Microsoft just rolled out its monthly patches and updates in what has now become known as Microsoft Patch Tuesday. On February 9, Microsoft released fixes for 56 security flaws, including a zero-day vulnerability that had already been exploited in the wild. Eleven of those 56 vulnerabilities were regarded as critical, with a combined threat profile comprising remote code execution (RCE), the elevation of privileges, information disclosure, denial of service (DoS), security feature bypass, and spoofing.
Let’s look at the critical security issues addressed in February’s patch release and how you can protect your Windows-powered endpoints against the newly discovered vulnerabilities.
The win32k Vulnerability
Labeled CVE-2021-1732, the latest zero-day vulnerability affects Win32k.sys, a critical kernel element in Windows OS. The flaw can be exploited to elevate a user’s privilege to ADMIN-level access.
An attacker had already exploited the bug months before the patch was available. A Chinese digital security company detected the zero-day exploit developed in mid-2020 to target Windows 10 build 1906. The report described the exploit as sophisticated and cautious for remaining undetected for so long.
Interestingly, Microsoft only rated the fix for this vulnerability as “important” despite being exploited and reported prior to this release. The only reason CVE-2021-1732 has such a relatively low threat score is that the hacker can only escalate their user privilege after having already gained access and control of the device in question.
More Vulnerabilities That Came to Light
Besides the CVE-2021-1732 zero-day vulnerability, a total of six vulnerabilities were also posted online before this month’s Patch Tuesday. The bulk patch release included fixes for three vulnerabilities in the Windows Internet Protocol Suite.
Here is a highlight of the notable vulnerabilities addressed this February:
- CVE-2021-1727: This allows privilege escalation on Win 10 and Server systems.
- CVE-2021-24078: A critical Windows DNS Server RCE Vulnerability that could be exploited to hijack domain name resolution in corporate networks and redirect incoming traffic.
- CVE-2021-26701: This is a publicly disclosed RCE Vulnerability in .NET Core 2.1 and 3.1 and .NET 5.1. Microsoft rated this “critical.”
- CVE-2021-1721: A publicly disclosed DoS vulnerability affecting .NET 5.0, .NET Core 3.1 and 2.1, Microsoft Visual Studio 2017 and 2019, and PowerShell Core 7.0 and 7.1.
- Windows TCP/IP vulnerability trio: Both CVE-2021-24094 and CVE-2021-24074 are RCE Vulnerabilities that could give away remote control of a Windows system. And CVE-2021-24086 is a DoS vulnerability.
- CVE-2021-24106: Microsoft describes this as an Information Disclosure Vulnerability in DirectX that could reveal information in uninitialized memory.
- CVE-2021-24088: A critical Windows Local Spooler RCE Vulnerability on Windows Server and Windows 10.
- CVE-2021-1733: This is a Privilege Elevation Vulnerability in Sysinternals PsExec. Microsoft rates this exploit “less likely” because the attacker would have to create a named pipe and wait for PsExec to be run.
- CVE-2021-1722: A critical Windows Fax Service RCE bug.
Who Is at Risk?
This particular Patch Tuesday made headlines due to the sheer number of patches released across such a wide variety of Microsoft products and services. Although most of the exploits score “less likely” on Microsoft’s threat scoring metrics, it’s still best to stay cautious. Here is a list of systems that might be at risk of these exploits:
- Microsoft Windows (10, Server, and 7)
- Microsoft Windows Codecs Library
- .NET Core
- Visual Studio
- Microsoft Dynamics
- Microsoft Edge for Android
- Microsoft Office
Recommendations on Securing Windows Systems
Microsoft is always quick in responding to zero-day and critical vulnerabilities by releasing timely security patches and updates. Windows systems will automatically install the new patches if the “Automatic Update” feature is enabled. If you’re unsure about your system’s configurations or the installed updates, you can check and install the patches manually.
Microsoft recommends all users of the vulnerable systems to run updates as quickly as possible. Some of the systems have effective workarounds for fixing bugs and flaws. These vulnerabilities and their associated exploits are now public knowledge, further increasing the risk for vulnerable systems still missing the latest fixes. The only way to guarantee end-user, server and network safety is to update all Windows systems to the latest versions.
Action1 is a cloud-based solution for remote endpoint management and security. Action1 enables automated patch management, remote desktop access, software deployment and distribution, IT asset inventory, network monitoring, reporting, and more. Action1 is a comprehensive single-console remote monitoring and management for MSPs and internal IT departments managing corporate endpoints or multiple clients in both office-based and remote work environments.
Sign up to test and use the Action1 solution to manage up to 50 endpoints entirely free of charge with no ads or hidden costs.