Microsoft February 2021 Patch Tuesday fixes 56 bugs, including Windows zero-day

Microsoft also warns about three nasty vulnerabilities in the Windows TCP/IP stack.

A man works on a laptop computer near a Windows 10 display at Microsoft Build in San Francisco

Microsoft has released today its monthly batch of security updates, known as Patch Tuesday. This month, the OS maker has fixed 56 security vulnerabilities, including a Windows bug that was being exploited in the wild before today's patches.

Tracked as CVE-2021-1732, the Windows zero-day is an elevation of privelege bug in Win32k, a core component of the Windows operating system.

The bug was exploited after attackers gained access to a Windows system in order to obtain SYSTEM-level access.

According to a report from Chinese security firm DBAPPSecurity, the zero-day was employed by an advanced threat actor known as Bitter, with a long history of attacks targeting Pakistani and Chinese organizations and users.

DBAPPSecurity said the zero-day exploit they initially detected was compiled in May 2020 and was designed to target Windows10 1909 64-bits operating system, but that subsequent tests revealed that the bug also impacted the latest Windows10 20H2 64-bitsOS as well.

Of note was that in its report, the Chinese security firm described the zero-day as "high-quality" and "sophisticated," and said that the attacker used it "with caution," going undetected for almost seven months.

Many bug details went public

Besides the zero-day, this month's Patch Tuesday also stands out because of the high number of vulnerabilities whose details were made public even before patches were available.

In total, six Microsoft product bugs had their details posted online before today's patches. This included:

  • CVE-2021-1721 - .NET Core and Visual Studio Denial of Service Vulnerability
  • CVE-2021-1733 - Sysinternals PsExec Elevation of Privilege Vulnerability
  • CVE-2021-26701 - .NET Core Remote Code Execution Vulnerability
  • CVE-2021-1727 - Windows Installer Elevation of Privilege Vulnerability
  • CVE-2021-24098 - Windows Console Driver Denial of Service Vulnerability
  • CVE-2021-24106 - Windows DirectX Information Disclosure Vulnerability

The good news is that none of these bugs were exploited by attackers, despite their details being posted online.

Warning about TCP/IP bugs

But that's not all. This month, Microsoft has also released fixes for three vulnerabilities in the Windows TCP/IP stack, which allows the operating system to connect to the internet.

Two of these bugs (CVE-2021-24074CVE-2021-24094) apply fixes for remote code execution vulnerabilities that could allow attackers to take over Windows systems remotely.

A third bug (CVE-2021-24086) could be used to crash Windows devices.

"The two RCE vulnerabilities are complex which make it difficult to create functional exploits, so they are not likely [to be exploited] in the short term," Microsoft said in a blog post specifically published to warn about these three issues.

"We believe attackers will be able to create DoS exploits much more quickly and expect all three issues might be exploited with a DoS attack shortly after release," the company added. "Thus, we recommend customers move quickly to apply Windows security updates this month."

Of all Windows systems, Windows Server instances are the ones most likely to be susceptible to attacks, as many are used to host web servers or cloud infrastructure and are almost certainly connected to the internet at all times and exposed to attacks.

"It is essential that customers apply Windows updates to address these vulnerabilities as soon as possible," Microsoft said.

If patches can't be applied right away, various workarounds can be deployed, details in each vulnerability's advisory.

And last but not least, there's also CVE-2021-24078. Described as a remote code execution bug in the Windows DNS server component, the bug could be exploited to hijack domain-name resolution operations inside corporate environments, and redirect legitimate traffic to malicious servers. With a severity score of 9.8 out of 10, the bug is as bad as it gets, if left unpatched, and would most likely atract attackers.


Below are additional details about today's Microsoft Patch Tuesday and security updates released by other tech companies:

