You are currently viewing Patch Tuesday: Microsoft Security Bulletin Summary for February 2021

Patch Tuesday: Microsoft Security Bulletin Summary for February 2021

Microsoft has roll-out its February security updates on this month’s patch Tuesday for 56 vulnerabilities, including a zero-day in its product line. Released patches include products such as Windows operating system, Edge browser, Microsoft Office, and services. Out of these, 11 are classified as critical, 43 of them have been classified as important, and the other two are moderate in severity.

The patch for actively exploited zero-day (CVE-2021-1732) vulnerability has been released by Microsoft. This publicly acknowledged zero-day vulnerability causes Elevation of Privilege in Win32k, a core operating system multi-user driver file used by Windows kernel.

Zero-day vulnerability

Windows Win32k Elevation Of Privilege vulnerability | CVE-2021-1732

This zero-day affects Windows 10, Server 2016, and later editions of Windows OS. According to the Common Vulnerability Scoring System (CVSS), this actively exploited vulnerability takes an impact level of Important. The affected modules cannot be overlooked even though the severity is non-critical. Win32k.sys is a common system file used by the Windows kernel, mostly targeted by evasive malware. This particular vulnerability exposure requires an authenticated attacker to succeed. Hence it is important and non-critical. But unauthenticated attackers can target an existing vulnerability in the affected system to exploit Win32k. This is a highly expected exploitation technique, a known issue from the past.

  • On successful exploitation, an attacker can gain system-level access by elevating their privilege to administrative privileges.

Interesting Vulnerabilities

.NET Core and Visual Studio Denial of Service and Remote Code Execution vulnerability | CVE-2021-1721, CVE-2021-26701

This publicly disclosed Denial of Service (DOS) and Remote Code Execution (RCE) vulnerability exists in Microsoft’s developer tools such as .NET, Visual Studio, and Powershell Core. On a daily basis, these technologies are used by enterprise software, legacy codebases, and developers. Vulnerability in development tools may also affect the software supply chain process, which caused the highly evasive and persistent SolarWinds attack in the past. Unlike other fixes, Windows updates do not roll out the automatic patches for .NET. Users are advised to manually patch or use SecPod SanerNow Platform to patch these vulnerabilities instantly.

  • On successful exploitation, an attacker can execute their commands remotely and can perform a denial of service on the victim system.

Sysinternals PsExec Elevation of Privilege vulnerability | CVE-2021-1733

This publicly disclosed elevation of privilege vulnerability exists in Windows Sysinternals PsExec, a process executor commonly used by IT organizations to execute processes on remote systems. PsExec is an internal program and often targeted by virus software to stay dormant and also gain write access to remote connections. Attackers utilize this program to persist in the network. This vulnerability has a patch and all the latest versions are not affected anymore. But continuous remediation is required for these mission-critical programs.

  • On successful exploitation, an attacker can gain administrator privilege and can take down or control the whole network.

Windows Console Driver Denial of Service vulnerability | CVE-2021-24098

This publicly disclosed denial of service vulnerability exists in Windows Console Driver, a command-line tool to control and configure the remote devices running windows as its operating system. Compromising this tool requires an authenticated user to interact on a specially crafted file from the attacker, which can be triggered by a phishing mail. However, the attacker cannot force authenticated user, due to which it is rated as Important.

  • On successful exploitation, an attacker can exhaust the victim system by causing a denial of service.

Microsoft security bulletin summary for February 2021

  • .NET Core
  • .NET Framework
  • Azure IoT
  • Developer Tools
  • Microsoft Azure Kubernetes Service
  • Microsoft Dynamics
  • Microsoft Edge for Android
  • Microsoft Exchange Server
  • Microsoft Graphics Component
  • Microsoft Office Excel
  • Microsoft Office SharePoint
  • Microsoft Windows Codecs Library
  • PowerShell Core
  • Role: DNS Server
  • Role: Hyper-V
  • Role: Windows Fax Service
  • Skype for Business
  • SysInternals
  • System Center
  • Visual Studio
  • Windows Address Book
  • Windows Backup Engine
  • Windows Console Driver
  • Windows Defender
  • Windows DirectX
  • Windows Event Tracing
  • Windows Installer
  • Windows Kernel
  • Windows Mobile Device Management
  • Windows Network File System
  • Windows PFX Encryption
  • Windows PKU2U
  • Windows PowerShell
  • Windows Print Spooler Components
  • Windows Remote Procedure Call
  • Windows TCP/IP
  • Windows Trust Verification API

