
close
close
Microsoft has released a relatively small number of fixes this month, in total just 56. But they include patches for a zero-day flaw in the Win32k component and some serious TCP/IP networking stack vulnerabilities.
February’s cumulative update (CU) for Windows 10 comes with a patch for a zero-day Elevation of Privilege flaw (CVE-2021-1732) in Win32k. Zero-days are bugs that are exploited in the wild before a patch is made available. Win32k is a core component of Windows and compromise can lead to a hacker gaining SYSTEM access.
advertisment
According to Chinese security company DBAPPSecurity, the flaw has been leveraged by a group called Bitter, which has a history of attacks against users and organizations in Pakistan and China. DBAPPSecurity describes the attack as high-quality and sophisticated. The zero-day has been exploited for the previous 7 months.
Information about six other bugs were made public before Patch Tuesday: CVE-2021-1721, CVE-2021-1733, CVE-2021-26701, CVE-2021-1727, CVE-2021-24098, and CVE-2021-24106. While they were not being actively exploited, it won’t take long for hackers to weaponize them.
Microsoft published a separate blog post about three TCP/IP exploits: CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086. The first two are critical Remote Code Execution (RCE) flaws. Microsoft says they are complex and that it would be difficult to create working exploits. But while it may mean in the short-term hackers are unable to weaponize the flaws, you should update your systems as soon as possible. The third patch is for a Denial of Service (DoS) vulnerability and it is easier to exploit.
Microsoft recommends deploying February’s CU for Windows 10 and Windows Server this month. For organizations that are unable to apply the patch immediately, each CVE details a workaround that doesn’t require restarting servers.
advertisment
Exchange Server 2016 and 2019 get two updates, both rated important. CVE-2021-24085 is a spoofing vulnerability that could let authenticated attackers leak a cert file, resulting in the generation of a CSRF token. And CVE-2021-1730 is another spoofing vulnerability but this time in the Exchange Server installer.
SharePoint Server versions through 2010 to 2019 get patches for important RCE bugs, information disclosure flaws, and spoofing vulnerabilities.
The Microsoft 365 Apps for Enterprise (Click-To-Run) get three patches for RCE vulnerabilities in Excel.
Finally, be sure to upgrade Adobe Reader to the latest version. A critical buffer overflow vulnerability (CVE-2021-21017) has already been exploited in the wild, targeting Windows users. Adobe says that attacks have been limited. An update for Windows and macOS patches multiple critical and important vulnerabilities in Adobe Acrobat and Adobe Reader.
advertisment
More from Russell Smith
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in Security
Microsoft Defender for Office 365 to Get Preset Security Policy Improvements In June
May 23, 2022 | Rabia Noureen
CISA Warns Federal Agencies to Mitigate Critical VMware Vulnerabilities by May 23
May 20, 2022 | Rabia Noureen
CISA Warns Windows Admins Against Applying May Patch Tuesday Updates on Domain Controllers
May 17, 2022 | Rabia Noureen
Microsoft's New Security Experts Service Protects Businesses Against Ransomware Attacks
May 9, 2022 | Rabia Noureen
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group