Microsoft February 2021 Patch Tuesday fixes 56 bugs, including an actively exploited Windows zero-day
Microsoft February 2021 Patch Tuesday addresses 56 vulnerabilities, including a flaw that is known to be actively exploited in the wild.
Microsoft February 2021 Patch Tuesday security updates address 56 CVEs in multiple products, including Windows components, .NET Framework, Azure IoT, Azure Kubernetes Service, Microsoft Edge for Android, Exchange Server, Office and Office Services and Web Apps, Skype for Business and Lync, and Windows Defender.
Of these 56 vulnerabilities, 11 have been rated as Critical, 43 as Important, and two as Moderate in severity. Microsoft revealed that one of these flaws is known to be actively exploited in attacks in the wild, while six issues are listed as being publicly known at the time of release.
The CVE-2021-1732 zero-day is an elevation of privilege issues that resides in the Windows Win32k component. The flaw was exploited by threat actors to obtain SYSTEM-level access after gaining access to a Windows system. Microsoft did not disclose details about the attacks that exploited this flaw.
The vulnerability was reported by JinQuan, MaDongZe, TuXiaoYi, and LiHao from DBAPPSecurity Co., Ltd
Another interesting issue addressed by Microsoft with Microsoft February 2021 Patch Tuesday security updates is a Windows DNS Server Remote Code Execution vulnerability tracked as CVE-2021-24078.
“This patch fixes a bug in the Windows DNS Server that could allow remote code execution on affected systems. Fortunately, if your system is not configured to be a DNS server, it is not impacted by this bug. However, for those systems that are configured as DNS servers, this bug allows code execution in a privileged service from a remote, unauthenticated attacker.” reads the description provided by Zero Day Initiative. “This is potentially wormable, although only between DNS servers. Prioritize this update if you depend on Microsoft DNS servers.”
Microsoft also fixed a Windows TCP/IP Remote Code Execution vulnerability (CVE-2021-24074) and a .NET Core and Visual Studio Remote Code Execution vulnerability (CVE-2021-26701).
The details for the following CVE were disclosed online before the release of Microsoft February 2021 Patch Tuesday, but none of them was exploited in attacks in the wild.:
- CVE-2021-1721 – .NET Core and Visual Studio Denial of Service Vulnerability
- CVE-2021-1733 – Sysinternals PsExec Elevation of Privilege Vulnerability
- CVE-2021-26701 – .NET Core Remote Code Execution Vulnerability
- CVE-2021-1727 – Windows Installer Elevation of Privilege Vulnerability
- CVE-2021-24098 – Windows Console Driver Denial of Service Vulnerability
- CVE-2021-24106 – Windows DirectX Information Disclosure Vulnerability
“Today Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086).” reads a blog post published by Microsoft. “The two RCE vulnerabilities are complex which make it difficult to create functional exploits, so they are not likely in the short term. We believe attackers will be able to create DoS exploits much more quickly and expect all three issues might be exploited with a DoS attack shortly after release.”
The lists of security updates released by Microsoft is available on the Security Update Guide portal:
| Tag | CVE ID | CVE Title |
|---|---|---|
| .NET Core | CVE-2021-26701 | .NET Core Remote Code Execution Vulnerability |
| .NET Core | CVE-2021-24112 | .NET Core Remote Code Execution Vulnerability |
| .NET Core & Visual Studio | CVE-2021-1721 | .NET Core and Visual Studio Denial of Service Vulnerability |
| .NET Framework | CVE-2021-24111 | .NET Framework Denial of Service Vulnerability |
| Azure IoT | CVE-2021-24087 | Azure IoT CLI extension Elevation of Privilege Vulnerability |
| Developer Tools | CVE-2021-24105 | Package Managers Configurations Remote Code Execution Vulnerability |
| Microsoft Azure Kubernetes Service | CVE-2021-24109 | Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability |
| Microsoft Dynamics | CVE-2021-24101 | Microsoft Dataverse Information Disclosure Vulnerability |
| Microsoft Dynamics | CVE-2021-1724 | Microsoft Dynamics Business Central Cross-site Scripting Vulnerability |
| Microsoft Edge for Android | CVE-2021-24100 | Microsoft Edge for Android Information Disclosure Vulnerability |
| Microsoft Exchange Server | CVE-2021-24085 | Microsoft Exchange Server Spoofing Vulnerability |
| Microsoft Exchange Server | CVE-2021-1730 | Microsoft Exchange Server Spoofing Vulnerability |
