Microsoft February 2021 Patch Tuesday fixes 56 bugs, including an actively exploited Windows zero-day

by chebbi abir

Microsoft February 2021 Patch Tuesday addresses 56 vulnerabilities, includ

ing a flaw that is known to be actively exploited in the wild.

Microsoft February 2021 Patch Tuesday security updates address 56 CVEs in multiple products, including Windows components, .NET Framework, Azure IoT, Azure Kubernetes Service, Microsoft Edge for Android, Exchange Server, Office and Office Services and Web Apps, Skype for Business and Lync, and Windows Defender.

 

Of these 56 vulnerabilities, 11 have been rated as Critical, 43 as Important, and two as Moderate in severity. Microsoft revealed that one of these flaws is known to be actively exploited in attacks in the wild, while six issues are listed as being publicly known at the time of release.

The CVE-2021-1732 zero-day is an elevation of privilege issues that resides in the Windows Win32k component. The flaw was exploited by threat actors to obtain SYSTEM-level access after gaining access to a Windows system. Microsoft did not disclose details about the attacks that exploited this flaw.

The vulnerability was reported by JinQuan, MaDongZe, TuXiaoYi, and LiHao from DBAPPSecurity Co., Ltd

Another interesting issue addressed by Microsoft with Microsoft February 2021 Patch Tuesday security updates is a Windows DNS Server Remote Code Execution vulnerability tracked as CVE-2021-24078.

“This patch fixes a bug in the Windows DNS Server that could allow remote code execution on affected systems. Fortunately, if your system is not configured to be a DNS server, it is not impacted by this bug. However, for those systems that are configured as DNS servers, this bug allows code execution in a privileged service from a remote, unauthenticated attacker.” reads the description provided by Zero Day Initiative. “This is potentially wormable, although only between DNS servers. Prioritize this update if you depend on Microsoft DNS servers.”

Microsoft also fixed a Windows TCP/IP Remote Code Execution vulnerability (CVE-2021-24074) and a .NET Core and Visual Studio Remote Code Execution vulnerability (CVE-2021-26701).

The details for the following CVE were disclosed online before the release of Microsoft February 2021 Patch Tuesday, but none of them was exploited in attacks in the wild.:

  • CVE-2021-1721 – .NET Core and Visual Studio Denial of Service Vulnerability
  • CVE-2021-1733 – Sysinternals PsExec Elevation of Privilege Vulnerability
  • CVE-2021-26701 – .NET Core Remote Code Execution Vulnerability
  • CVE-2021-1727 – Windows Installer Elevation of Privilege Vulnerability
  • CVE-2021-24098 – Windows Console Driver Denial of Service Vulnerability
  • CVE-2021-24106 – Windows DirectX Information Disclosure Vulnerability

“Today Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086).” reads a blog post published by Microsoft. “The two RCE vulnerabilities are complex which make it difficult to create functional exploits, so they are not likely in the short term. We believe attackers will be able to create DoS exploits much more quickly and expect all three issues might be exploited with a DoS attack shortly after release.”

The lists of security updates released by Microsoft is available on the Security Update Guide portal:

 

 

