February 2021 Patch Bulletin

ECHO Technology Solutions

February 2021 Patch Bulletin

ECHO releases this monthly patch bulletin for all our IT clients to provide you quick access to the latest Microsoft patches which include critical updates as well as common vulnerabilities and exposures.

 

Microsoft released patches for 64 CVEs covering Microsoft Windows components this month. Of these 64 CVEs, 11 are listed as Critical, 51 are listed as Important, and two are listed as Moderate in severity. One bug is known to be actively exploited and six other bugs are listed as being publicly known. We pay close attention to:

CVE-2021-1732 – Windows Win32k Elevation of Privilege Vulnerability. This local privilege escalation would allow a logged-on user to execute code of their choosing at higher privileges.

CVE-2021-24078 – Windows DNS Server Remote Code Execution Vulnerability – This patch fixes a bug in the Windows DNS Server that could allow remote code execution on affected systems.

CVE-2021-24074 – This bugs could allow remote, unauthenticated code execution on affected system the vulnerability resides in IPv4 source routing, which should be disabled by default.

For additional details, please find the information from Microsoft below:

Technology Products Affected SeverityReferenceWorkaround/Exploited/ Publicly Disclosed Vulnerability Info
 
EdgeEdge Chromium-BasedImportantCVE-2021-21142
CVE-2021-21143
CVE-2021-21144
CVE-2021-21145
CVE-2021-21146
CVE-2021-21147
CVE-2021-21148
CVE-2021-24113
CVE-2021-21142
CVE-2021-21142
CVE-2021-21142
CVE-2021-21142
Workaround: No
Exploited: No
Public: No
Security Bypass
.NET4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 5.0
.NET Core 2.1, 3.1
CriticalCVE-2021-1721
CVE-2021-24111
CVE-2021-24112
CVE-2021-26701
Workaround: No
Exploited: No
Public: Yes
Remote Code Execution
Denial of Service
Visual Studio2017, 2019
Visual Studio Code, npm-script extension
ImportantCVE-2021-1639
CVE-2021-1721
CVE-2021-26700
Workaround: No
Exploited: No
Public: No
Remote Code Execution
Denial of Service
PsExecAll
ImportantCVE-2021-1733Workaround: No
Exploited: No
Public: Yes
Elevation of Privilege
ExchangeServer 2016, 2019ImportantCVE-2021-1730
CVE-2021-1730
CVE-2021-24085
CVE-2021-24085
CVE-2021-24085
CVE-2021-24085
Workaround: No
Exploited: No
Public: No
Spoofing
AzureAzure Kubernetes Service
Azure IoT CLI Extension
ImportantCVE-2021-24087
CVE-2021-24109
Workaround: No
Exploited: No
Public: No
Elevation of Privilege
DynamicsDynamics 365, 365 Business Central 2019, Dyanmics NAV 2015, 2016, 2017, 2018ImportantCVE-2021-1724
CVE-2021-24101
Workaround: No
Exploited: No
Public: No
Spoofing
Information Disclosure
Office365 Apps for Enterprise
Excel 2010, 2013, 2016
Lync Server 2013
Office 2019, 2019 for Mac,
Online Server
Office Web Apps Server 2013
SharePoint Enterprise Server 2013
SharePoint Foundation 2010, 2013
SharePoint Server 2019
Office Online Server
Skype for Business Server 2015, 2019
ImportantCVE-2021-1724
CVE-2021-24101CVE-2021-1726
CVE-2021-24066
CVE-2021-24067
CVE-2021-24068
CVE-2021-24069
CVE-2021-24070
CVE-2021-24071
CVE-2021-24072
CVE-2021-24073
CVE-2021-24099
CVE-2021-24114
Workaround: No
Exploited: No
Public: No
Information Disclosure
Denial of Service
Remote Code Execution
Spoofing
System CenterDefender Endpoint Protection
Security Essentials
System Center 2012, Endpoint Protection, 2019 Operations Manager
ImportantCVE-2021-1728
CVE-2021-24092
Workaround: No
Exploited: No
Public: No
Elevation of Privilege
WindowsWindows 8.1, RT 8.1, 10
Server 2012, 2016, 2019
CriticalCVE-2021-1698
CVE-2021-1722
CVE-2021-1727
CVE-2021-1731
CVE-2021-1732
CVE-2021-1734
CVE-2021-24074
CVE-2021-24075
CVE-2021-24076
CVE-2021-24077
CVE-2021-24078
CVE-2021-24079
CVE-2021-24080
CVE-2021-24081
CVE-2021-24082
CVE-2021-24083
CVE-2021-24084
CVE-2021-24086
CVE-2021-24088
CVE-2021-24091
CVE-2021-24093
CVE-2021-24094
CVE-2021-24096
CVE-2021-24098
CVE-2021-24102
CVE-2021-24103
CVE-2021-24106
CVE-2021-24195
*Workaround: Yes
Exploited: Yes
Public: Yes
Denial of Service
Elevation of Privilege
Information Disclosure
Remote Code Execution
Security Feature Bypass
Package Manager ConfigurationsAll
ImportantCVE-2021-24105Workaround: No
Exploited: No
Public: No
Remote Code Execution

In case of any questions or clarifications please feel free to reach out to ECHO’s Service Desk.