Firma Microsoft naprawiła 56 luk w zabezpieczeniach, z których jedenaście sklasyfikowano jako krytyczne, dwie jako umiarkowane, a 43 jako ważne. Istnieje również jedna luka zero-day i sześć wcześniej ujawnionych luk w zabezpieczeniach, które zostały naprawione w ramach aktualizacji z lutego 2021 r. Microsoft naprawił zarówno zero-day, jak i liczne publicznie ujawniane luki w ramach miesięcznych aktualizacji zabezpieczeń.

Aktywnie wykorzystywane zero-day jest śledzone jako „CVE-2021-1732 – luka w zabezpieczeniach Windows Win32k Elevation of Privilege” i umożliwia osobie atakującej lub złośliwemu programowi podniesienie ich uprawnień do uprawnień administracyjnych. Ta luka została odkryta przez naukowców z DBAPPSecurity Co., Ltd. Oprócz luki zero-day Microsoft twierdzi również, że załatał również wiele publicznie ujawnionych luk w zabezpieczeniach:

  • CVE-2021-1721 – .NET Core and Visual Studio Denial of Service Vulnerability
  • CVE-2021-1727 – Windows Installer Elevation of Privilege Vulnerability
  • CVE-2021-1733 – Sysinternals PsExec Elevation of Privilege Vulnerability
  • CVE-2021-24098 – Windows Console Driver Denial of Service Vulnerability
  • CVE-2021-24106 – Windows DirectX Information Disclosure Vulnerability
  • CVE-2021-26701 – .NET Core Remote Code Execution Vulnerability

Poniżej znajduje się pełna lista rozwiązanych luk i zaleceń opublikowanych we wtorkowych aktualizacjach z lutego 2021 r.

TagCVE IDCVE TitleSeverity
.NET CoreCVE-2021-26701.NET Core Remote Code Execution VulnerabilityCritical
.NET CoreCVE-2021-24112.NET Core Remote Code Execution VulnerabilityCritical
.NET Core & Visual StudioCVE-2021-1721.NET Core and Visual Studio Denial of Service VulnerabilityImportant
.NET FrameworkCVE-2021-24111.NET Framework Denial of Service VulnerabilityImportant
Azure IoTCVE-2021-24087Azure IoT CLI extension Elevation of Privilege VulnerabilityImportant
Developer ToolsCVE-2021-24105Package Managers Configurations Remote Code Execution VulnerabilityImportant
Microsoft Azure Kubernetes ServiceCVE-2021-24109Microsoft Azure Kubernetes Service Elevation of Privilege VulnerabilityModerate
Microsoft DynamicsCVE-2021-24101Microsoft Dataverse Information Disclosure VulnerabilityImportant
Microsoft DynamicsCVE-2021-1724Microsoft Dynamics Business Central Cross-site Scripting VulnerabilityImportant
Microsoft Edge for AndroidCVE-2021-24100Microsoft Edge for Android Information Disclosure VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-24085Microsoft Exchange Server Spoofing VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-1730Microsoft Exchange Server Spoofing VulnerabilityImportant
Microsoft Graphics ComponentCVE-2021-24093Windows Graphics Component Remote Code Execution VulnerabilityCritical
Microsoft Office ExcelCVE-2021-24067Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-24068Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-24069Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-24070Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-24071Microsoft SharePoint Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2021-1726Microsoft SharePoint Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2021-24066Microsoft SharePoint Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-24072Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft TeamsCVE-2021-24114Microsoft Teams iOS Information Disclosure VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-24081Microsoft Windows Codecs Library Remote Code Execution VulnerabilityCritical
Microsoft Windows Codecs LibraryCVE-2021-24091Windows Camera Codec Pack Remote Code Execution VulnerabilityCritical
Role: DNS ServerCVE-2021-24078Windows DNS Server Remote Code Execution VulnerabilityCritical
Role: Hyper-VCVE-2021-24076Microsoft Windows VMSwitch Information Disclosure VulnerabilityImportant
Role: Windows Fax ServiceCVE-2021-24077Windows Fax Service Remote Code Execution VulnerabilityCritical
Role: Windows Fax ServiceCVE-2021-1722Windows Fax Service Remote Code Execution VulnerabilityCritical
Skype for BusinessCVE-2021-24073Skype for Business and Lync Spoofing VulnerabilityImportant
Skype for BusinessCVE-2021-24099Skype for Business and Lync Denial of Service VulnerabilityImportant
SysInternalsCVE-2021-1733Sysinternals PsExec Elevation of Privilege VulnerabilityImportant
System CenterCVE-2021-1728System Center Operations Manager Elevation of Privilege VulnerabilityImportant
Visual StudioCVE-2021-1639Visual Studio Code Remote Code Execution VulnerabilityImportant
Visual Studio CodeCVE-2021-26700Visual Studio Code npm-script Extension Remote Code Execution VulnerabilityImportant
Windows Address BookCVE-2021-24083Windows Address Book Remote Code Execution VulnerabilityImportant
Windows Backup EngineCVE-2021-24079Windows Backup Engine Information Disclosure VulnerabilityImportant
Windows Console DriverCVE-2021-24098Windows Console Driver Denial of Service VulnerabilityImportant
Windows DefenderCVE-2021-24092Microsoft Defender Elevation of Privilege VulnerabilityImportant
Windows DirectXCVE-2021-24106Windows DirectX Information Disclosure VulnerabilityImportant
Windows Event TracingCVE-2021-24102Windows Event Tracing Elevation of Privilege VulnerabilityImportant
Windows Event TracingCVE-2021-24103Windows Event Tracing Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2021-1727Windows Installer Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2021-24096Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2021-1732Windows Win32k Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2021-1698Windows Win32k Elevation of Privilege VulnerabilityImportant
Windows Mobile Device ManagementCVE-2021-24084Windows Mobile Device Management Information Disclosure VulnerabilityImportant
Windows Network File SystemCVE-2021-24075Windows Network File System Denial of Service VulnerabilityImportant
Windows PFX EncryptionCVE-2021-1731PFX Encryption Security Feature Bypass VulnerabilityImportant
Windows PKU2UCVE-2021-25195Windows PKU2U Elevation of Privilege VulnerabilityImportant
Windows PowerShellCVE-2021-24082Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2021-24088Windows Local Spooler Remote Code Execution VulnerabilityCritical
Windows Remote Procedure CallCVE-2021-1734Windows Remote Procedure Call Information Disclosure VulnerabilityImportant
Windows TCP/IPCVE-2021-24086Windows TCP/IP Denial of Service VulnerabilityImportant
Windows TCP/IPCVE-2021-24074Windows TCP/IP Remote Code Execution VulnerabilityCritical
Windows TCP/IPCVE-2021-24094Windows TCP/IP Remote Code Execution VulnerabilityCritical
Windows Trust Verification APICVE-2021-24080Windows Trust Verification API Denial of Service VulnerabilityModerate

Info:

https://www.bleepingcomputer.com/news/security/microsoft-february-2021-patch-tuesday-fixes-56-flaws-1-zero-day/