Microsoft has roll-out its February 2021 patch Tuesday security updates on this month’s for 56 vulnerabilities, including a zero-day in its product line. Released patches include products such as Windows operating system, Edge browser, Microsoft Office, and services. Out of these, 11 are classified as critical, 43 of them have been classified as important, and the other two are moderate in severity. Vulnerability scanning was helpful in this.
The patch for actively exploited zero-day (CVE-2021-1732) vulnerability has been released by Microsoft. This publicly acknowledged zero-day vulnerability causes Elevation of Privilege in Win32k, a core operating system multi-user driver file used by Windows kernel.
Zero-day vulnerability
Windows Win32k Elevation Of Privilege vulnerability | CVE-2021-1732
This zero-day affects Windows 10, Server 2016, and later editions of Windows OS. According to the Common Vulnerability Scoring System (CVSS), this actively exploited vulnerability takes an impact level of Important. The affected modules cannot be overlooked even though the severity is non-critical. Win32k.sys is a common system file used by the Windows kernel, mostly targeted by evasive malware. This particular vulnerability exposure requires an authenticated attacker to succeed. Hence it is important and non-critical. But unauthenticated attackers can target an existing vulnerability in the affected system to exploit Win32k. This is a highly expected exploitation technique, a known issue from the past.
- On successful exploitation, an attacker can gain system-level access additionally by elevating their privilege to administrative privileges.
Interesting Vulnerabilities
.NET Core and Visual Studio Denial of Service and Remote Code Execution vulnerability | CVE-2021-1721, CVE-2021-26701
This publicly disclosed Denial of Service (DOS) and Remote Code Execution (RCE) vulnerability exists in Microsoft’s developer tools such as .NET, Visual Studio, and Powershell Core. On a daily basis, these technologies are used by enterprise software, legacy codebases, and developers. Vulnerability in development tools may also affect the software supply chain process, which caused the highly evasive and persistent SolarWinds attack in the past. Unlike other fixes, Windows updates do not roll out the automatic patches for .NET. Therefore Users are advised to manually patch or use SecPod SanerNow Platform to patch these vulnerabilities instantly.
-
On successful exploitation, an attacker can execute their commands remotely and hence can perform a denial of service on the victim system.
Sysinternals PsExec Elevation of Privilege vulnerability | CVE-2021-1733
This publicly disclosed elevation of privilege vulnerability exists in Windows Sysinternals PsExec, a process executor is therefore commonly used by IT organizations to execute processes on remote systems. PsExec is an internal program and often targeted by virus software to stay dormant and also gain write access to remote connections. Attackers utilize this program to therefore persist in the network. This vulnerability has a patch and therefore all the latest versions are not affected anymore. But continuous remediation is required for these mission-critical programs.
- Additionally On successful exploitation, an attacker can gain administrator privilege and can take down or control the whole network.
Windows Console Driver Denial of Service vulnerability | CVE-2021-24098
This publicly disclosed denial of service vulnerability exists in Windows Console Driver, a command-line tool to control and configure the remote devices thus running windows as its operating system. Compromising this tool requires an authenticated user to interact on a specially crafted file from the attacker, thus can be triggered by a phishing mail. However, the attacker cannot force authenticated user, due to which it is rated as Important.
- Additionally on successful exploitation, an attacker can exhaust the victim system by causing a denial of service.
