As part of the February “Patch Tuesday” Microsoft has fixed a 0-day and 56 other bugs in its products, and also warned of three dangerous vulnerabilities in the Windows TCP/IP stack.Among the bugs fixed was one zero-day vulnerability (identified as CVE-2021-1732), which was already under attack. The issue has been classified as privilege escalation in Win32k.
According to a report by Chinese company DBAPPSecurity, this 0-day was used by Bitter, which has a long track record of attacks targeting organizations and users in Pakistan and China. Experts note that the attackers used the exploit “with caution” and remained unnoticed for almost seven months.
According to the researchers, the exploit for CVE-2021-1732 was compiled back in May 2020 and was developed for 64-bit Windows 10 1909, although subsequent tests showed that the vulnerability poses a threat to 64-bit Windows 10 20H2.
Let me remind you that we also talked about the fact that Microsoft fixed 17-year-old critical vulnerability in Windows DNS Server.
Also, this “update Tuesday” contains a number of fixes for vulnerabilities, information about which has already been published, but they were not used by hackers. Among them:
- CVE-2021-1721 – .NET Core and Visual Studio Denial of Service Vulnerability.
- CVE-2021-1733 – Sysinternals PsExec privilege escalation vulnerability.
- CVE-2021-26701 – .NET Core remote code execution vulnerability.
- CVE-2021-1727 — Windows Installer privilege escalation vulnerability;
- CVE-2021-24098 — Windows Console Drive Denial of Service Vulnerability.
- CVE-2021-24106 – Windows DirectX Information Disclosure Vulnerability.
In addition, Microsoft has released patches for three critical vulnerabilities in the Windows TCP/IP stack and is now urging everyone to install the patches as soon as possible.
Two of the three vulnerabilities (CVE-2021-24074 and CVE-2021-24094) can be used to remotely execute arbitrary code. That is, with their help, attackers can remotely hijack Windows systems. The third and final error (CVE-2021-24086) can trigger a Denial of Service (DoS).
“Both RCE vulnerabilities are complex, making it difficult to create functional exploits. Therefore, they are unlikely to be used in the nearest future. We believe that attackers will be able to create DoS exploits much faster, and we expect that all three problems can be exploited for DoS attacks very soon”, – Microsoft analysts write.
As we said earlier, Microsoft presented resistant to attacks Pluton processor.
User Review( votes)