TAG CVE ID CVE TITLE
.NET Core CVE-2021-26701 .NET Core Remote Code Execution Vulnerability
.NET Core CVE-2021-24112 .NET Core Remote Code Execution Vulnerability
.NET Core & Visual Studio CVE-2021-1721 .NET Core and Visual Studio Denial of Service Vulnerability
.NET Framework CVE-2021-24111 .NET Framework Denial of Service Vulnerability
Azure IoT CVE-2021-24087 Azure IoT CLI extension Elevation of Privilege Vulnerability
Developer Tools CVE-2021-24105 Package Managers Configurations Remote Code Execution Vulnerability
Microsoft Azure Kubernetes Service CVE-2021-24109 Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
Microsoft Dynamics CVE-2021-24101 Microsoft Dataverse Information Disclosure Vulnerability
Microsoft Dynamics CVE-2021-1724 Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
Microsoft Edge for Android CVE-2021-24100 Microsoft Edge for Android Information Disclosure Vulnerability
Microsoft Exchange Server CVE-2021-24085 Microsoft Exchange Server Spoofing Vulnerability
Microsoft Exchange Server CVE-2021-1730 Microsoft Exchange Server Spoofing Vulnerability
Microsoft Graphics Component CVE-2021-24093 Windows Graphics Component Remote Code Execution Vulnerability
Microsoft Office Excel CVE-2021-24067 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office Excel CVE-2021-24068 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office Excel CVE-2021-24069 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office Excel CVE-2021-24070 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2021-24071 Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePoint CVE-2021-1726 Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePoint CVE-2021-24066 Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2021-24072 Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft Teams CVE-2021-24114 Microsoft Teams iOS Information Disclosure Vulnerability
Microsoft Windows Codecs Library CVE-2021-24081 Microsoft Windows Codecs Library Remote Code Execution Vulnerability
Microsoft Windows Codecs Library CVE-2021-24091 Windows Camera Codec Pack Remote Code Execution Vulnerability
Role: DNS Server CVE-2021-24078 Windows DNS Server Remote Code Execution Vulnerability
Role: Hyper-V CVE-2021-24076 Microsoft Windows VMSwitch Information Disclosure Vulnerability
Role: Windows Fax Service CVE-2021-24077 Windows Fax Service Remote Code Execution Vulnerability
Role: Windows Fax Service CVE-2021-1722 Windows Fax Service Remote Code Execution Vulnerability
Skype for Business CVE-2021-24073 Skype for Business and Lync Spoofing Vulnerability
Skype for Business CVE-2021-24099 Skype for Business and Lync Denial of Service Vulnerability
SysInternals CVE-2021-1733 Sysinternals PsExec Elevation of Privilege Vulnerability
System Center CVE-2021-1728 System Center Operations Manager Elevation of Privilege Vulnerability
Visual Studio CVE-2021-1639 Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code CVE-2021-26700 Visual Studio Code npm-script Extension Remote Code Execution Vulnerability
Windows Address Book CVE-2021-24083 Windows Address Book Remote Code Execution Vulnerability
Windows Backup Engine CVE-2021-24079 Windows Backup Engine Information Disclosure Vulnerability
Windows Console Driver CVE-2021-24098 Windows Console Driver Denial of Service Vulnerability
Windows Defender CVE-2021-24092 Microsoft Defender Elevation of Privilege Vulnerability
Windows DirectX CVE-2021-24106 Windows DirectX Information Disclosure Vulnerability
Windows Event Tracing CVE-2021-24102 Windows Event Tracing Elevation of Privilege Vulnerability
Windows Event Tracing CVE-2021-24103 Windows Event Tracing Elevation of Privilege Vulnerability
Windows Installer CVE-2021-1727 Windows Installer Elevation of Privilege Vulnerability
Windows Kernel CVE-2021-24096 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2021-1732 Windows Win32k Elevation of Privilege Vulnerability
Windows Kernel CVE-2021-1698 Windows Win32k Elevation of Privilege Vulnerability
Windows Mobile Device Management CVE-2021-24084 Windows Mobile Device Management Information Disclosure Vulnerability
Windows Network File System CVE-2021-24075 Windows Network File System Denial of Service Vulnerability
Windows PFX Encryption CVE-2021-1731 PFX Encryption Security Feature Bypass Vulnerability
Windows PKU2U CVE-2021-25195 Windows PKU2U Elevation of Privilege Vulnerability
Windows PowerShell CVE-2021-24082 Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability
Windows Print Spooler Components CVE-2021-24088 Windows Local Spooler Remote Code Execution Vulnerability
Windows Remote Procedure Call CVE-2021-1734 Windows Remote Procedure Call Information Disclosure Vulnerability
Windows TCP/IP CVE-2021-24086 Windows TCP/IP Denial of Service Vulnerability
Windows TCP/IP CVE-2021-24074 Windows TCP/IP Remote Code Execution Vulnerability
Windows TCP/IP CVE-2021-24094 Windows TCP/IP Remote Code Execution Vulnerability
Windows Trust Verification API CVE-2021-24080 Windows Trust Verification API Denial of Service Vulnerability

To read the original article

https://securityaffairs.co/wordpress/114409/security/microsoft-february-2021-patch-tuesday.html

 

Top

Interdit de copier  ce contenu