Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft February 2021 Patch Tuesday

Published: 2021-02-09
Last Updated: 2021-02-09 20:20:55 UTC
by Renato Marinho (Version: 1)
0 comment(s)

This month we got patches for 56 vulnerabilities. Of these, 11 are critical, 1 is being exploited and 6 were previously disclosed.

The exploited vulnerability is an elevation of privilege vulnerability affecting Win32k (CVE-2021-1732). This is a local vulnerability, which means that to exploit the vulnerability, an attacker would have to have local access to the machine (console or SSH for example) or rely on user interaction, like a user opening a malicious document.  The CVSS v3 score for this vulnerability is 7.80.

The highest CVSS score this month (9.80) was given to 4 vulnerabilities. One of those is a critical Remote Code Execution (RCE) vulnerability in Microsoft DNS Server (CVE-2021-24078). This vulnerability would allow a remote unauthenticated attacker to execute code with the service privilege on the target host. As this vulnerability does not require user interaction, this is a potentially wormable vulnerability that requires your attention if you have Microsoft DNS Server in your network – specially exposed to the Internet.

There are also two RCEs worth mentioning this month affecting Windows TCP/IP. The first (CVE-2021-24074) affects IPV4 and involve source routing. Despite source routing being blocked by default in Windows, the system will process the request and return an ICMP message denying the request. There is a workaround for this vulnerability documented in Microsoft advisory that will cause the system to drop these requests altogether without any processing. The vulnerability affecting IPV6 (CVE-2021-24094) is related to package fragmentation. Both vulnerabilities are CVSS v3 9.80.

Amongst already disclosed vulnerabilities, there is a critical RCE affecting .Net Core 2.0, 3.1 and 5.0 (CVE-2021-26701). The CVSS v3 for this vulnerability is 8.10. There are no details.

See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com.

