February’s Patch Tuesday fixes a total of 56 vulnerabilities, with 11 of these being rated as Critical by Microsoft. This represents a decline both from January’s total of 83 vulnerabilities, as well as that of the same month in 2020, which had 99. Six of these vulnerabilities had been disclosed publicly, with a separate vulnerability being already exploited beforehand. Seven of these vulnerabilities were disclosed via the Zero Day Initiative (ZDI).
Fixed Critical Vulnerabilities: Networking components, Codecs
The nine Critical vulnerabilities are found in various Windows components, with three of the nine being in networking components: CVE-2021-24074 and CVE-2021-24094 are in the TCP/IP handling of Windows. CVE-2021-24074 can be found in IPv4 source routing (this should be disabled by default, and can be blocked at firewalls or other perimeter devices). Meanwhile, CVE-2021-24094 is an IPv6 bug in the handling of fragmented packets. Both can lead to remote code execution.
Meanwhile, CVE-2021-24078 is found in the DNS Server component. This allows a remote attacker to execute code on the targeted server and is potentially wormable across systems (or at least, DNS servers). This vulnerability is expected to cause issues with enterprise networks, as patching this particularly critical component may incur downtime.
Other components with vulnerabilities fixed this month include the Fax service, the Windows Camera, and the Graphics component. However, with only 11 vulnerabilities covered this month, this is a relatively light month for these patches.
Important Vulnerabilities: Excel, SharePoint, Windows components
As is typical of each monthly bulletin, the vulnerabilities classified as Important encompass a wide variety of Microsoft products. Microsoft Excel, SharePoint, and Exchange Server are all included in the affected products for this month, alongside various Windows components. The four Excel vulnerabilities allow for remote code execution via specially crafted files.
Somewhat more unusually, certain tools favored by power users are also included. PsExec (CVE-2021-1733) and PowerShell (CVE-2021-24082) both received patches this month. The PsExec bug is an escalation of privilege vulnerability; if an exploit becomes widely available it may end up in more toolkits in the future.
Trend Micro Solutions
A proactive, multilayered approach to security is key against threats that exploit vulnerabilities — from the gateway, endpoints, networks, and servers.
The Trend Micro™ Deep Security™ solution provides network security, system security, and malware prevention. Combined with Vulnerability Protection, it can protect user systems from a wide range of upcoming threats that may target vulnerabilities. Both solutions protect users from exploits that target these vulnerabilities via the following rules:
- 1010764 – Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-24072)
- 1010766 – Identified Non Existing DNS Resource Record (RR) Types In DNS Traffic (CVE-2021-24078)
TippingPoint® Next-Generation Intrusion Prevention System (NGIPS) is a network traffic solution that uses comprehensive and contextual awareness analysis for advanced threats that exploit vulnerabilities.
TippingPoint protects customers through the following rules:
- 38853: DNS: DNS Response with Unknown RR Type (CVE-2021-24078)
- 38859: HTTP: Microsoft SharePoint XML External Entity (XXE) Vulnerability (CVE-2021-24072)