Microsoft has roll-out its February security updates on this month’s patch Tuesday for 56 vulnerabilities, including a zero-day in its product line. Released patches include products such as Windows operating system, Edge browser, Microsoft Office, and services. Out of these, 11 are classified as critical, 43 of them have been classified as important, and the other two are moderate in severity.
The patch for actively exploited zero-day (CVE-2021-1732) vulnerability has been released by Microsoft. This publicly acknowledged zero-day vulnerability causes Elevation of Privilege in Win32k, a core operating system multi-user driver file used by Windows kernel.
Windows Win32k Elevation Of Privilege vulnerability | CVE-2021-1732
This zero-day affects Windows 10, Server 2016, and later editions of Windows OS. According to the Common Vulnerability Scoring System (CVSS), this actively exploited vulnerability takes an impact level of Important. The affected modules cannot be overlooked even though the severity is non-critical. Win32k.sys is a common system file used by the Windows kernel, mostly targeted by evasive malware. This particular vulnerability exposure requires an authenticated attacker to succeed. Hence it is important and non-critical. But unauthenticated attackers can target an existing vulnerability in the affected system to exploit Win32k. This is a highly expected exploitation technique, a known issue from the past.
- On successful exploitation, an attacker can gain system-level access by elevating their privilege to administrative privileges.
.NET Core and Visual Studio Denial of Service and Remote Code Execution vulnerability | CVE-2021-1721, CVE-2021-26701
This publicly disclosed Denial of Service (DOS) and Remote Code Execution (RCE) vulnerability exists in Microsoft’s developer tools such as .NET, Visual Studio, and Powershell Core. On a daily basis, these technologies are used by enterprise software, legacy codebases, and developers. Vulnerability in development tools may also affect the software supply chain process, which caused the highly evasive and persistent SolarWinds attack in the past. Unlike other fixes, Windows updates do not roll out the automatic patches for .NET. Users are advised to manually patch or use SecPod SanerNow Platform to patch these vulnerabilities instantly.
On successful exploitation, an attacker can execute their commands remotely and can perform a denial of service on the victim system.
Sysinternals PsExec Elevation of Privilege vulnerability | CVE-2021-1733
This publicly disclosed elevation of privilege vulnerability exists in Windows Sysinternals PsExec, a process executor commonly used by IT organizations to execute processes on remote systems. PsExec is an internal program and often targeted by virus software to stay dormant and also gain write access to remote connections. Attackers utilize this program to persist in the network. This vulnerability has a patch and all the latest versions are not affected anymore. But continuous remediation is required for these mission-critical programs.
- On successful exploitation, an attacker can gain administrator privilege and can take down or control the whole network.
Windows Console Driver Denial of Service vulnerability | CVE-2021-24098
This publicly disclosed denial of service vulnerability exists in Windows Console Driver, a command-line tool to control and configure the remote devices running windows as its operating system. Compromising this tool requires an authenticated user to interact on a specially crafted file from the attacker, which can be triggered by a phishing mail. However, the attacker cannot force authenticated user, due to which it is rated as Important.
- On successful exploitation, an attacker can exhaust the victim system by causing a denial of service.
Microsoft security bulletin summary for February 2021
- .NET Core
- .NET Framework
- Azure IoT
- Developer Tools
- Microsoft Azure Kubernetes Service
- Microsoft Dynamics
- Microsoft Edge for Android
- Microsoft Exchange Server
- Microsoft Graphics Component
- Microsoft Office Excel
- Microsoft Office SharePoint
- Microsoft Windows Codecs Library
- PowerShell Core
- Role: DNS Server
- Role: Hyper-V
- Role: Windows Fax Service
- Skype for Business
- System Center
- Visual Studio
- Windows Address Book
- Windows Backup Engine
- Windows Console Driver
- Windows Defender
- Windows DirectX
- Windows Event Tracing
- Windows Installer
- Windows Kernel
- Windows Mobile Device Management
- Windows Network File System
- Windows PFX Encryption
- Windows PKU2U
- Windows PowerShell
- Windows Print Spooler Components
- Windows Remote Procedure Call
- Windows TCP/IP
- Windows Trust Verification API
Product: Microsoft Windows (Address Book, Backup Engine, Console Driver, Defender, DirectX, Event Tracing, Installer, Mobile Device Management, Network File System, PFX Encryption, PKU2U, PowerShell, Print Spooler Components, Remote Procedure Call, TCP/IP, Trust Verification API, Windows Codecs Library, Microsoft Graphics Component)
Role (Vulnerable When Enabled): DNS Server, Hyper-V, Windows Fax Service
CVEs/Advisory: CVE-2020-17162, CVE-2021-1698, CVE-2021-1722, CVE-2021-1727, CVE-2021-1731, CVE-2021-1732, CVE-2021-1734, CVE-2021-24074, CVE-2021-24075, CVE-2021-24076, CVE-2021-24077, CVE-2021-24078, CVE-2021-24079, CVE-2021-24080, CVE-2021-24081, CVE-2021-24082, CVE-2021-24083, CVE-2021-24084, CVE-2021-24086, CVE-2021-24088, CVE-2021-24091, CVE-2021-24093, CVE-2021-24094, CVE-2021-24096, CVE-2021-24098, CVE-2021-24102, CVE-2021-24103, CVE-2021-24106, CVE-2021-25195
Impact: Denial of Service, Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass
KBs: 4570333, 4571756, 4574727, 4577015, 4577032, 4577038, 4577048, 4577049, 4577066, 4577071, 4601315, 4601318, 4601319, 4601331, 4601345, 4601348, 4601349, 4601354, 4601357, 4601384
Product: Developer Tools ( .NET Core, .NET Framework, Visual Studio, Visual Studio Code)
CVEs/Advisory: CVE-2021-1639, CVE-2021-1721, CVE-2021-24105, CVE-2021-24111, CVE-2021-24112, CVE-2021-26700, CVE-2021-26701
Impact: Denial of Service, Elevation of Privilege, Remote Code Execution
KBs: 4601050, 4601051, 4601054, 4601056, 4601318, 4601354, 4601887, 4602958, 4602959, 4602960, 4602961, 4603002, 4603003, 4603004, 4603005
Impact: Elevation Of Privilege
Product: Microsoft Office (Lync, Office, Teams, Skype, SharePoint)
CVEs/Advisory: CVE-2021-1726, CVE-2021-24066, CVE-2021-24067, CVE-2021-24068, CVE-2021-24069, CVE-2021-24070, CVE-2021-24071, CVE-2021-24072, CVE-2021-24073, CVE-2021-24099, CVE-2021-24114
Impact: Denial of Service, Impact, Information Disclosure, Remote Code Execution, Spoofing
KBs: 4493192, 4493194, 4493195, 4493196, 4493204, 4493210, 4493211, 4493222, 4493223, 5000675, 5000688
Product: Microsoft Edge for Android
Impact: Information Disclosure
On July 01, 2021, in a blog post, Microsoft has told users to update PowerShell to protect against a critical code execution vulnerability. Users are urged to install the latest versions of PowerShell 7.0.6 (For PowerShell 7.0) and 7.1.3 (For PowerShell 7.1) as soon as possible.
SanerNow detects these vulnerabilities and automatically fixes them by applying security updates. Download SanerNow and keep your systems updated and secure.