| Microsoft Graphics Component | CVE-2021-24093 | Windows Graphics Component Remote Code Execution Vulnerability |
| Microsoft Office Excel | CVE-2021-24067 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office Excel | CVE-2021-24068 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office Excel | CVE-2021-24069 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office Excel | CVE-2021-24070 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2021-24071 | Microsoft SharePoint Information Disclosure Vulnerability |
| Microsoft Office SharePoint | CVE-2021-1726 | Microsoft SharePoint Spoofing Vulnerability |
| Microsoft Office SharePoint | CVE-2021-24066 | Microsoft SharePoint Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2021-24072 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Microsoft Teams | CVE-2021-24114 | Microsoft Teams iOS Information Disclosure Vulnerability |
| Microsoft Windows Codecs Library | CVE-2021-24081 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2021-24091 | Windows Camera Codec Pack Remote Code Execution Vulnerability |
| Role: DNS Server | CVE-2021-24078 | Windows DNS Server Remote Code Execution Vulnerability |
| Role: Hyper-V | CVE-2021-24076 | Microsoft Windows VMSwitch Information Disclosure Vulnerability |
| Role: Windows Fax Service | CVE-2021-24077 | Windows Fax Service Remote Code Execution Vulnerability |
| Role: Windows Fax Service | CVE-2021-1722 | Windows Fax Service Remote Code Execution Vulnerability |
| Skype for Business | CVE-2021-24073 | Skype for Business and Lync Spoofing Vulnerability |
| Skype for Business | CVE-2021-24099 | Skype for Business and Lync Denial of Service Vulnerability |
| SysInternals | CVE-2021-1733 | Sysinternals PsExec Elevation of Privilege Vulnerability |
| System Center | CVE-2021-1728 | System Center Operations Manager Elevation of Privilege Vulnerability |
| Visual Studio | CVE-2021-1639 | Visual Studio Code Remote Code Execution Vulnerability |
| Visual Studio Code | CVE-2021-26700 | Visual Studio Code npm-script Extension Remote Code Execution Vulnerability |
| Windows Address Book | CVE-2021-24083 | Windows Address Book Remote Code Execution Vulnerability |
| Windows Backup Engine | CVE-2021-24079 | Windows Backup Engine Information Disclosure Vulnerability |
| Windows Console Driver | CVE-2021-24098 | Windows Console Driver Denial of Service Vulnerability |
| Windows Defender | CVE-2021-24092 | Microsoft Defender Elevation of Privilege Vulnerability |
| Windows DirectX | CVE-2021-24106 | Windows DirectX Information Disclosure Vulnerability |
| Windows Event Tracing | CVE-2021-24102 | Windows Event Tracing Elevation of Privilege Vulnerability |
| Windows Event Tracing | CVE-2021-24103 | Windows Event Tracing Elevation of Privilege Vulnerability |
| Windows Installer | CVE-2021-1727 | Windows Installer Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2021-24096 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2021-1732 | Windows Win32k Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2021-1698 | Windows Win32k Elevation of Privilege Vulnerability |
| Windows Mobile Device Management | CVE-2021-24084 | Windows Mobile Device Management Information Disclosure Vulnerability |
| Windows Network File System | CVE-2021-24075 | Windows Network File System Denial of Service Vulnerability |
| Windows PFX Encryption | CVE-2021-1731 | PFX Encryption Security Feature Bypass Vulnerability |
| Windows PKU2U | CVE-2021-25195 | Windows PKU2U Elevation of Privilege Vulnerability |
| Windows PowerShell | CVE-2021-24082 | Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability |
| Windows Print Spooler Components | CVE-2021-24088 | Windows Local Spooler Remote Code Execution Vulnerability |
| Windows Remote Procedure Call | CVE-2021-1734 | Windows Remote Procedure Call Information Disclosure Vulnerability |
| Windows TCP/IP | CVE-2021-24086 | Windows TCP/IP Denial of Service Vulnerability |
| Windows TCP/IP | CVE-2021-24074 | Windows TCP/IP Remote Code Execution Vulnerability |
| Windows TCP/IP | CVE-2021-24094 | Windows TCP/IP Remote Code Execution Vulnerability |
| Windows Trust Verification API | CVE-2021-24080 | Windows Trust Verification API Denial of Service Vulnerability |
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
|
|
Pierluigi Paganini
(SecurityAffairs – hacking, Windows)
The post Microsoft February 2021 Patch Tuesday fixes 56 bugs, including an actively exploited Windows zero-day appeared first on Security Affairs.
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.
