fb
Homepage 5 Blog 5 Microsoft Patch Tuesday, February 2021 Review

Microsoft Patch Tuesday, February 2021 Review

Manage remote endpoints, deploy software and patches with a robust cloud-based Action1 RMM solution. Start your 2-week trial or use free forever for up to 50 endpoints.



Microsoft just rolled out its monthly patches and updates in what has now become known as Microsoft Patch Tuesday. On February 9, Microsoft released fixes for 56 security flaws, including a zero-day vulnerability that had already been exploited in the wild. Eleven of those 56 vulnerabilities were regarded as critical, with a combined threat profile comprising remote code execution (RCE), the elevation of privileges, information disclosure, denial of service (DoS), security feature bypass, and spoofing. Let’s look at the critical security issues addressed in February’s patch release and how you can protect your Windows-powered endpoints against the newly discovered vulnerabilities.

The win32k Vulnerability

Labeled CVE-2021-1732, the latest zero-day vulnerability affects Win32k.sys, a critical kernel element in Windows OS. The flaw can be exploited to elevate a user’s privilege to ADMIN-level access. An attacker had already exploited the bug months before the patch was available. A Chinese digital security company detected the zero-day exploit developed in mid-2020 to target Windows 10 build 1906. The report described the exploit as sophisticated and cautious for remaining undetected for so long. Interestingly, Microsoft only rated the fix for this vulnerability as “important” despite being exploited and reported prior to this release. The only reason CVE-2021-1732 has such a relatively low threat score is that the hacker can only escalate their user privilege after having already gained access and control of the device in question.

More Vulnerabilities That Came to Light

Besides the CVE-2021-1732 zero-day vulnerability, a total of six vulnerabilities were also posted online before this month’s Patch Tuesday. The bulk patch release included fixes for three vulnerabilities in the Windows Internet Protocol Suite. Here is a highlight of the notable vulnerabilities addressed this February:
  • CVE-2021-1727: This allows privilege escalation on Win 10 and Server systems.
  • CVE-2021-24078: A critical Windows DNS Server RCE Vulnerability that could be exploited to hijack domain name resolution in corporate networks and redirect incoming traffic.
  • CVE-2021-26701: This is a publicly disclosed RCE Vulnerability in .NET Core 2.1 and 3.1 and .NET 5.1. Microsoft rated this “critical.”
  • CVE-2021-1721: A publicly disclosed DoS vulnerability affecting .NET 5.0, .NET Core 3.1 and 2.1, Microsoft Visual Studio 2017 and 2019, and PowerShell Core 7.0 and 7.1.
  • Windows TCP/IP vulnerability trio: Both CVE-2021-24094 and CVE-2021-24074 are RCE Vulnerabilities that could give away remote control of a Windows system. And CVE-2021-24086 is a DoS vulnerability.
  • CVE-2021-24106: Microsoft describes this as an Information Disclosure Vulnerability in DirectX that could reveal information in uninitialized memory.
  • CVE-2021-24088: A critical Windows Local Spooler RCE Vulnerability on Windows Server and Windows 10.
  • CVE-2021-1733: This is a Privilege Elevation Vulnerability in Sysinternals PsExec. Microsoft rates this exploit “less likely” because the attacker would have to create a named pipe and wait for PsExec to be run.
  • CVE-2021-1722: A critical Windows Fax Service RCE bug.

Who Is at Risk?

This particular Patch Tuesday made headlines due to the sheer number of patches released across such a wide variety of Microsoft products and services. Although most of the exploits score “less likely” on Microsoft’s threat scoring metrics, it’s still best to stay cautious. Here is a list of systems that might be at risk of these exploits:
  • Microsoft Windows (10, Server, and 7)
  • Microsoft Windows Codecs Library
  • .NET Core
  • Visual Studio
  • Microsoft Dynamics
  • Microsoft Edge for Android
  • Microsoft Office

Recommendations on Securing Windows Systems

Microsoft is always quick in responding to zero-day and critical vulnerabilities by releasing timely security patches and updates. Windows systems will automatically install the new patches if the “Automatic Update” feature is enabled. If you’re unsure about your system’s configurations or the installed updates, you can check and install the patches manually. Microsoft recommends all users of the vulnerable systems to run updates as quickly as possible. Some of the systems have effective workarounds for fixing bugs and flaws. These vulnerabilities and their associated exploits are now public knowledge, further increasing the risk for vulnerable systems still missing the latest fixes. The only way to guarantee end-user, server and network safety is to update all Windows systems to the latest versions.

About Action1

Action1 is a cloud-based solution for remote endpoint management and security. Action1 enables automated patch management, remote desktop access, software deployment and distribution, IT asset inventory, network monitoring, reporting, and more. Action1 is a comprehensive single-console remote monitoring and management for MSPs and internal IT departments managing corporate endpoints or multiple clients in both office-based and remote work environments. Sign up to test and use the Action1 solution to manage up to 50 endpoints entirely free of charge with no ads or hidden costs.

February 15, 2021

Related Articles

MSP Pricing Models Guide: Achieving MSP Profitability in 2021

MSP Pricing Models Guide: Achieving MSP Profitability in 2021

Managed IT services is one of the fastest-growing and most lucrative sectors of the business tech industry. The global IT services market is on track to hit $1.1 trillion by 2026, registering an 8.02 CAGR between 2021 and 2026. Although the managed IT market is...

Sure Strategies and Ways to Prevent Cyber Attacks

Sure Strategies and Ways to Prevent Cyber Attacks

Cybercriminals have been leveraging the latest in technology to plan and execute sophisticated cyberattacks. They use artificial intelligence, the Internet of things (IoT), bots, etc., to execute malware installations, ransomware infections, man-in-the-middle (MITM)...

About Action1 RMM

Action1 RMM is a cloud-based IT solution for remote monitoring and management, patching, and remote support.

Start your free two-week trial of Action1, or use RMM tools for free forever on 50 endpoints with no functionality limitations!



0 Comments

Submit a Comment

Your email address will not be published.

cloud patch management solutions action1

MSP Solution

Centralize endpoint management and boost efficiency of IT service delivery.

automated server patch management action compliance

Patch Management

Identify and deploy missing OS and third-party software updates.

cloud software deployment tools windows

Software Deployment

Distribute software and updates across managed endpoints.

software distribution tools software inventory action1

IT Asset Inventory

Keep a detailed inventory and manage hardware and software assets.

web client remote desktop

Remote Desktop

Support users via seamless remote desktop connection.

web based rdp client

Unattended Access

Provide administrative support and manage remote devices.

automated patch management action1

Endpoint Management

Run PowerShell, custom scripts, reboot computers and restart services.

API integrations action1

RESTful API

Integrate Action1 RMM to your IT ecosystem.

computer inventory tool for compliance

Reports and Alerts

Conduct endpoint security audits with comprehensive reporting.