exchange Server CVE-2024-21410 CVE-2024-21410 (CVSS score 9.8) 
   
   

Bad IP need to block: [IP ADDRESSES] 84[.]32[.]189[.]74 179[.]43[.]172[.]127 179[.]43[.]172[.]191 64[.]31[.]63[.]70 64[.]31[.]63[.]194

IOC:

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/b/cve202421412-water-hydra-targets-traders-with-windows-defender-smartscreen-zero-day/ioc-water-hydra-cve-2024-21412.txt

Reference:

https://www-bleepingcomputer-com.cdn.ampproject.org/c/s/www.bleepingcomputer.com/news/security/hackers-used-new-windows-defender-zero-day-to-drop-darkme-malware/amp/

https://securityaffairs.com/159106/security/microsoft-patch-tuesday-for-february-2024.html

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413

https://krebsonsecurity.com/2024/02/fat-patch-tuesday-february-2024-edition/ 

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21410

https://thehackernews.com/2024/02/critical-exchange-server-flaw-cve-2024.html

Four MS CVE need to respond and three of them CVE-2024-21412 (CVSS score 8.1) CVE-2024-21351 (CVSS score 7.6) CVE-2024-21410 (CVSS score 9.8) are being ACTIVELY EXPLOITED 0-DAYS vulnerabilities