February 2021 Patch Bulletin
ECHO releases this monthly patch bulletin for all our IT clients to provide you quick access to the latest Microsoft patches which include critical updates as well as common vulnerabilities and exposures.
Microsoft released patches for 64 CVEs covering Microsoft Windows components this month. Of these 64 CVEs, 11 are listed as Critical, 51 are listed as Important, and two are listed as Moderate in severity. One bug is known to be actively exploited and six other bugs are listed as being publicly known. We pay close attention to:
CVE-2021-1732 – Windows Win32k Elevation of Privilege Vulnerability. This local privilege escalation would allow a logged-on user to execute code of their choosing at higher privileges.
CVE-2021-24078 – Windows DNS Server Remote Code Execution Vulnerability – This patch fixes a bug in the Windows DNS Server that could allow remote code execution on affected systems.
CVE-2021-24074 – This bugs could allow remote, unauthenticated code execution on affected system the vulnerability resides in IPv4 source routing, which should be disabled by default.
For additional details, please find the information from Microsoft below:
| Technology | Products Affected | Severity | Reference | Workaround/Exploited/ Publicly Disclosed Vulnerability Info | |
|---|---|---|---|---|---|
| Edge | Edge Chromium-Based | Important | CVE-2021-21142 CVE-2021-21143 CVE-2021-21144 CVE-2021-21145 CVE-2021-21146 CVE-2021-21147 CVE-2021-21148 CVE-2021-24113 CVE-2021-21142 CVE-2021-21142 CVE-2021-21142 CVE-2021-21142 | Workaround: No Exploited: No Public: No | Security Bypass |
| .NET | 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 5.0 .NET Core 2.1, 3.1 | Critical | CVE-2021-1721 CVE-2021-24111 CVE-2021-24112 CVE-2021-26701 | Workaround: No Exploited: No Public: Yes | Remote Code Execution Denial of Service |
| Visual Studio | 2017, 2019 Visual Studio Code, npm-script extension | Important | CVE-2021-1639 CVE-2021-1721 CVE-2021-26700 | Workaround: No Exploited: No Public: No | Remote Code Execution Denial of Service |
| PsExec | All | Important | CVE-2021-1733 | Workaround: No Exploited: No Public: Yes | Elevation of Privilege |
| Exchange | Server 2016, 2019 | Important | CVE-2021-1730 CVE-2021-1730 CVE-2021-24085 CVE-2021-24085 CVE-2021-24085 CVE-2021-24085 | Workaround: No Exploited: No Public: No | Spoofing |
| Azure | Azure Kubernetes Service Azure IoT CLI Extension | Important | CVE-2021-24087 CVE-2021-24109 | Workaround: No Exploited: No Public: No | Elevation of Privilege |
| Dynamics | Dynamics 365, 365 Business Central 2019, Dyanmics NAV 2015, 2016, 2017, 2018 | Important | CVE-2021-1724 CVE-2021-24101 | Workaround: No Exploited: No Public: No | Spoofing Information Disclosure |
| Office | 365 Apps for Enterprise Excel 2010, 2013, 2016 Lync Server 2013 Office 2019, 2019 for Mac, Online Server Office Web Apps Server 2013 SharePoint Enterprise Server 2013 SharePoint Foundation 2010, 2013 SharePoint Server 2019 Office Online Server Skype for Business Server 2015, 2019 | Important | CVE-2021-1724 CVE-2021-24101CVE-2021-1726 CVE-2021-24066 CVE-2021-24067 CVE-2021-24068 CVE-2021-24069 CVE-2021-24070 CVE-2021-24071 CVE-2021-24072 CVE-2021-24073 CVE-2021-24099 CVE-2021-24114 | Workaround: No Exploited: No Public: No | Information Disclosure Denial of Service Remote Code Execution Spoofing |
| System Center | Defender Endpoint Protection Security Essentials System Center 2012, Endpoint Protection, 2019 Operations Manager | Important | CVE-2021-1728 CVE-2021-24092 | Workaround: No Exploited: No Public: No | Elevation of Privilege |
| Windows | Windows 8.1, RT 8.1, 10 Server 2012, 2016, 2019 | Critical | CVE-2021-1698 CVE-2021-1722 CVE-2021-1727 CVE-2021-1731 CVE-2021-1732 CVE-2021-1734 CVE-2021-24074 CVE-2021-24075 CVE-2021-24076 CVE-2021-24077 CVE-2021-24078 CVE-2021-24079 CVE-2021-24080 CVE-2021-24081 CVE-2021-24082 CVE-2021-24083 CVE-2021-24084 CVE-2021-24086 CVE-2021-24088 CVE-2021-24091 CVE-2021-24093 CVE-2021-24094 CVE-2021-24096 CVE-2021-24098 CVE-2021-24102 CVE-2021-24103 CVE-2021-24106 CVE-2021-24195 | *Workaround: Yes Exploited: Yes Public: Yes | Denial of Service Elevation of Privilege Information Disclosure Remote Code Execution Security Feature Bypass |
| Package Manager Configurations | All | Important | CVE-2021-24105 | Workaround: No Exploited: No Public: No | Remote Code Execution |
In case of any questions or clarifications please feel free to reach out to ECHO’s Service Desk.