Microsoft February 2021 Patch Tuesday

Published: 2021-02-09
Last Updated: 2021-02-09 20:20:55 UTC
by Renato Marinho (Version: 1)
0 comment(s)

This month we got patches for 56 vulnerabilities. Of these, 11 are critical, 1 is being exploited and 6 were previously disclosed.

The exploited vulnerability is an elevation of privilege vulnerability affecting Win32k (CVE-2021-1732). This is a local vulnerability, which means that to exploit the vulnerability, an attacker would have to have local access to the machine (console or SSH for example) or rely on user interaction, like a user opening a malicious document.  The CVSS v3 score for this vulnerability is 7.80.

The highest CVSS score this month (9.80) was given to 4 vulnerabilities. One of those is a critical Remote Code Execution (RCE) vulnerability in Microsoft DNS Server (CVE-2021-24078). This vulnerability would allow a remote unauthenticated attacker to execute code with the service privilege on the target host. As this vulnerability does not require user interaction, this is a potentially wormable vulnerability that requires your attention if you have Microsoft DNS Server in your network – specially exposed to the Internet.

There are also two RCEs worth mentioning this month affecting Windows TCP/IP. The first (CVE-2021-24074) affects IPV4 and involve source routing. Despite source routing being blocked by default in Windows, the system will process the request and return an ICMP message denying the request. There is a workaround for this vulnerability documented in Microsoft advisory that will cause the system to drop these requests altogether without any processing. The vulnerability affecting IPV6 (CVE-2021-24094) is related to package fragmentation. Both vulnerabilities are CVSS v3 9.80.

Amongst already disclosed vulnerabilities, there is a critical RCE affecting .Net Core 2.0, 3.1 and 5.0 (CVE-2021-26701). The CVSS v3 for this vulnerability is 8.10. There are no details.

See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com.

