Microsoft’s February Patch Tuesday Update Fixes Windows Zero-Day Vulnerability, 56 Other Critical Bugs

Technology

Microsoft has released its monthly batch of security-update that addresses 56 security vulnerabilities, including a Windows bug that was out in the wild, without any detection. The zero-day exploit tracked as CVE-2021-1732 is said to be a ‘Windows Win32k Elevation of Privilege Vulnerability,’ meaning it allows an attacker or malicious programme to elevate their privileges to administrative privileges. Microsoft in a blog post said that the exploit discovered by DBAPPSecurity is fixed. The new monthly security update also called Patch Tuesday eleven ‘Critical’ bugs and 43 ‘Important’ bugs.

According to ZDnet, the zero-day bug CVE-2021-1732 was employed by an advanced threat actor known as Bitter, with a long history of attacks targeting Pakistani and Chinese organisations and users. The vulnerability was initially spotted in May 2020 to attack Windows10 1909 64-bits operating system that started rolling out in November 2020. Additionally, the software giant fixed six critical vulnerabilities whose details were made public even before patches were available. These include CVE-2021-1721 ( .NET Core and Visual Studio Denial of Service Vulnerability), CVE-2021-1733 (Sysinternals PsExec Elevation of Privilege Vulnerability), CVE-2021-26701 (.NET Core Remote Code Execution Vulnerability), CVE-2021-1727 (Windows Installer Elevation of Privilege Vulnerability), CVE-2021-24098 (Windows Console Driver Denial of Service Vulnerability), and CVE-2021-24106 (Windows DirectX Information Disclosure Vulnerability).

In a separate blog post, Microsoft says that the company has addressed two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086). These vulnerabilities were affecting Windows TCP/IP that essentially lets your PC communicate with other PCs. Lastly, Microsoft says it has fixed a Windows DNS Server Remote Code Execution Vulnerability that has a severity score of 9.8 out of 10. As its name suggests, the bug impacted the DNS server of the PC.