VERT Threat Alert: February 2021 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s February 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-928 on Wednesday, February 10th.

In-The-Wild & Disclosed CVEs

CVE-2021-1732

A vulnerability in Win32k that allows for privilege escalation has been exploited in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) released a note about this vulnerability under the National Cyber Awareness System.

Microsoft has rated this as Exploit Detected on the latest software release on the Exploitability Index.

CVE-2021-1727

Microsoft has labeled this vulnerability in the Windows Installer, which could allow for privilege escalation, as Exploitation More Likely, meaning that attackers could create reliable exploit code for this vulnerability. The vulnerability has been publicly disclosed.

Microsoft has rated this as Exploitation More Likely on the latest software release on the Exploitability Index.

CVE-2021-1721

A publicly disclosed vulnerability in .NET Core and Visual Studio could lead to a denial of service. Affected products include .NET 5.0, .NET Core 2.1 and 3.2, as well as Visual Studio 2017 and 2019. 

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

CVE-2021-1733

A vulnerability in SysInternals PsExec has been publicly disclosed that could lead to local privilege escalation. Successful exploitation of the vulnerability requires that the attacker create a named pipe and wait for PsExec to be run.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

CVE-2021-26701

This is the second publicly disclosed vulnerability in .NET Core this month, however this one could lead to code execution rather than just a denial of service. .NET 5.1 and .NET Core 2.1 and 3.1 are vulnerable and have updates available.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

CVE-2021-24098

A publicly disclosed denial of service in the Windows Console Driver is described by CVE-2021-24098. Microsoft has noted that user interaction is required and that a user would have to visit a website in a web-based attack scenario.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

CVE-2021-24106

A publicly disclosed information disclosure in DirectX could expose uninitialized memory to an attacker.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

Tag CVE Count CVEs
.NET Core & Visual Studio 1 CVE-2021-1721
Microsoft Edge for Android 1 CVE-2021-24100
Windows Installer 1 CVE-2021-1727
SysInternals 1 CVE-2021-1733
Microsoft Dynamics 2 CVE-2021-1724, CVE-2021-24101
Windows DirectX 1 CVE-2021-24106
Windows Network File System 1 CVE-2021-24075
Azure IoT 1 CVE-2021-24087
Microsoft Office SharePoint 4 CVE-2021-1726, CVE-2021-24066, CVE-2021-24071, CVE-2021-24072
Microsoft Windows Codecs Library 2 CVE-2021-24081, CVE-2021-24091
Visual Studio Code 1 CVE-2021-26700
Microsoft Teams 1 CVE-2021-24114
Microsoft Office Excel 4 CVE-2021-24067, CVE-2021-24068, CVE-2021-24069, CVE-2021-24070
Microsoft Graphics Component 1 CVE-2021-24093
Windows Event Tracing 2 CVE-2021-24102, CVE-2021-24103
Windows Kernel 3 CVE-2021-1732, CVE-2021-1698, CVE-2021-24096
Role: Hyper-V 1 CVE-2021-24076
Microsoft Exchange Server 2 CVE-2021-24085, CVE-2021-1730
System Center 1 CVE-2021-1728
Windows Defender 1 CVE-2021-24092
Windows Remote Procedure Call 1 CVE-2021-1734
Windows Address Book 1 CVE-2021-24083
.NET Framework 1 CVE-2021-24111
Windows PowerShell 1 CVE-2021-24082
Role: DNS Server 1 CVE-2021-24078
Windows PKU2U 1 CVE-2021-25195
Windows Backup Engine 1 CVE-2021-24079
Windows TCP/IP 3 CVE-2021-24074, CVE-2021-24086, CVE-2021-24094
.NET Core 2 CVE-2021-24112, CVE-2021-26701
Windows Trust Verification API 1 CVE-2021-24080
Skype for Business 2 CVE-2021-24073, CVE-2021-24099
Windows Print Spooler Components 1 CVE-2021-24088
Microsoft Azure Kubernetes Service 1 CVE-2021-24109
Windows Mobile Device Management 1 CVE-2021-24084
Windows PFX Encryption 1 CVE-2021-1731
Role: Windows Fax Service 2 CVE-2021-1722, CVE-2021-24077
Visual Studio 1 CVE-2021-1639
Windows Console Driver 1 CVE-2021-24098
Developer Tools 1 CVE-2021-24105

Other Information

There were no advisories included in the February security guidance.