Microsoft security bulletin summary for February 2021
- .NET Core
- .NET Framework
- Azure IoT
- Developer Tools
- Microsoft Azure Kubernetes Service
- Microsoft Dynamics
- Microsoft Edge for Android
- Microsoft Exchange Server
- Microsoft Graphics Component
- Microsoft Office Excel
- Microsoft Office SharePoint
- Microsoft Windows Codecs Library
- PowerShell Core
- Role: DNS Server
- Role: Hyper-V
- Role: Windows Fax Service
- Skype for Business
- SysInternals
- System Center
- Visual Studio
- Windows Address Book
- Windows Backup Engine
- Windows Console Driver
- Windows Defender
- Windows DirectX
- Windows Event Tracing
- Windows Installer
- Windows Kernel
- Windows Mobile Device Management
- Windows Network File System
- Windows PFX Encryption
- Windows PKU2U
- Windows PowerShell
- Windows Print Spooler Components
- Windows Remote Procedure Call
- Windows TCP/IP
- Windows Trust Verification API
Product Information
1.Product: Microsoft Windows (Address Book, Backup Engine, Console Driver, Defender, DirectX, Event Tracing, Installer, Mobile Device Management, Network File System, PFX Encryption, PKU2U, PowerShell, Print Spooler Components, Remote Procedure Call, TCP/IP, Trust Verification API, Windows Codecs Library, Microsoft Graphics Component)
Role (Vulnerable When Enabled): DNS Server, Hyper-V, Windows Fax Service
CVEs/Advisory: CVE-2020-17162, CVE-2021-1698, CVE-2021-1722, CVE-2021-1727, CVE-2021-1731, CVE-2021-1732, CVE-2021-1734, CVE-2021-24074, CVE-2021-24075, CVE-2021-24076, CVE-2021-24077, CVE-2021-24078, CVE-2021-24079, CVE-2021-24080, CVE-2021-24081, CVE-2021-24082, CVE-2021-24083, CVE-2021-24084, CVE-2021-24086, CVE-2021-24088, CVE-2021-24091, CVE-2021-24093, CVE-2021-24094, CVE-2021-24096, CVE-2021-24098, CVE-2021-24102, CVE-2021-24103, CVE-2021-24106, CVE-2021-25195
Impact: Denial of Service, Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass
Severity: Critical
KBs: 4570333, 4571756, 4574727, 4577015, 4577032, 4577038, 4577048, 4577049, 4577066, 4577071, 4601315, 4601318, 4601319, 4601331, 4601345, 4601348, 4601349, 4601354, 4601357, 4601384
2.Product: Developer Tools ( .NET Core, .NET Framework, Visual Studio, Visual Studio Code)
CVEs/Advisory: CVE-2021-1639, CVE-2021-1721, CVE-2021-24105, CVE-2021-24111, CVE-2021-24112, CVE-2021-26700, CVE-2021-26701
Impact: Denial of Service, Elevation of Privilege, Remote Code Execution
Severity: Critical
KBs: 4601050, 4601051, 4601054, 4601056, 4601318, 4601354, 4601887, 4602958, 4602959, 4602960, 4602961, 4603002, 4603003, 4603004, 4603005
3.Product: Sysinternals
CVEs/Advisory: CVE-2021-1733
Impact: Elevation Of Privilege
Severity: Critical
4.Product: Microsoft Office (Lync, Office, Teams, Skype, SharePoint)
CVEs/Advisory: CVE-2021-1726, CVE-2021-24066, CVE-2021-24067, CVE-2021-24068, CVE-2021-24069, CVE-2021-24070, CVE-2021-24071, CVE-2021-24072, CVE-2021-24073, CVE-2021-24099, CVE-2021-24114
Impact: Denial of Service, Impact, Information Disclosure, Remote Code Execution, Spoofing
Severity: Important
KBs: 4493192, 4493194, 4493195, 4493196, 4493204, 4493210, 4493211, 4493222, 4493223, 5000675, 5000688
5.Product: Azure (IoT, Kubernetes Service)
CVEs/Advisory: CVE-2021-24087, CVE-2021-24109
Impact: Elevation of Privilege
Severity: Important
6.Product: Microsoft Exchange Server
CVEs/Advisory: CVE-2021-1730, CVE-2021-24085
Impact: Spoofing
Severity: Critical
KBs: 4602269, 4571788
7.Product: Microsoft Edge for Android
CVEs/Advisory: CVE-2021-24100
Impact: Information Disclosure
Severity: Important
8.Product: System Center
CVEs/Advisory: CVE-2021-1728
Impact: Elevation of Privilege
Severity: Important
KBs: 4601269
9.Product: Microsoft Dynamics
CVEs/Advisory: CVE-2021-1724, CVE-2021-24101
Impact: Information Disclosure, Spoofing
Severity: Important
KBs: 4595460, 4595463, 4602915
10.Product: PowerShell Core
CVEs/Advisory: CVE-2021-26701, CVE-2021-1721
Impact: Remote Code Execution
Severity: Critical
Update :
On July 01, 2021, in a blog post, Microsoft has finally told users to update PowerShell to protect against a critical code execution vulnerability. Users are urged to install the latest versions of PowerShell 7.0.6 (For PowerShell 7.0) and 7.1.3 (For PowerShell 7.1) as soon as possible.
SanerNow detects these vulnerabilities and automatically fixes them by additionally applying security updates. Therefore download SanerNow and keep your systems updated and secure.