  • Microsoft's official Security Update Guide portal lists all security updates in a filterable table.
  • ZDNet has published this file listing all this month's security advisories on one single page.
  • Adobe's security updates are detailed here.
  • SAP security updates are available here.
  • Intel security updates are available here.
  • VMWare security updates are available here.
  • Chrome 88 security updates are detailed here.
  • Android security updates are available here.
TagCVE IDCVE Title
.NET Core CVE-2021-26701 .NET Core Remote Code Execution Vulnerability
.NET Core CVE-2021-24112 .NET Core Remote Code Execution Vulnerability
.NET Core & Visual Studio CVE-2021-1721 .NET Core and Visual Studio Denial of Service Vulnerability
.NET Framework CVE-2021-24111 .NET Framework Denial of Service Vulnerability
Azure IoT CVE-2021-24087 Azure IoT CLI extension Elevation of Privilege Vulnerability
Developer Tools CVE-2021-24105 Package Managers Configurations Remote Code Execution Vulnerability
Microsoft Azure Kubernetes Service CVE-2021-24109 Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
Microsoft Dynamics CVE-2021-24101 Microsoft Dataverse Information Disclosure Vulnerability
Microsoft Dynamics CVE-2021-1724 Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
Microsoft Edge for Android CVE-2021-24100 Microsoft Edge for Android Information Disclosure Vulnerability
Microsoft Exchange Server CVE-2021-24085 Microsoft Exchange Server Spoofing Vulnerability
Microsoft Exchange Server CVE-2021-1730 Microsoft Exchange Server Spoofing Vulnerability
Microsoft Graphics Component CVE-2021-24093 Windows Graphics Component Remote Code Execution Vulnerability
Microsoft Office Excel CVE-2021-24067 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office Excel CVE-2021-24068 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office Excel CVE-2021-24069 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office Excel CVE-2021-24070 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2021-24071 Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePoint CVE-2021-1726 Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePoint CVE-2021-24066 Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2021-24072 Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft Teams CVE-2021-24114 Microsoft Teams iOS Information Disclosure Vulnerability
Microsoft Windows Codecs Library CVE-2021-24081 Microsoft Windows Codecs Library Remote Code Execution Vulnerability
Microsoft Windows Codecs Library CVE-2021-24091 Windows Camera Codec Pack Remote Code Execution Vulnerability
Role: DNS Server CVE-2021-24078 Windows DNS Server Remote Code Execution Vulnerability
Role: Hyper-V CVE-2021-24076 Microsoft Windows VMSwitch Information Disclosure Vulnerability
Role: Windows Fax Service CVE-2021-24077 Windows Fax Service Remote Code Execution Vulnerability
Role: Windows Fax Service CVE-2021-1722 Windows Fax Service Remote Code Execution Vulnerability
Skype for Business CVE-2021-24073 Skype for Business and Lync Spoofing Vulnerability
Skype for Business CVE-2021-24099 Skype for Business and Lync Denial of Service Vulnerability
SysInternals CVE-2021-1733 Sysinternals PsExec Elevation of Privilege Vulnerability
System Center CVE-2021-1728 System Center Operations Manager Elevation of Privilege Vulnerability
Visual Studio CVE-2021-1639 Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code CVE-2021-26700 Visual Studio Code npm-script Extension Remote Code Execution Vulnerability
Windows Address Book CVE-2021-24083 Windows Address Book Remote Code Execution Vulnerability
Windows Backup Engine CVE-2021-24079 Windows Backup Engine Information Disclosure Vulnerability
Windows Console Driver CVE-2021-24098 Windows Console Driver Denial of Service Vulnerability
Windows Defender CVE-2021-24092 Microsoft Defender Elevation of Privilege Vulnerability
Windows DirectX CVE-2021-24106 Windows DirectX Information Disclosure Vulnerability
Windows Event Tracing CVE-2021-24102 Windows Event Tracing Elevation of Privilege Vulnerability
Windows Event Tracing CVE-2021-24103 Windows Event Tracing Elevation of Privilege Vulnerability
Windows Installer CVE-2021-1727 Windows Installer Elevation of Privilege Vulnerability
Windows Kernel CVE-2021-24096 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2021-1732 Windows Win32k Elevation of Privilege Vulnerability
Windows Kernel CVE-2021-1698 Windows Win32k Elevation of Privilege Vulnerability
Windows Mobile Device Management CVE-2021-24084 Windows Mobile Device Management Information Disclosure Vulnerability
Windows Network File System CVE-2021-24075 Windows Network File System Denial of Service Vulnerability
Windows PFX Encryption CVE-2021-1731 PFX Encryption Security Feature Bypass Vulnerability
Windows PKU2U CVE-2021-25195 Windows PKU2U Elevation of Privilege Vulnerability
Windows PowerShell CVE-2021-24082 Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability
Windows Print Spooler Components CVE-2021-24088 Windows Local Spooler Remote Code Execution Vulnerability
Windows Remote Procedure Call CVE-2021-1734 Windows Remote Procedure Call Information Disclosure Vulnerability
Windows TCP/IP CVE-2021-24086 Windows TCP/IP Denial of Service Vulnerability
Windows TCP/IP CVE-2021-24074 Windows TCP/IP Remote Code Execution Vulnerability
Windows TCP/IP CVE-2021-24094 Windows TCP/IP Remote Code Execution Vulnerability
Windows Trust Verification API CVE-2021-24080 Windows Trust Verification API Denial of Service Vulnerability