Product: Microsoft Windows (Address Book, Backup Engine, Console Driver, Defender, DirectX, Event Tracing, Installer, Mobile Device Management, Network File System, PFX Encryption, PKU2U, PowerShell, Print Spooler Components, Remote Procedure Call, TCP/IP, Trust Verification API, Windows Codecs Library, Microsoft Graphics Component)
Role (Vulnerable When Enabled): DNS Server, Hyper-V, Windows Fax Service
CVEs/Advisory: CVE-2020-17162, CVE-2021-1698, CVE-2021-1722, CVE-2021-1727, CVE-2021-1731, CVE-2021-1732, CVE-2021-1734, CVE-2021-24074, CVE-2021-24075, CVE-2021-24076, CVE-2021-24077, CVE-2021-24078, CVE-2021-24079, CVE-2021-24080, CVE-2021-24081, CVE-2021-24082, CVE-2021-24083, CVE-2021-24084, CVE-2021-24086, CVE-2021-24088, CVE-2021-24091, CVE-2021-24093, CVE-2021-24094, CVE-2021-24096, CVE-2021-24098, CVE-2021-24102, CVE-2021-24103, CVE-2021-24106, CVE-2021-25195
Impact: Denial of Service, Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass
Severity: Critical
KBs: 4570333, 4571756, 4574727, 4577015, 4577032, 4577038, 4577048, 4577049, 4577066, 4577071, 4601315, 4601318, 4601319, 4601331, 4601345, 4601348, 4601349, 4601354, 4601357, 4601384

Product: Developer Tools ( .NET Core, .NET Framework, Visual Studio, Visual Studio Code)
CVEs/Advisory: CVE-2021-1639, CVE-2021-1721, CVE-2021-24105, CVE-2021-24111, CVE-2021-24112, CVE-2021-26700, CVE-2021-26701
Impact: Denial of Service, Elevation of Privilege, Remote Code Execution
Severity: Critical
KBs: 4601050, 4601051, 4601054, 4601056, 4601318, 4601354, 4601887, 4602958, 4602959, 4602960, 4602961, 4603002, 4603003, 4603004, 4603005

Product: Sysinternals
CVEs/Advisory: CVE-2021-1733
Impact: Elevation Of Privilege
Severity: Critical

Product: Microsoft Office (Lync, Office, Teams, Skype, SharePoint)
CVEs/Advisory: CVE-2021-1726, CVE-2021-24066, CVE-2021-24067, CVE-2021-24068, CVE-2021-24069, CVE-2021-24070, CVE-2021-24071, CVE-2021-24072, CVE-2021-24073, CVE-2021-24099, CVE-2021-24114
Impact: Denial of Service, Impact, Information Disclosure, Remote Code Execution, Spoofing
Severity: Important
KBs: 4493192, 4493194, 4493195, 4493196, 4493204, 4493210, 4493211, 4493222, 4493223, 5000675, 5000688

Product: Azure (IoT, Kubernetes Service)
CVEs/Advisory: CVE-2021-24087, CVE-2021-24109
Impact: Elevation of Privilege
Severity: Important

Product: Microsoft Exchange Server
CVEs/Advisory: CVE-2021-1730, CVE-2021-24085
Impact: Spoofing
Severity: Critical
KBs: 4602269, 4571788

Product: Microsoft Edge for Android
CVEs/Advisory: CVE-2021-24100
Impact: Information Disclosure
Severity: Important

Product: System Center
CVEs/Advisory: CVE-2021-1728
Impact: Elevation of Privilege
Severity: Important
KBs: 4601269

Product: Microsoft Dynamics
CVEs/Advisory: CVE-2021-1724, CVE-2021-24101
Impact: Information Disclosure, Spoofing
Severity: Important
KBs: 4595460, 4595463, 4602915

Product: PowerShell Core
CVEs/Advisory: CVE-2021-26701, CVE-2021-1721
Impact: Remote Code Execution
Severity: Critical

Update :

On July 01, 2021, in a blog post, Microsoft has told users to update PowerShell to protect against a critical code execution vulnerability. Users are urged to install the latest versions of PowerShell 7.0.6 (For PowerShell 7.0) and 7.1.3 (For PowerShell 7.1) as soon as possible.

SanerNow detects these vulnerabilities and automatically fixes them by applying security updates. Download SanerNow and keep your systems updated and secure.

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments