Microsoft February 2021 Patch Tuesday
This month we got patches for 56 vulnerabilities. Of these, 11 are critical, 1 is being exploited and 6 were previously disclosed.
The exploited vulnerability is an elevation of privilege vulnerability affecting Win32k (CVE-2021-1732). This is a local vulnerability, which means that to exploit the vulnerability, an attacker would have to have local access to the machine (console or SSH for example) or rely on user interaction, like a user opening a malicious document. The CVSS v3 score for this vulnerability is 7.80.
The highest CVSS score this month (9.80) was given to 4 vulnerabilities. One of those is a critical Remote Code Execution (RCE) vulnerability in Microsoft DNS Server (CVE-2021-24078). This vulnerability would allow a remote unauthenticated attacker to execute code with the service privilege on the target host. As this vulnerability does not require user interaction, this is a potentially wormable vulnerability that requires your attention if you have Microsoft DNS Server in your network – specially exposed to the Internet.
There are also two RCEs worth mentioning this month affecting Windows TCP/IP. The first (CVE-2021-24074) affects IPV4 and involve source routing. Despite source routing being blocked by default in Windows, the system will process the request and return an ICMP message denying the request. There is a workaround for this vulnerability documented in Microsoft advisory that will cause the system to drop these requests altogether without any processing. The vulnerability affecting IPV6 (CVE-2021-24094) is related to package fragmentation. Both vulnerabilities are CVSS v3 9.80.
Amongst already disclosed vulnerabilities, there is a critical RCE affecting .Net Core 2.0, 3.1 and 5.0 (CVE-2021-26701). The CVSS v3 for this vulnerability is 8.10. There are no details.
See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com.
February 2021 Security Updates
Description | |||||||
---|---|---|---|---|---|---|---|
CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
.NET Core Remote Code Execution Vulnerability | |||||||
CVE-2021-24112 | No | No | Less Likely | Less Likely | Critical | 8.1 | 7.3 |
CVE-2021-26701 | Yes | No | Less Likely | Less Likely | Critical | 8.1 | 7.1 |
.NET Core and Visual Studio Denial of Service Vulnerability | |||||||
CVE-2021-1721 | Yes | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
.NET Framework Denial of Service Vulnerability | |||||||
CVE-2021-24111 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
Azure IoT CLI extension Elevation of Privilege Vulnerability | |||||||
CVE-2021-24087 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability | |||||||
CVE-2021-24109 | No | No | Less Likely | Less Likely | Moderate | 6.8 | 5.9 |
Microsoft Dataverse Information Disclosure Vulnerability | |||||||
CVE-2021-24101 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
Microsoft Defender Elevation of Privilege Vulnerability | |||||||
CVE-2021-24092 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | |||||||
CVE-2021-1724 | No | No | Less Likely | Less Likely | Important | 6.1 | 5.5 |
Microsoft Edge for Android Information Disclosure Vulnerability | |||||||
CVE-2021-24100 | No | No | Less Likely | Less Likely | Important | 5.0 | 4.5 |
Microsoft Excel Remote Code Execution Vulnerability | |||||||
CVE-2021-24067 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2021-24068 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2021-24069 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2021-24070 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Microsoft Exchange Server Spoofing Vulnerability | |||||||
CVE-2021-24085 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
CVE-2021-1730 | No | No | Less Likely | Less Likely | Important | 5.4 | 4.9 |
Microsoft SharePoint Information Disclosure Vulnerability | |||||||
CVE-2021-24071 | No | No | Less Likely | Less Likely | Important | 5.3 | 4.8 |
Microsoft SharePoint Remote Code Execution Vulnerability | |||||||
CVE-2021-24066 | No | No | More Likely | More Likely | Important | 8.8 | 7.7 |
Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||||
CVE-2021-24072 | No | No | More Likely | More Likely | Important | 8.8 | 7.7 |
Microsoft SharePoint Spoofing Vulnerability | |||||||
CVE-2021-1726 | No | No | Less Likely | Less Likely | Important | 8.0 | 7.0 |
Microsoft Teams iOS Information Disclosure Vulnerability | |||||||
CVE-2021-24114 | No | No | Less Likely | Less Likely | Important | 5.7 | 5.0 |
Microsoft Windows Codecs Library Remote Code Execution Vulnerability | |||||||
CVE-2021-24081 | No | No | Less Likely | Less Likely | Critical | 7.8 | 7.0 |
