Microsoft has released today its monthly batch of security updates, known as Patch Tuesday. This month, the OS maker has fixed 56 security vulnerabilities, including a Windows bug that was being exploited in the wild before today's patches.
Tracked as CVE-2021-1732, the Windows zero-day is an elevation of privelege bug in Win32k, a core component of the Windows operating system.
The bug was exploited after attackers gained access to a Windows system in order to obtain SYSTEM-level access.
According to a report from Chinese security firm DBAPPSecurity, the zero-day was employed by an advanced threat actor known as Bitter, with a long history of attacks targeting Pakistani and Chinese organizations and users.
DBAPPSecurity said the zero-day exploit they initially detected was compiled in May 2020 and was designed to target Windows10 1909 64-bits operating system, but that subsequent tests revealed that the bug also impacted the latest Windows10 20H2 64-bitsOS as well.
Of note was that in its report, the Chinese security firm described the zero-day as "high-quality" and "sophisticated," and said that the attacker used it "with caution," going undetected for almost seven months.
Many bug details went public
Besides the zero-day, this month's Patch Tuesday also stands out because of the high number of vulnerabilities whose details were made public even before patches were available.
In total, six Microsoft product bugs had their details posted online before today's patches. This included:
- CVE-2021-1721 - .NET Core and Visual Studio Denial of Service Vulnerability
- CVE-2021-1733 - Sysinternals PsExec Elevation of Privilege Vulnerability
- CVE-2021-26701 - .NET Core Remote Code Execution Vulnerability
- CVE-2021-1727 - Windows Installer Elevation of Privilege Vulnerability
- CVE-2021-24098 - Windows Console Driver Denial of Service Vulnerability
- CVE-2021-24106 - Windows DirectX Information Disclosure Vulnerability
The good news is that none of these bugs were exploited by attackers, despite their details being posted online.
Warning about TCP/IP bugs
But that's not all. This month, Microsoft has also released fixes for three vulnerabilities in the Windows TCP/IP stack, which allows the operating system to connect to the internet.
A third bug (CVE-2021-24086) could be used to crash Windows devices.
"The two RCE vulnerabilities are complex which make it difficult to create functional exploits, so they are not likely [to be exploited] in the short term," Microsoft said in a blog post specifically published to warn about these three issues.
"We believe attackers will be able to create DoS exploits much more quickly and expect all three issues might be exploited with a DoS attack shortly after release," the company added. "Thus, we recommend customers move quickly to apply Windows security updates this month."
Of all Windows systems, Windows Server instances are the ones most likely to be susceptible to attacks, as many are used to host web servers or cloud infrastructure and are almost certainly connected to the internet at all times and exposed to attacks.
"It is essential that customers apply Windows updates to address these vulnerabilities as soon as possible," Microsoft said.
If patches can't be applied right away, various workarounds can be deployed, details in each vulnerability's advisory.
And last but not least, there's also CVE-2021-24078. Described as a remote code execution bug in the Windows DNS server component, the bug could be exploited to hijack domain-name resolution operations inside corporate environments, and redirect legitimate traffic to malicious servers. With a severity score of 9.8 out of 10, the bug is as bad as it gets, if left unpatched, and would most likely atract attackers.
Below are additional details about today's Microsoft Patch Tuesday and security updates released by other tech companies:
- Microsoft's official Security Update Guide portal lists all security updates in a filterable table.
- ZDNet has published this file listing all this month's security advisories on one single page.
- Adobe's security updates are detailed here.
- SAP security updates are available here.
- Intel security updates are available here.
- VMWare security updates are available here.
- Chrome 88 security updates are detailed here.
- Android security updates are available here.
