11 Critical updates in Microsoft’s latest Windows Update.
Microsoft patch Tuesday is here! We bring you the Microsoft Windows Update …. The February 2021 edition.
Microsoft announced in their Microsoft Security Response Center blog that three CVEs represent vulnerabilities in the TCP/IP stack and two of these are critical remote-control execution vulnerabilities in CVE-2021-24074 and CVE-2021-24094. Microsoft states these remote-control execution vulnerabilities are “difficult to implement” and more likely for an attacker to exploit the Denial of Service vulnerability in CVE-2021-24086. However, all should be patched quickly anyway as Microsoft specifically made a special blog warning on their Microsoft Security Response Center blog to warn of these specific vulnerabilities
The .NET vulnerabilities are considered critical. CVE-2021-26701 is a remote code execution vulnerability and CVE-2021-1721 is considered a denial of service vulnerability.
The DNS Server element of this patch covered in CVE-2021-24078 covers a vulnerability when the DNS Server looks up a domain it has never seen before. Using a specially crafted phishing email, the attacker could put a link or graphic in this email that makes the DNS Server look for this unknown domain. The DNS Server looks for this Domain, and if the attacker responds before the root domain does, the attacker may be able to redirect the flow of network traffic to a different destination. This bug is considered to be easy to exploit if the attacker knows how and is easily converted into a wormable exploit that could spread quickly through a network of unpatched machines. This vulnerability affects windows server 2008 to the current version 20H2. CVE-2021-24078 has a vulnerability severity rating of 9.8.
CVE-2021-1732 is Win3k (kernel) Escalation of privilege vulnerability that could allow an attacker to gain extra privileges by a Windows driver handling memory objects incorrectly. This particular vulnerability is currently being exploited according to Microsoft.
Microsoft released 56 patches this month. 11 are critical. One vulnerability patched has already been found in the wild. A few of these vulnerabilities are easy to exploit, and attackers may be able to make exploits soon. The following Microsoft products are affected:
.NET Core, .NET Framework, Azure IoT, Developer Tools, Microsoft Azure Kubernetes Service, Microsoft Dynamics, Microsoft Edge for Android, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Office Excel, Microsoft Office SharePoint, Microsoft Windows Codecs Library, DNS Server, Hyper-V, Windows Fax Service, Skype for Business, SysInternals, System Center, Visual Studio, Windows Address Book, Windows Backup Engine, Windows Console Driver, Windows Defender, Windows DirectX, Windows Event Tracing, Windows Installer, Windows Kernel, Windows Mobile Device Management, Windows Network File System, Windows PFX Encryption, Windows PKU2U, Windows PowerShell, Windows Print Spooler Components, Windows Remote Procedure Call, Windows TCP/IP, and Windows Trust Verification API.
As usual, Microsoft has rolled most of these patches into one or two monthly rollups and should be simple to patch; however, the .NET patches are deployed and listed separately. Please patch as soon as you can. With these bugs exposed, Attackers have an advantage if you wait to patch.