⚡ TL;DR | Go Straight to the February 2021 Patch Tuesday Audit Report.
Microsoft released fixes for 56 security vulnerabilities as part of its second Patch Tuesday roll-up of 2021, 9 of which 56 are rated "critical". Including one Windows Zero-day being actively exploited in the wild.
Windows Win32k Elevation of Privilege Vulnerability
Tracked as CVE-2021-1732, the Windows zero-day is an elevation of privilege vulnerability in Win32k, a core component of the Windows operating system. In order for the attacker to exploit this EoP vulnerability, they already need some kind of access to the system. If they succeed, they can install programs, adjust data and much more. The flaw affects Windows 10, Server 2016 and later editions.
CVE-2020-1472 - Zerologon Patch - Phase 2
Microsoft is enforcing the second rollout of security improvements as part of a two-phase update to address CVE-2020-1472, a severe Windows Server dubbed "Zerologon" vulnerability that first saw active exploitation back in September 2020. The flaw lets an unauthenticated attacker gain administrative access to a Windows domain controller and run any application at will.
Microsoft's initial patch for Windows Server systems was included in their August 2020 Patch Tuesday updates. This second phase has to stop unsupported or third-party devices from talking to domain controllers using the insecure Netlogon communications method.
CVE-2021-24094, CVE-2021-24086 and CVE-2021-24074 - Windows TCP/IP Vulnerabilities
Bot CVE-2021-24094 and CVE-2021-24074 are marked as Remote Code Execution vulnerability within the Windows TCP/IP. Microsoft says that an actual exploit of these two vulnerabilities is highly unlikely. CVE-2021-24086 is a Denial of Service (DoS) flaw which will be exploited much faster with the help of the two RCE vulnerabilities. It's advisable to patch all your installations as soon as possible.
Get Started with Lansweeper
Discover assets you don't even know about and learn why Lansweeper is used by thousands of organizations worldwide.
CVE-2021-24078 - Windows DNS Server Remote Code Execution Vulnerability
There is an RCE (Remote Code Execution) flaw dubbed CVE-2021-24078 that affects Windows Server version 2008 to 2019 if they are configuered as a DNS server. The attacker doesn't need a privileged account or some sort in order to exploit this flaw. It affects your DNS server so this flaw could spreak through your whole IT network. Because CVE-2021-24078 is likely to be exploited, it has a critical rating.
CVE-2021-1727- Windows Installer Elevation of Privilege vulnerability
This bug is already public and is likely to be exploited. CVE-2021-1727 can only be exploited if a local attacker has access to a low-privileged user account. The attacker is then able to load in malicious software onto the system.
Run the February 2021 Patch Tuesday Audit Report
Just like the previous months, our experts created a Patch Tuesday Audit Report that checks if the assets in your network are on the latest patch updates. It's color-coded to give you an easy and quick overview of which assets are already on the latest Windows update, and which ones still need to be patched. As always, all admins are advised to install these security updates as soon as possible to protect Windows from security risks.
If you haven't already, start your free Lansweeper trial to run the Microsoft Patch Tuesday Report. Make sure to subscribe via the form below if you want to receive the latest Microsoft Patch reports and bonus network reports.