Learn What IT Pros Need to Know About Windows 11 - August 26th at 1 PM ET! Learn What IT Pros Need to Know About Windows 11 - August 26th at 1 PM ET!

Patch Tuesday – February 2021

Microsoft has released a relatively small number of fixes this month, in total just 56. But they include patches for a zero-day flaw in the Win32k component and some serious TCP/IP networking stack vulnerabilities.

Windows and Windows Server

February’s cumulative update (CU) for Windows 10 comes with a patch for a zero-day Elevation of Privilege flaw (CVE-2021-1732) in Win32k. Zero-days are bugs that are exploited in the wild before a patch is made available. Win32k is a core component of Windows and compromise can lead to a hacker gaining SYSTEM access.

According to Chinese security company DBAPPSecurity, the flaw has been leveraged by a group called Bitter, which has a history of attacks against users and organizations in Pakistan and China. DBAPPSecurity describes the attack as high-quality and sophisticated. The zero-day has been exploited for the previous 7 months.

Information about six other bugs were made public before Patch Tuesday: CVE-2021-1721, CVE-2021-1733, CVE-2021-26701, CVE-2021-1727, CVE-2021-24098, and CVE-2021-24106. While they were not being actively exploited, it won’t take long for hackers to weaponize them.

Sponsored Content

Read the Best Personal and Business Tech without Ads

Staying updated on what is happening in the technology sector is important to your career and your personal life but ads can make reading news, distracting. With Thurrott Premium, you can enjoy the best coverage in tech without the annoying ads.

TCP/IP exploits

Microsoft published a separate blog post about three TCP/IP exploits: CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086. The first two are critical Remote Code Execution (RCE) flaws. Microsoft says they are complex and that it would be difficult to create working exploits. But while it may mean in the short-term hackers are unable to weaponize the flaws, you should update your systems as soon as possible. The third patch is for a Denial of Service (DoS) vulnerability and it is easier to exploit.

Microsoft recommends deploying February’s CU for Windows 10 and Windows Server this month. For organizations that are unable to apply the patch immediately, each CVE details a workaround that doesn’t require restarting servers.

Exchange, SQL, and SharePoint Server

Exchange Server 2016 and 2019 get two updates, both rated important. CVE-2021-24085 is a spoofing vulnerability that could let authenticated attackers leak a cert file, resulting in the generation of a CSRF token. And CVE-2021-1730 is another spoofing vulnerability but this time in the Exchange Server installer.

SharePoint Server versions through 2010 to 2019 get patches for important RCE bugs, information disclosure flaws, and spoofing vulnerabilities.

Microsoft Office

The Microsoft 365 Apps for Enterprise (Click-To-Run) get three patches for RCE vulnerabilities in Excel.

Adobe Software

Finally, be sure to upgrade Adobe Reader to the latest version. A critical buffer overflow vulnerability (CVE-2021-21017) has already been exploited in the wild, targeting Windows users. Adobe says that attacks have been limited. An update for Windows and macOS patches multiple critical and important vulnerabilities in Adobe Acrobat and Adobe Reader.


Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.

Register for Advanced Microsoft 365 Day!

GET-IT: Advanced Microsoft 365 1-Day Virtual Conference - Live August 24th!

Join us on Tuesday, August 24th and hear from Microsoft MVPs and industry experts about how to take advantage of Microsoft 365 at a technical level and dive deep into the features and functionality that will make your environment more secure and compliant.


Sponsored By