February 2021 Security Updates

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Core Remote Code Execution Vulnerability
CVE-2021-24112 No No Less Likely Less Likely Critical 8.1 7.3
CVE-2021-26701 Yes No Less Likely Less Likely Critical 8.1 7.1
.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2021-1721 Yes No Less Likely Less Likely Important 6.5 5.9
.NET Framework Denial of Service Vulnerability
CVE-2021-24111 No No Less Likely Less Likely Important 7.5 6.5
Azure IoT CLI extension Elevation of Privilege Vulnerability
CVE-2021-24087 No No Less Likely Less Likely Important 7.0 6.1
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
CVE-2021-24109 No No Less Likely Less Likely Moderate 6.8 5.9
Microsoft Dataverse Information Disclosure Vulnerability
CVE-2021-24101 No No Less Likely Less Likely Important 6.5 5.9
Microsoft Defender Elevation of Privilege Vulnerability
CVE-2021-24092 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
CVE-2021-1724 No No Less Likely Less Likely Important 6.1 5.5
Microsoft Edge for Android Information Disclosure Vulnerability
CVE-2021-24100 No No Less Likely Less Likely Important 5.0 4.5
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-24067 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-24068 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-24069 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-24070 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Exchange Server Spoofing Vulnerability
CVE-2021-24085 No No Less Likely Less Likely Important 6.5 5.7
CVE-2021-1730 No No Less Likely Less Likely Important 5.4 4.9
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2021-24071 No No Less Likely Less Likely Important 5.3 4.8
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2021-24066 No No More Likely More Likely Important 8.8 7.7
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-24072 No No More Likely More Likely Important 8.8 7.7
Microsoft SharePoint Spoofing Vulnerability
CVE-2021-1726 No No Less Likely Less Likely Important 8.0 7.0
Microsoft Teams iOS Information Disclosure Vulnerability
CVE-2021-24114 No No Less Likely Less Likely Important 5.7 5.0
Microsoft Windows Codecs Library Remote Code Execution Vulnerability
CVE-2021-24081 No No Less Likely Less Likely Critical 7.8 7.0
Microsoft Windows VMSwitch Information Disclosure Vulnerability
CVE-2021-24076 No No Less Likely Less Likely Important 5.5 5.0
Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability
CVE-2021-24082 No No Less Likely Less Likely Important 4.3 3.8
PFX Encryption Security Feature Bypass Vulnerability
CVE-2021-1731 No No Less Likely Less Likely Important 5.5 4.8
Package Managers Configurations Remote Code Execution Vulnerability
CVE-2021-24105 No No Less Likely Less Likely Important 8.4 7.6
Skype for Business and Lync Denial of Service Vulnerability
CVE-2021-24099 No No Less Likely Less Likely Important 6.5 5.7
Skype for Business and Lync Spoofing Vulnerability
CVE-2021-24073 No No Less Likely Less Likely Important 6.5 5.9
Sysinternals PsExec Elevation of Privilege Vulnerability
CVE-2021-1733 Yes No Less Likely Less Likely Important 7.8 7.0
System Center Operations Manager Elevation of Privilege Vulnerability
CVE-2021-1728 No No Less Likely Less Likely Important 8.8 7.7
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-1639 No No Less Likely Less Likely Important 7.0 6.1
Visual Studio Code npm-script Extension Remote Code Execution Vulnerability
CVE-2021-26700 No No Less Likely Less Likely Important 7.8 6.8
Windows Address Book Remote Code Execution Vulnerability
CVE-2021-24083 No No Less Likely Less Likely Important 7.8 6.8
Windows Backup Engine Information Disclosure Vulnerability
CVE-2021-24079 No No Less Likely Less Likely Important 5.5 4.8
Windows Camera Codec Pack Remote Code Execution Vulnerability
CVE-2021-24091 No No Less Likely Less Likely Critical 7.8 6.8
Windows Console Driver Denial of Service Vulnerability
CVE-2021-24098 Yes No Less Likely Less Likely Important 5.5 4.8
Windows DNS Server Remote Code Execution Vulnerability
CVE-2021-24078 No No More Likely More Likely Critical 9.8 8.5
Windows DirectX Information Disclosure Vulnerability
CVE-2021-24106 Yes No Less Likely Less Likely Important 5.5 4.8
Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-24102 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-24103 No No Less Likely Less Likely Important 7.8 6.8
Windows Fax Service Remote Code Execution Vulnerability
CVE-2021-1722 No No Less Likely Less Likely Critical 8.1 7.1
CVE-2021-24077 No No Less Likely Less Likely Critical 9.8 8.5
Windows Graphics Component Remote Code Execution Vulnerability
CVE-2021-24093 No No Less Likely Less Likely Critical 8.8 7.7
Windows Installer Elevation of Privilege Vulnerability
CVE-2021-1727 Yes No More Likely More Likely Important 7.8 7.0
Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-24096 No No Less Likely Less Likely Important 7.8 6.8
Windows Local Spooler Remote Code Execution Vulnerability
CVE-2021-24088 No No Less Likely Less Likely Critical 8.8 7.7
Windows Mobile Device Management Information Disclosure Vulnerability
CVE-2021-24084 No No Less Likely Less Likely Important 5.5 4.8
Windows Network File System Denial of Service Vulnerability
CVE-2021-24075 No No Less Likely Less Likely Important 6.8 5.9
Windows PKU2U Elevation of Privilege Vulnerability
CVE-2021-25195 No No Less Likely Less Likely Important 7.8 6.8
Windows Remote Procedure Call Information Disclosure Vulnerability
CVE-2021-1734 No No Less Likely Less Likely Important 7.5 6.5
Windows TCP/IP Denial of Service Vulnerability
CVE-2021-24086 No No More Likely More Likely Important 7.5 6.5
Windows TCP/IP Remote Code Execution Vulnerability
CVE-2021-24074 No No More Likely More Likely Critical 9.8 8.5
CVE-2021-24094 No No More Likely More Likely Critical 9.8 8.5
Windows Trust Verification API Denial of Service Vulnerability
CVE-2021-24080 No No Less Likely Less Likely Moderate 6.5 5.7
Windows Win32k Elevation of Privilege Vulnerability
CVE-2021-1732 No Yes Detected Detected Important 7.8 7.2
CVE-2021-1698 No No More Likely More Likely Important 7.8 6.8

--
Renato Marinho
Morphus Labs| LinkedIn|Twitter

Keywords:
0 comment(s)
ISC Stormcast For Tuesday, February 9th, 2021 https://isc.sans.edu/podcastdetail.html?id=7364

Comments

What's this all about ..?

Anonymous

Dec 3rd 2022
9 months ago

password reveal .

Anonymous

Dec 3rd 2022
9 months ago

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission

Anonymous

Dec 26th 2022
8 months ago

https://thehomestore.com.pk/

Anonymous

Dec 26th 2022
8 months ago

<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>

Anonymous

Dec 26th 2022
8 months ago

<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>

Anonymous

Dec 26th 2022
8 months ago

https://defineprogramming.com/

Anonymous

Dec 26th 2022
8 months ago

https://defineprogramming.com/

https://defineprogramming.com/

Dec 26th 2022
8 months ago

Enter comment here... a fake TeamViewer page, and that page led to a different type of malware. This week's infection involved a downloaded JavaScript (.js) file that led to Microsoft Installer packages (.msi files) containing other script that used free or open source programs.
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/

https://defineprogramming.com/

Dec 26th 2022
8 months ago

Enter corthrthmment here...

rthrth

Jan 2nd 2023
8 months ago

Login here to join the discussion.


Diary Archives