Microsoft Windows VMSwitch Information Disclosure Vulnerability | |||||||
CVE-2021-24076 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability | |||||||
CVE-2021-24082 | No | No | Less Likely | Less Likely | Important | 4.3 | 3.8 |
PFX Encryption Security Feature Bypass Vulnerability | |||||||
CVE-2021-1731 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Package Managers Configurations Remote Code Execution Vulnerability | |||||||
CVE-2021-24105 | No | No | Less Likely | Less Likely | Important | 8.4 | 7.6 |
Skype for Business and Lync Denial of Service Vulnerability | |||||||
CVE-2021-24099 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
Skype for Business and Lync Spoofing Vulnerability | |||||||
CVE-2021-24073 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
Sysinternals PsExec Elevation of Privilege Vulnerability | |||||||
CVE-2021-1733 | Yes | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
System Center Operations Manager Elevation of Privilege Vulnerability | |||||||
CVE-2021-1728 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
Visual Studio Code Remote Code Execution Vulnerability | |||||||
CVE-2021-1639 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
Visual Studio Code npm-script Extension Remote Code Execution Vulnerability | |||||||
CVE-2021-26700 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows Address Book Remote Code Execution Vulnerability | |||||||
CVE-2021-24083 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows Backup Engine Information Disclosure Vulnerability | |||||||
CVE-2021-24079 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Windows Camera Codec Pack Remote Code Execution Vulnerability | |||||||
CVE-2021-24091 | No | No | Less Likely | Less Likely | Critical | 7.8 | 6.8 |
Windows Console Driver Denial of Service Vulnerability | |||||||
CVE-2021-24098 | Yes | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Windows DNS Server Remote Code Execution Vulnerability | |||||||
CVE-2021-24078 | No | No | More Likely | More Likely | Critical | 9.8 | 8.5 |
Windows DirectX Information Disclosure Vulnerability | |||||||
CVE-2021-24106 | Yes | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Windows Event Tracing Elevation of Privilege Vulnerability | |||||||
CVE-2021-24102 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2021-24103 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows Fax Service Remote Code Execution Vulnerability | |||||||
CVE-2021-1722 | No | No | Less Likely | Less Likely | Critical | 8.1 | 7.1 |
CVE-2021-24077 | No | No | Less Likely | Less Likely | Critical | 9.8 | 8.5 |
Windows Graphics Component Remote Code Execution Vulnerability | |||||||
CVE-2021-24093 | No | No | Less Likely | Less Likely | Critical | 8.8 | 7.7 |
Windows Installer Elevation of Privilege Vulnerability | |||||||
CVE-2021-1727 | Yes | No | More Likely | More Likely | Important | 7.8 | 7.0 |
Windows Kernel Elevation of Privilege Vulnerability | |||||||
CVE-2021-24096 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows Local Spooler Remote Code Execution Vulnerability | |||||||
CVE-2021-24088 | No | No | Less Likely | Less Likely | Critical | 8.8 | 7.7 |
Windows Mobile Device Management Information Disclosure Vulnerability | |||||||
CVE-2021-24084 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Windows Network File System Denial of Service Vulnerability | |||||||
CVE-2021-24075 | No | No | Less Likely | Less Likely | Important | 6.8 | 5.9 |
Windows PKU2U Elevation of Privilege Vulnerability | |||||||
CVE-2021-25195 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows Remote Procedure Call Information Disclosure Vulnerability | |||||||
CVE-2021-1734 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
Windows TCP/IP Denial of Service Vulnerability | |||||||
CVE-2021-24086 | No | No | More Likely | More Likely | Important | 7.5 | 6.5 |
Windows TCP/IP Remote Code Execution Vulnerability | |||||||
CVE-2021-24074 | No | No | More Likely | More Likely | Critical | 9.8 | 8.5 |
CVE-2021-24094 | No | No | More Likely | More Likely | Critical | 9.8 | 8.5 |
Windows Trust Verification API Denial of Service Vulnerability | |||||||
CVE-2021-24080 | No | No | Less Likely | Less Likely | Moderate | 6.5 | 5.7 |
Windows Win32k Elevation of Privilege Vulnerability | |||||||
CVE-2021-1732 | No | Yes | Detected | Detected | Important | 7.8 | 7.2 |
CVE-2021-1698 | No | No | More Likely | More Likely | Important | 7.8 | 6.8 |
--
Renato Marinho
Morphus Labs| LinkedIn|Twitter
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
https://defineprogramming.com/
Dec 26th 2022
8 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
8 months ago
rthrth
Jan 2nd 2023
8 months ago