February 2021 Security Updates

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Core Remote Code Execution Vulnerability
CVE-2021-24112 No No Less Likely Less Likely Critical 8.1 7.3
CVE-2021-26701 Yes No Less Likely Less Likely Critical 8.1 7.1
.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2021-1721 Yes No Less Likely Less Likely Important 6.5 5.9
.NET Framework Denial of Service Vulnerability
CVE-2021-24111 No No Less Likely Less Likely Important 7.5 6.5
Azure IoT CLI extension Elevation of Privilege Vulnerability
CVE-2021-24087 No No Less Likely Less Likely Important 7.0 6.1
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
CVE-2021-24109 No No Less Likely Less Likely Moderate 6.8 5.9
Microsoft Dataverse Information Disclosure Vulnerability
CVE-2021-24101 No No Less Likely Less Likely Important 6.5 5.9
Microsoft Defender Elevation of Privilege Vulnerability
CVE-2021-24092 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
CVE-2021-1724 No No Less Likely Less Likely Important 6.1 5.5
Microsoft Edge for Android Information Disclosure Vulnerability
CVE-2021-24100 No No Less Likely Less Likely Important 5.0 4.5
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-24067 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-24068 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-24069 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-24070 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Exchange Server Spoofing Vulnerability
CVE-2021-24085 No No Less Likely Less Likely Important 6.5 5.7
CVE-2021-1730 No No Less Likely Less Likely Important 5.4 4.9
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2021-24071 No No Less Likely Less Likely Important 5.3 4.8
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2021-24066 No No More Likely More Likely Important 8.8 7.7
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-24072 No No More Likely More Likely Important 8.8 7.7
Microsoft SharePoint Spoofing Vulnerability
CVE-2021-1726 No No Less Likely Less Likely Important 8.0 7.0
Microsoft Teams iOS Information Disclosure Vulnerability
CVE-2021-24114 No No Less Likely Less Likely Important 5.7 5.0
Microsoft Windows Codecs Library Remote Code Execution Vulnerability
CVE-2021-24081 No No Less Likely Less Likely Critical 7.8 7.0
Microsoft Windows VMSwitch Information Disclosure Vulnerability
CVE-2021-24076 No No Less Likely Less Likely Important 5.5 5.0
Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability
CVE-2021-24082 No No Less Likely Less Likely Important 4.3 3.8
PFX Encryption Security Feature Bypass Vulnerability
CVE-2021-1731 No No Less Likely Less Likely Important 5.5 4.8
Package Managers Configurations Remote Code Execution Vulnerability
CVE-2021-24105 No No Less Likely Less Likely Important 8.4 7.6
Skype for Business and Lync Denial of Service Vulnerability
CVE-2021-24099 No No Less Likely Less Likely Important 6.5 5.7
Skype for Business and Lync Spoofing Vulnerability
CVE-2021-24073 No No Less Likely Less Likely Important 6.5 5.9
Sysinternals PsExec Elevation of Privilege Vulnerability
CVE-2021-1733 Yes No Less Likely Less Likely Important 7.8 7.0
System Center Operations Manager Elevation of Privilege Vulnerability
CVE-2021-1728 No No Less Likely Less Likely Important 8.8 7.7
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-1639 No No Less Likely Less Likely Important 7.0 6.1
Visual Studio Code npm-script Extension Remote Code Execution Vulnerability
CVE-2021-26700 No No Less Likely Less Likely Important 7.8 6.8
Windows Address Book Remote Code Execution Vulnerability
CVE-2021-24083 No No Less Likely Less Likely Important 7.8 6.8
Windows Backup Engine Information Disclosure Vulnerability
CVE-2021-24079 No No Less Likely Less Likely Important 5.5 4.8
Windows Camera Codec Pack Remote Code Execution Vulnerability
CVE-2021-24091 No No Less Likely Less Likely Critical 7.8 6.8
Windows Console Driver Denial of Service Vulnerability
CVE-2021-24098 Yes No Less Likely Less Likely Important 5.5 4.8
Windows DNS Server Remote Code Execution Vulnerability
CVE-2021-24078 No No More Likely More Likely Critical 9.8 8.5
Windows DirectX Information Disclosure Vulnerability
CVE-2021-24106 Yes No Less Likely Less Likely Important 5.5 4.8
Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-24102 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-24103 No No Less Likely Less Likely Important 7.8 6.8
Windows Fax Service Remote Code Execution Vulnerability
CVE-2021-1722 No No Less Likely Less Likely Critical 8.1 7.1
CVE-2021-24077 No No Less Likely Less Likely Critical 9.8 8.5
Windows Graphics Component Remote Code Execution Vulnerability
CVE-2021-24093 No No Less Likely Less Likely Critical 8.8 7.7
Windows Installer Elevation of Privilege Vulnerability
CVE-2021-1727 Yes No More Likely More Likely Important 7.8 7.0
Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-24096 No No Less Likely Less Likely Important 7.8 6.8
Windows Local Spooler Remote Code Execution Vulnerability
CVE-2021-24088 No No Less Likely Less Likely Critical 8.8 7.7
Windows Mobile Device Management Information Disclosure Vulnerability
CVE-2021-24084 No No Less Likely Less Likely Important 5.5 4.8
Windows Network File System Denial of Service Vulnerability
CVE-2021-24075 No No Less Likely Less Likely Important 6.8 5.9
Windows PKU2U Elevation of Privilege Vulnerability
CVE-2021-25195 No No Less Likely Less Likely Important 7.8 6.8
Windows Remote Procedure Call Information Disclosure Vulnerability
CVE-2021-1734 No No Less Likely Less Likely Important 7.5 6.5
Windows TCP/IP Denial of Service Vulnerability
CVE-2021-24086 No No More Likely More Likely Important 7.5 6.5
Windows TCP/IP Remote Code Execution Vulnerability
CVE-2021-24074 No No More Likely More Likely Critical 9.8 8.5
CVE-2021-24094 No No More Likely More Likely Critical 9.8 8.5
Windows Trust Verification API Denial of Service Vulnerability
CVE-2021-24080 No No Less Likely Less Likely Moderate 6.5 5.7
Windows Win32k Elevation of Privilege Vulnerability
CVE-2021-1732 No Yes Detected Detected Important 7.8 7.2
CVE-2021-1698 No No More Likely More Likely Important 7.8 6.8

--
Renato Marinho
Morphus Labs| LinkedIn|Twitter

Keywords:
0 comment(s)
Diary Archives