|Tag||CVE ID||CVE Title|
|.NET Core||CVE-2021-26701||.NET Core Remote Code Execution Vulnerability|
|.NET Core||CVE-2021-24112||.NET Core Remote Code Execution Vulnerability|
|.NET Core & Visual Studio||CVE-2021-1721||.NET Core and Visual Studio Denial of Service Vulnerability|
|.NET Framework||CVE-2021-24111||.NET Framework Denial of Service Vulnerability|
|Azure IoT||CVE-2021-24087||Azure IoT CLI extension Elevation of Privilege Vulnerability|
|Developer Tools||CVE-2021-24105||Package Managers Configurations Remote Code Execution Vulnerability|
|Microsoft Azure Kubernetes Service||CVE-2021-24109||Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability|
|Microsoft Dynamics||CVE-2021-24101||Microsoft Dataverse Information Disclosure Vulnerability|
|Microsoft Dynamics||CVE-2021-1724||Microsoft Dynamics Business Central Cross-site Scripting Vulnerability|
|Microsoft Edge for Android||CVE-2021-24100||Microsoft Edge for Android Information Disclosure Vulnerability|
|Microsoft Exchange Server||CVE-2021-24085||Microsoft Exchange Server Spoofing Vulnerability|
|Microsoft Exchange Server||CVE-2021-1730||Microsoft Exchange Server Spoofing Vulnerability|
|Microsoft Graphics Component||CVE-2021-24093||Windows Graphics Component Remote Code Execution Vulnerability|
|Microsoft Office Excel||CVE-2021-24067||Microsoft Excel Remote Code Execution Vulnerability|
|Microsoft Office Excel||CVE-2021-24068||Microsoft Excel Remote Code Execution Vulnerability|
|Microsoft Office Excel||CVE-2021-24069||Microsoft Excel Remote Code Execution Vulnerability|
|Microsoft Office Excel||CVE-2021-24070||Microsoft Excel Remote Code Execution Vulnerability|
|Microsoft Office SharePoint||CVE-2021-24071||Microsoft SharePoint Information Disclosure Vulnerability|
|Microsoft Office SharePoint||CVE-2021-1726||Microsoft SharePoint Spoofing Vulnerability|
|Microsoft Office SharePoint||CVE-2021-24066||Microsoft SharePoint Remote Code Execution Vulnerability|
|Microsoft Office SharePoint||CVE-2021-24072||Microsoft SharePoint Server Remote Code Execution Vulnerability|
|Microsoft Teams||CVE-2021-24114||Microsoft Teams iOS Information Disclosure Vulnerability|
|Microsoft Windows Codecs Library||CVE-2021-24081||Microsoft Windows Codecs Library Remote Code Execution Vulnerability|
|Microsoft Windows Codecs Library||CVE-2021-24091||Windows Camera Codec Pack Remote Code Execution Vulnerability|
|Role: DNS Server||CVE-2021-24078||Windows DNS Server Remote Code Execution Vulnerability|
|Role: Hyper-V||CVE-2021-24076||Microsoft Windows VMSwitch Information Disclosure Vulnerability|
|Role: Windows Fax Service||CVE-2021-24077||Windows Fax Service Remote Code Execution Vulnerability|
|Role: Windows Fax Service||CVE-2021-1722||Windows Fax Service Remote Code Execution Vulnerability|
|Skype for Business||CVE-2021-24073||Skype for Business and Lync Spoofing Vulnerability|
|Skype for Business||CVE-2021-24099||Skype for Business and Lync Denial of Service Vulnerability|
|SysInternals||CVE-2021-1733||Sysinternals PsExec Elevation of Privilege Vulnerability|
|System Center||CVE-2021-1728||System Center Operations Manager Elevation of Privilege Vulnerability|
|Visual Studio||CVE-2021-1639||Visual Studio Code Remote Code Execution Vulnerability|
|Visual Studio Code||CVE-2021-26700||Visual Studio Code npm-script Extension Remote Code Execution Vulnerability|
|Windows Address Book||CVE-2021-24083||Windows Address Book Remote Code Execution Vulnerability|
|Windows Backup Engine||CVE-2021-24079||Windows Backup Engine Information Disclosure Vulnerability|
|Windows Console Driver||CVE-2021-24098||Windows Console Driver Denial of Service Vulnerability|
|Windows Defender||CVE-2021-24092||Microsoft Defender Elevation of Privilege Vulnerability|
|Windows DirectX||CVE-2021-24106||Windows DirectX Information Disclosure Vulnerability|
|Windows Event Tracing||CVE-2021-24102||Windows Event Tracing Elevation of Privilege Vulnerability|
|Windows Event Tracing||CVE-2021-24103||Windows Event Tracing Elevation of Privilege Vulnerability|
|Windows Installer||CVE-2021-1727||Windows Installer Elevation of Privilege Vulnerability|
|Windows Kernel||CVE-2021-24096||Windows Kernel Elevation of Privilege Vulnerability|
|Windows Kernel||CVE-2021-1732||Windows Win32k Elevation of Privilege Vulnerability|
|Windows Kernel||CVE-2021-1698||Windows Win32k Elevation of Privilege Vulnerability|
|Windows Mobile Device Management||CVE-2021-24084||Windows Mobile Device Management Information Disclosure Vulnerability|
|Windows Network File System||CVE-2021-24075||Windows Network File System Denial of Service Vulnerability|
|Windows PFX Encryption||CVE-2021-1731||PFX Encryption Security Feature Bypass Vulnerability|
|Windows PKU2U||CVE-2021-25195||Windows PKU2U Elevation of Privilege Vulnerability|
|Windows PowerShell||CVE-2021-24082||Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability|
|Windows Print Spooler Components||CVE-2021-24088||Windows Local Spooler Remote Code Execution Vulnerability|
|Windows Remote Procedure Call||CVE-2021-1734||Windows Remote Procedure Call Information Disclosure Vulnerability|
|Windows TCP/IP||CVE-2021-24086||Windows TCP/IP Denial of Service Vulnerability|
|Windows TCP/IP||CVE-2021-24074||Windows TCP/IP Remote Code Execution Vulnerability|
|Windows TCP/IP||CVE-2021-24094||Windows TCP/IP Remote Code Execution Vulnerability|
|Windows Trust Verification API||CVE-2021-24080||Windows Trust Verification API Denial of Service Vulnerability|