Microsoft Issues Patches for In-the-Wild 0-day and 55 Others Windows Bugs

  • Microsoft on Tuesday issued fixes for 56 flaws, including a critical vulnerability that’s identified to be actively exploited in the wild.

    In all, 11 are listed as Critical, 43 are listed as Significant, and two are mentioned as Reasonable in severity — six of which are previously disclosed vulnerabilities.

    The updates address .Web Framework, Azure IoT, Microsoft Dynamics, Microsoft Edge for Android, Microsoft Exchange Server, Microsoft Workplace, Microsoft Windows Codecs Library, Skype for Business, Visible Studio, Windows Defender, and other main elements this sort of as Kernel, TCP/IP, Print Spooler, and Remote Treatment Get in touch with (RPC).

    A Windows Gain32k Privilege Escalation Vulnerability

    The most critical of the flaws is a Windows Acquire32k privilege escalation vulnerability (CVE-2021-1732, CVSS rating 7.8) that permits attackers with obtain to a target system to operate malicious code with elevated permissions. Microsoft credited JinQuan, MaDongZe, TuXiaoYi, and LiHao of DBAPPSecurity for getting and reporting the vulnerability.

    In a individual complex generate-up, the scientists claimed a zero-working day exploit leveraging the flaw was detected in a “pretty minimal quantity of attacks” from victims positioned in China by a threat actor named Bitter APT. The assaults had been learned in December 2020.

    “This zero-working day is a new vulnerability which brought about by get32k callback, it could be employed to escape the sandbox of Microsoft [Internet Explorer] browser or Adobe Reader on the most recent Windows 10 version,” DBAPPSecurity researchers explained. “The vulnerability is significant high-quality and the exploit is sophisticated.”

    It really is value noting that Adobe, as section of its February patch, resolved a critical buffer overflow flaw in Adobe Acrobat and Reader for Windows and macOS (CVE-2021-21017) that it explained could direct to arbitrary code execution in the context of the present-day consumer.

    The business also warned of energetic exploitation makes an attempt in opposition to the bug in the wild in limited attacks focusing on Adobe Reader people on Windows, mirroring aforementioned results from DBAPPSecurity.

    Whilst neither Microsoft nor Adobe has supplied additional facts, the concurrent patching of the two flaws raises the chance that the vulnerabilities are becoming chained to carry out the in-the-wild assaults.

    Netlogon Enforcement Method Goes Into Impact

    Microsoft’s Patch Tuesday update also resolves a variety of remote code execution (RCE) flaws in Windows DNS Server (CVE-2021-24078), .Net Main, and Visible Studio (CVE-2021-26701), Microsoft Windows Codecs Library (CVE-2021-24081), and Fax Support (CVE-2021-1722 and CVE-2021-24077).

    The RCE in Windows DNS server component is rated 9.8 for severity, earning it a critical vulnerability that, if still left unpatched, could permit an unauthorized adversary to execute arbitrary code and potentially redirect legitimate targeted traffic to destructive servers.

    Microsoft is also having this thirty day period to push the 2nd round of fixes for the Zerologon flaw (CVE-2020-1472) that was at first fixed in August 2020, next which studies of active exploitation targeting unpatched programs emerged in September 2020.

    Starting off February 9, the area controller “enforcement manner” will be enabled by default, thus blocking “susceptible [Netlogon] connections from non-compliant devices.”

    In addition, the Patch Tuesday update rectifies a bug in Edge browser for Android (CVE-2021-24100) that could disclose personally identifiable information and payment facts of a consumer.

    RCE Flaws in Windows TCP/IP Stack

    Last of all, the Windows maker launched a set of fixes impacting its TCP/IP implementation — consisting of two RCE flaws (CVE-2021-24074 and CVE-2021-24094) and one denial of services vulnerability (CVE-2021-24086) — that it claimed could be exploited with a DoS attack.

    “The DoS exploits for these CVEs would allow a remote attacker to lead to a prevent error,” Microsoft explained in an advisory. “Prospects could obtain a blue screen on any Windows technique that is straight uncovered to the internet with small network traffic. Hence, we suggest customers go quickly to apply Windows security updates this month.”

    The tech huge, however, observed that the complexity of the two TCP/IP RCE flaws would make it tricky to develop purposeful exploits. But it expects attackers to produce DoS exploits considerably much more effortlessly, turning the security weak spot into an ideal applicant for exploitation in the wild.

    To set up the most recent security updates, Windows consumers can head to Commence > Options > Update & Security > Windows Update or by picking Look at for Windows updates.

    Discovered this report intriguing? Stick to THN on Fb, Twitter  and LinkedIn to browse much more exceptional material we post.