Firma Microsoft naprawiła 56 luk w zabezpieczeniach, z których jedenaście sklasyfikowano jako krytyczne, dwie jako umiarkowane, a 43 jako ważne. Istnieje również jedna luka zero-day i sześć wcześniej ujawnionych luk w zabezpieczeniach, które zostały naprawione w ramach aktualizacji z lutego 2021 r. Microsoft naprawił zarówno zero-day, jak i liczne publicznie ujawniane luki w ramach miesięcznych aktualizacji zabezpieczeń.
Aktywnie wykorzystywane zero-day jest śledzone jako „CVE-2021-1732 – luka w zabezpieczeniach Windows Win32k Elevation of Privilege” i umożliwia osobie atakującej lub złośliwemu programowi podniesienie ich uprawnień do uprawnień administracyjnych. Ta luka została odkryta przez naukowców z DBAPPSecurity Co., Ltd. Oprócz luki zero-day Microsoft twierdzi również, że załatał również wiele publicznie ujawnionych luk w zabezpieczeniach:
- CVE-2021-1721 – .NET Core and Visual Studio Denial of Service Vulnerability
- CVE-2021-1727 – Windows Installer Elevation of Privilege Vulnerability
- CVE-2021-1733 – Sysinternals PsExec Elevation of Privilege Vulnerability
- CVE-2021-24098 – Windows Console Driver Denial of Service Vulnerability
- CVE-2021-24106 – Windows DirectX Information Disclosure Vulnerability
- CVE-2021-26701 – .NET Core Remote Code Execution Vulnerability
Poniżej znajduje się pełna lista rozwiązanych luk i zaleceń opublikowanych we wtorkowych aktualizacjach z lutego 2021 r.
Tag | CVE ID | CVE Title | Severity |
.NET Core | CVE-2021-26701 | .NET Core Remote Code Execution Vulnerability | Critical |
.NET Core | CVE-2021-24112 | .NET Core Remote Code Execution Vulnerability | Critical |
.NET Core & Visual Studio | CVE-2021-1721 | .NET Core and Visual Studio Denial of Service Vulnerability | Important |
.NET Framework | CVE-2021-24111 | .NET Framework Denial of Service Vulnerability | Important |
Azure IoT | CVE-2021-24087 | Azure IoT CLI extension Elevation of Privilege Vulnerability | Important |
Developer Tools | CVE-2021-24105 | Package Managers Configurations Remote Code Execution Vulnerability | Important |
Microsoft Azure Kubernetes Service | CVE-2021-24109 | Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability | Moderate |
Microsoft Dynamics | CVE-2021-24101 | Microsoft Dataverse Information Disclosure Vulnerability | Important |
Microsoft Dynamics | CVE-2021-1724 | Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | Important |
Microsoft Edge for Android | CVE-2021-24100 | Microsoft Edge for Android Information Disclosure Vulnerability | Important |
Microsoft Exchange Server | CVE-2021-24085 | Microsoft Exchange Server Spoofing Vulnerability | Important |
Microsoft Exchange Server | CVE-2021-1730 | Microsoft Exchange Server Spoofing Vulnerability | Important |
Microsoft Graphics Component | CVE-2021-24093 | Windows Graphics Component Remote Code Execution Vulnerability | Critical |
Microsoft Office Excel | CVE-2021-24067 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office Excel | CVE-2021-24068 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office Excel | CVE-2021-24069 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office Excel | CVE-2021-24070 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office SharePoint | CVE-2021-24071 | Microsoft SharePoint Information Disclosure Vulnerability | Important |
Microsoft Office SharePoint | CVE-2021-1726 | Microsoft SharePoint Spoofing Vulnerability | Important |
Microsoft Office SharePoint | CVE-2021-24066 | Microsoft SharePoint Remote Code Execution Vulnerability | Important |
Microsoft Office SharePoint | CVE-2021-24072 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
Microsoft Teams | CVE-2021-24114 | Microsoft Teams iOS Information Disclosure Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2021-24081 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability | Critical |
Microsoft Windows Codecs Library | CVE-2021-24091 | Windows Camera Codec Pack Remote Code Execution Vulnerability | Critical |
Role: DNS Server | CVE-2021-24078 | Windows DNS Server Remote Code Execution Vulnerability | Critical |
Role: Hyper-V | CVE-2021-24076 | Microsoft Windows VMSwitch Information Disclosure Vulnerability | Important |
Role: Windows Fax Service | CVE-2021-24077 | Windows Fax Service Remote Code Execution Vulnerability | Critical |
Role: Windows Fax Service | CVE-2021-1722 | Windows Fax Service Remote Code Execution Vulnerability | Critical |
Skype for Business | CVE-2021-24073 | Skype for Business and Lync Spoofing Vulnerability | Important |
Skype for Business | CVE-2021-24099 | Skype for Business and Lync Denial of Service Vulnerability | Important |
SysInternals | CVE-2021-1733 | Sysinternals PsExec Elevation of Privilege Vulnerability | Important |
System Center | CVE-2021-1728 | System Center Operations Manager Elevation of Privilege Vulnerability | Important |
Visual Studio | CVE-2021-1639 | Visual Studio Code Remote Code Execution Vulnerability | Important |
Visual Studio Code | CVE-2021-26700 | Visual Studio Code npm-script Extension Remote Code Execution Vulnerability | Important |
Windows Address Book | CVE-2021-24083 | Windows Address Book Remote Code Execution Vulnerability | Important |
Windows Backup Engine | CVE-2021-24079 | Windows Backup Engine Information Disclosure Vulnerability | Important |
Windows Console Driver | CVE-2021-24098 | Windows Console Driver Denial of Service Vulnerability | Important |
Windows Defender | CVE-2021-24092 | Microsoft Defender Elevation of Privilege Vulnerability | Important |
Windows DirectX | CVE-2021-24106 | Windows DirectX Information Disclosure Vulnerability | Important |
Windows Event Tracing | CVE-2021-24102 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
Windows Event Tracing | CVE-2021-24103 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
Windows Installer | CVE-2021-1727 | Windows Installer Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2021-24096 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2021-1732 | Windows Win32k Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2021-1698 | Windows Win32k Elevation of Privilege Vulnerability | Important |
Windows Mobile Device Management | CVE-2021-24084 | Windows Mobile Device Management Information Disclosure Vulnerability | Important |
Windows Network File System | CVE-2021-24075 | Windows Network File System Denial of Service Vulnerability | Important |
Windows PFX Encryption | CVE-2021-1731 | PFX Encryption Security Feature Bypass Vulnerability | Important |
Windows PKU2U | CVE-2021-25195 | Windows PKU2U Elevation of Privilege Vulnerability | Important |
Windows PowerShell | CVE-2021-24082 | Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability | Important |
Windows Print Spooler Components | CVE-2021-24088 | Windows Local Spooler Remote Code Execution Vulnerability | Critical |
Windows Remote Procedure Call | CVE-2021-1734 | Windows Remote Procedure Call Information Disclosure Vulnerability | Important |
Windows TCP/IP | CVE-2021-24086 | Windows TCP/IP Denial of Service Vulnerability | Important |
Windows TCP/IP | CVE-2021-24074 | Windows TCP/IP Remote Code Execution Vulnerability | Critical |
Windows TCP/IP | CVE-2021-24094 | Windows TCP/IP Remote Code Execution Vulnerability | Critical |
Windows Trust Verification API | CVE-2021-24080 | Windows Trust Verification API Denial of Service Vulnerability | Moderate |
Info: