VERT Threat Alert: February 2021 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s February 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-928 on Wednesday, February 10th.
In-The-Wild & Disclosed CVEs
CVE-2021-1732
A vulnerability in Win32k that allows for privilege escalation has been exploited in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) released a note about this vulnerability under the National Cyber Awareness System.
Microsoft has rated this as Exploit Detected on the latest software release on the Exploitability Index.
CVE-2021-1727
Microsoft has labeled this vulnerability in the Windows Installer, which could allow for privilege escalation, as Exploitation More Likely, meaning that attackers could create reliable exploit code for this vulnerability. The vulnerability has been publicly disclosed.
Microsoft has rated this as Exploitation More Likely on the latest software release on the Exploitability Index.
CVE-2021-1721
A publicly disclosed vulnerability in .NET Core and Visual Studio could lead to a denial of service. Affected products include .NET 5.0, .NET Core 2.1 and 3.2, as well as Visual Studio 2017 and 2019.
Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.
CVE-2021-1733
A vulnerability in SysInternals PsExec has been publicly disclosed that could lead to local privilege escalation. Successful exploitation of the vulnerability requires that the attacker create a named pipe and wait for PsExec to be run.
Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.
CVE-2021-26701
This is the second publicly disclosed vulnerability in .NET Core this month, however this one could lead to code execution rather than just a denial of service. .NET 5.1 and .NET Core 2.1 and 3.1 are vulnerable and have updates available.
Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.
CVE-2021-24098
A publicly disclosed denial of service in the Windows Console Driver is described by CVE-2021-24098. Microsoft has noted that user interaction is required and that a user would have to visit a website in a web-based attack scenario.
Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.
CVE-2021-24106
A publicly disclosed information disclosure in DirectX could expose uninitialized memory to an attacker.
Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.
Tag | CVE Count | CVEs |
.NET Core & Visual Studio | 1 | CVE-2021-1721 |
Microsoft Edge for Android | 1 | CVE-2021-24100 |
Windows Installer | 1 | CVE-2021-1727 |
SysInternals | 1 | CVE-2021-1733 |
Microsoft Dynamics | 2 | CVE-2021-1724, CVE-2021-24101 |
Windows DirectX | 1 | CVE-2021-24106 |
Windows Network File System | 1 | CVE-2021-24075 |
Azure IoT | 1 | CVE-2021-24087 |
Microsoft Office SharePoint | 4 | CVE-2021-1726, CVE-2021-24066, CVE-2021-24071, CVE-2021-24072 |
Microsoft Windows Codecs Library | 2 | CVE-2021-24081, CVE-2021-24091 |
Visual Studio Code | 1 | CVE-2021-26700 |
Microsoft Teams | 1 | CVE-2021-24114 |
Microsoft Office Excel | 4 | CVE-2021-24067, CVE-2021-24068, CVE-2021-24069, CVE-2021-24070 |
Microsoft Graphics Component | 1 | CVE-2021-24093 |
Windows Event Tracing | 2 | CVE-2021-24102, CVE-2021-24103 |
Windows Kernel | 3 | CVE-2021-1732, CVE-2021-1698, CVE-2021-24096 |
Role: Hyper-V | 1 | CVE-2021-24076 |
Microsoft Exchange Server | 2 | CVE-2021-24085, CVE-2021-1730 |
System Center | 1 | CVE-2021-1728 |
Windows Defender | 1 | CVE-2021-24092 |
Windows Remote Procedure Call | 1 | CVE-2021-1734 |
Windows Address Book | 1 | CVE-2021-24083 |
.NET Framework | 1 | CVE-2021-24111 |
Windows PowerShell | 1 | CVE-2021-24082 |
Role: DNS Server | 1 | CVE-2021-24078 |
Windows PKU2U | 1 | CVE-2021-25195 |
Windows Backup Engine | 1 | CVE-2021-24079 |
Windows TCP/IP | 3 | CVE-2021-24074, CVE-2021-24086, CVE-2021-24094 |
.NET Core | 2 | CVE-2021-24112, CVE-2021-26701 |
Windows Trust Verification API | 1 | CVE-2021-24080 |
Skype for Business | 2 | CVE-2021-24073, CVE-2021-24099 |
Windows Print Spooler Components | 1 | CVE-2021-24088 |
Microsoft Azure Kubernetes Service | 1 | CVE-2021-24109 |
Windows Mobile Device Management | 1 | CVE-2021-24084 |
Windows PFX Encryption | 1 | CVE-2021-1731 |
Role: Windows Fax Service | 2 | CVE-2021-1722, CVE-2021-24077 |
Visual Studio | 1 | CVE-2021-1639 |
Windows Console Driver | 1 | CVE-2021-24098 |
Developer Tools | 1 | CVE-2021-24105 |
Other Information
There were no advisories included in the February security guidance.