Microsoft February 2021 Patch Tuesday fixes 56 bugs, including Windows zero-day

Microsoft February 2021 Patch Tuesday fixes 56 bugs, including Windows zero-day

  • The OS maker has fixed 56 security vulnerabilities, including a Windows bug that was being exploited in the wild before today’s patches.
  • Tracked as CVE-2021-1732, the Windows zero-day is an elevation of privelege bug in Win32k, a core component of the Windows operating system.
  • Besides the zero-day, this month’s Patch Tuesday also stands out because of the high number of vulnerabilities whose details were made public even before patches were available.
  • In total, six Microsoft product bugs had their details posted online before today’s patches. This included:
    • CVE-2021-1721 – .NET Core and Visual Studio Denial of Service Vulnerability
    • CVE-2021-1733 – Sysinternals PsExec Elevation of Privilege Vulnerability
    • CVE-2021-26701 – .NET Core Remote Code Execution Vulnerability
    • CVE-2021-1727 – Windows Installer Elevation of Privilege Vulnerability
    • CVE-2021-24098 – Windows Console Driver Denial of Service Vulnerability
    • CVE-2021-24106 – Windows DirectX Information Disclosure Vulnerability
  • Microsoft has also released fixes for three vulnerabilities in the Windows TCP/IP stack, which allows the operating system to connect to the internet.
  • Of all Windows systems, Windows Server instances are the ones most likely to be susceptible to attacks, as many are used to host web servers or cloud infrastructure and are almost certainly connected to the internet at all times and exposed to attacks.

– Catalin Cimpanu | February 9, 2021