10 February 2021

Microsoft patches over 50 vulnerabilities, including a Windows zero-day


Microsoft patches over 50 vulnerabilities, including a Windows zero-day

Microsoft has released its monthly batch of security updates that address a total of 56 vulnerabilities affecting its various products. It’s important to note that Microsoft's February 2021 Patch Tuesday also contains fixes for one zero-day flaw and a number of previously disclosed issues.

Tracked as CVE-2021-1732, the zero-day flaw is an elevation of privilege bug in Win32k, a component of the Windows operating system. The vulnerability exists due to a boundary error when the Win32k.sys driver in Windows kernel. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with elevated privileges.

In its security advisory Microsoft did not share details of the nature of attacks CVE-2021-1732 was exploited in or who the culprit was, but Chinese security firm DBAPPSecurity revealed that the zero-day was used in campaigns orchestrated by an advanced threat actor known as Bitter, focused on targeting Pakistani and Chinese organizations and users.

The Chinese firm said that so far they detected a small number of attacks targeting victims in China. According to the researchers, the zero-day exploit they initially detected was compiled in May 2020 and was designed to target Windows10 1909 64-bits operating system. DBAPPSecurity said that the origin exploit targets several Windows 10 versions, from Windows10 1709 to Windows10 1909 and could be exploited on Windows10 20H2 with minor modifications.

In addition to CVE-2021-1732, Microsoft fixed numerous publicly disclosed vulnerabilities, including a Windows Installer Elevation of Privilege Vulnerability (CVE-2021-1727) and a Sysinternals PsExec Elevation of Privilege Vulnerability (CVE-2021-1733). None of these bugs were observed being exploited in the wild.

Microsoft's February 2021 Patch Tuesday also addresses multiple high risk flaws impacting Microsoft Windows DNS Server, Microsoft Excel, Windows TCP/IP, Microsoft Package Managers Configurations and other products.

Back to the list

Latest Posts

Researchers discover connection between SunCrypt and QNAPCrypt ransomware

Researchers discover connection between SunCrypt and QNAPCrypt ransomware

SunCrypt may be an updated version of the QNAPCrypt ransomware.
4 March 2021
Cybersecurity firm Qualys appears to be the latest victim of Accellion FTA zero-day attacks

Cybersecurity firm Qualys appears to be the latest victim of Accellion FTA zero-day attacks

The cybercriminals behind the Clop ransomware operation have posted screenshots of files allegedly stolen from Qualys on their leak site.
4 March 2021
CISA orders federal agencies to ‘immediately’ patch Exchange flaws exploited by hackers

CISA orders federal agencies to ‘immediately’ patch Exchange flaws exploited by hackers

Several APT groups are exploiting "at least" the CVE-2021-26855 Microsoft Exchange Server vulnerability as part of ongoing attacks, ESET says.
4 March 2021