Microsoft February 2021 update; total 56 vulnerability fixes are added
Microsoft releases its February 2021 patch Tuesday so all Windows support versions. The update brings total 56 vulnerabilities in total, of which 11 are classified as critical, 2 moderate and 43 important ones.
Aside that, Microsoft also fixed one “zero-day” vulnerability and six previously disclosed vulnerabilities with this February 2021 update.
The exploited zero-day vulnerability (CVE-2021-1732) is the Windows Win32k Elevation of Privilege vulnerability allows attackers to elevate their privileges over the administrative privileges. The credit for this vulnerability discovery goes to the researchers at DBAPPSecurity Co., Ltd.
Microsoft also released the patch for numerous previously known vulnerabilities listed below:
- NET Core and Visual Studio Denial of Service Vulnerability (CVE-2021-1721)
- Windows Installer Elevation of Privilege Vulnerability (CVE-2021-1727)
- Windows Console Driver Denial of Service Vulnerability (CVE-2021-24098)
- Windows DirectX Information Disclosure Vulnerability (CVE-2021-24106)
- NET Core Remote Code Execution Vulnerability (CVE-2021-26701)
- Sysinternals PsExec Elevation of Privilege Vulnerability (CVE-2021-1733)
Today, Microsoft also traced a vulnerability CVE-2021-24105 to their Azure Artifactory products. The vulnerability was detected during the PoC attack’s analyses.
This vulnerability exploit can allow malicious actors to design public packages with the name similar to internal ones used by the company. This will further allow them to trigger a supply chain attack.
You can check the official page for the full list of all resolved vulnerabilities with their corresponding advisories of this month patch updates.