Your hacker Blog

Microsoft February 2021 Patch Tuesday fixes 56 bugs, including an actively exploited Windows zero-day

Microsoft February 2021 Patch Tuesday addresses 56 vulnerabilities, including a flaw that is known to be actively exploited in the wild.

Microsoft February 2021 Patch Tuesday security updates address 56 CVEs in multiple products, including Windows components, .NET Framework, Azure IoT, Azure Kubernetes Service, Microsoft Edge for Android, Exchange Server, Office and Office Services and Web Apps, Skype for Business and Lync, and Windows Defender.

Of these 56 vulnerabilities, 11 have been rated as Critical, 43 as Important, and two as Moderate in severity. Microsoft revealed that one of these flaws is known to be actively exploited in attacks in the wild, while six issues are listed as being publicly known at the time of release.

The CVE-2021-1732 zero-day is an elevation of privilege issues that resides in the Windows Win32k component. The flaw was exploited by threat actors to obtain SYSTEM-level access after gaining access to a Windows system. Microsoft did not disclose details about the attacks that exploited this flaw.

The vulnerability was reported by JinQuan, MaDongZe, TuXiaoYi, and LiHao from DBAPPSecurity Co., Ltd

Another interesting issue addressed by Microsoft with Microsoft February 2021 Patch Tuesday security updates is a Windows DNS Server Remote Code Execution vulnerability tracked as CVE-2021-24078.

“This patch fixes a bug in the Windows DNS Server that could allow remote code execution on affected systems. Fortunately, if your system is not configured to be a DNS server, it is not impacted by this bug. However, for those systems that are configured as DNS servers, this bug allows code execution in a privileged service from a remote, unauthenticated attacker.” reads the description provided by Zero Day Initiative. “This is potentially wormable, although only between DNS servers. Prioritize this update if you depend on Microsoft DNS servers.”

Microsoft also fixed a Windows TCP/IP Remote Code Execution vulnerability (CVE-2021-24074) and a .NET Core and Visual Studio Remote Code Execution vulnerability (CVE-2021-26701).

The details for the following CVE were disclosed online before the release of Microsoft February 2021 Patch Tuesday, but none of them was exploited in attacks in the wild.:

CVE-2021-1721 – .NET Core and Visual Studio Denial of Service VulnerabilityCVE-2021-1733 – Sysinternals PsExec Elevation of Privilege VulnerabilityCVE-2021-26701 – .NET Core Remote Code Execution VulnerabilityCVE-2021-1727 – Windows Installer Elevation of Privilege VulnerabilityCVE-2021-24098 – Windows Console Driver Denial of Service VulnerabilityCVE-2021-24106 – Windows DirectX Information Disclosure Vulnerability“Today Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086).” reads a blog post published by Microsoft. “The two RCE vulnerabilities are complex which make it difficult to create functional exploits, so they are not likely in the short term. We believe attackers will be able to create DoS exploits much more quickly and expect all three issues might be exploited with a DoS attack shortly after release.”

The lists of security updates released by Microsoft is available on the Security Update Guide portal:

TagCVE IDCVE Title.NET CoreCVE-2021-26701.NET Core Remote Code Execution Vulnerability.NET CoreCVE-2021-24112.NET Core Remote Code Execution Vulnerability.NET Core & Visual StudioCVE-2021-1721.NET Core and Visual Studio Denial of Service Vulnerability.NET FrameworkCVE-2021-24111.NET Framework Denial of Service VulnerabilityAzure IoTCVE-2021-24087Azure IoT CLI extension Elevation of Privilege VulnerabilityDeveloper ToolsCVE-2021-24105Package Managers Configurations Remote Code Execution VulnerabilityMicrosoft Azure Kubernetes ServiceCVE-2021-24109Microsoft Azure Kubernetes Service Elevation of Privilege VulnerabilityMicrosoft DynamicsCVE-2021-24101Microsoft Dataverse Information Disclosure VulnerabilityMicrosoft DynamicsCVE-2021-1724Microsoft Dynamics Business Central Cross-site Scripting VulnerabilityMicrosoft Edge for AndroidCVE-2021-24100Microsoft Edge for Android Information Disclosure VulnerabilityMicrosoft Exchange ServerCVE-2021-24085Microsoft Exchange Server Spoofing VulnerabilityMicrosoft Exchange ServerCVE-2021-1730Microsoft Exchange Server Spoofing VulnerabilityMicrosoft Graphics ComponentCVE-2021-24093Windows Graphics Component Remote Code Execution VulnerabilityMicrosoft Office ExcelCVE-2021-24067Microsoft Excel Remote Code Execution VulnerabilityMicrosoft Office ExcelCVE-2021-24068Microsoft Excel Remote Code Execution VulnerabilityMicrosoft Office ExcelCVE-2021-24069Microsoft Excel Remote Code Execution VulnerabilityMicrosoft Office ExcelCVE-2021-24070Microsoft Excel Remote Code Execution VulnerabilityMicrosoft Office SharePointCVE-2021-24071Microsoft SharePoint Information Disclosure VulnerabilityMicrosoft Office SharePointCVE-2021-1726Microsoft SharePoint Spoofing VulnerabilityMicrosoft Office SharePointCVE-2021-24066Microsoft SharePoint Remote Code Execution VulnerabilityMicrosoft Office SharePointCVE-2021-24072Microsoft SharePoint Server Remote Code Execution VulnerabilityMicrosoft TeamsCVE-2021-24114Microsoft Teams iOS Information Disclosure VulnerabilityMicrosoft Windows Codecs LibraryCVE-2021-24081Microsoft Windows Codecs Library Remote Code Execution VulnerabilityMicrosoft Windows Codecs LibraryCVE-2021-24091Windows Camera Codec Pack Remote Code Execution VulnerabilityRole: DNS ServerCVE-2021-24078Windows DNS Server Remote Code Execution VulnerabilityRole: Hyper-VCVE-2021-24076Microsoft Windows VMSwitch Information Disclosure VulnerabilityRole: Windows Fax ServiceCVE-2021-24077Windows Fax Service Remote Code Execution VulnerabilityRole: Windows Fax ServiceCVE-2021-1722Windows Fax Service Remote Code Execution VulnerabilitySkype for BusinessCVE-2021-24073Skype for Business and Lync Spoofing VulnerabilitySkype for BusinessCVE-2021-24099Skype for Business and Lync Denial of Service VulnerabilitySysInternalsCVE-2021-1733Sysinternals PsExec Elevation of Privilege VulnerabilitySystem CenterCVE-2021-1728System Center Operations Manager Elevation of Privilege VulnerabilityVisual StudioCVE-2021-1639Visual Studio Code Remote Code Execution VulnerabilityVisual Studio CodeCVE-2021-26700Visual Studio Code npm-script Extension Remote Code Execution VulnerabilityWindows Address BookCVE-2021-24083Windows Address Book Remote Code Execution VulnerabilityWindows Backup EngineCVE-2021-24079Windows Backup Engine Information Disclosure VulnerabilityWindows Console DriverCVE-2021-24098Windows Console Driver Denial of Service VulnerabilityWindows DefenderCVE-2021-24092Microsoft Defender Elevation of Privilege VulnerabilityWindows DirectXCVE-2021-24106Windows DirectX Information Disclosure VulnerabilityWindows Event TracingCVE-2021-24102Windows Event Tracing Elevation of Privilege VulnerabilityWindows Event TracingCVE-2021-24103Windows Event Tracing Elevation of Privilege VulnerabilityWindows InstallerCVE-2021-1727Windows Installer Elevation of Privilege VulnerabilityWindows KernelCVE-2021-24096Windows Kernel Elevation of Privilege VulnerabilityWindows KernelCVE-2021-1732Windows Win32k Elevation of Privilege VulnerabilityWindows KernelCVE-2021-1698Windows Win32k Elevation of Privilege VulnerabilityWindows Mobile Device ManagementCVE-2021-24084Windows Mobile Device Management Information Disclosure VulnerabilityWindows Network File SystemCVE-2021-24075Windows Network File System Denial of Service VulnerabilityWindows PFX EncryptionCVE-2021-1731PFX Encryption Security Feature Bypass VulnerabilityWindows PKU2UCVE-2021-25195Windows PKU2U Elevation of Privilege VulnerabilityWindows PowerShellCVE-2021-24082Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass VulnerabilityWindows Print Spooler ComponentsCVE-2021-24088Windows Local Spooler Remote Code Execution VulnerabilityWindows Remote Procedure CallCVE-2021-1734Windows Remote Procedure Call Information Disclosure VulnerabilityWindows TCP/IPCVE-2021-24086Windows TCP/IP Denial of Service VulnerabilityWindows TCP/IPCVE-2021-24074Windows TCP/IP Remote Code Execution VulnerabilityWindows TCP/IPCVE-2021-24094Windows TCP/IP Remote Code Execution VulnerabilityWindows Trust Verification APICVE-2021-24080Windows Trust Verification API Denial of Service VulnerabilityIf you want to receive the weekly Security Affairs Newsletter for free subscribe here.

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}
Pierluigi Paganini

(SecurityAffairs – hacking, Windows)

The post Microsoft February 2021 Patch Tuesday fixes 56 bugs, including an actively exploited Windows zero-day appeared first on Security Affairs.