Η Microsoft κυκλοφόρησε χθες το Patch Tuesday Φεβρουαρίου 2021, που διορθώνει 56 ευπάθειες, εκ των οποίων οι 11 έχουν χαρακτηριστεί ως “κρίσιμες”, οι 43 ως “σοβαρές” και οι 2 ως “μέτριας σοβαρότητας”.
Μεταξύ των ευπαθειών που διορθώνονται με το Microsoft Patch Tuesday, βρίσκεται και ένα zero-day σφάλμα, καθώς και έξι ευπάθειες που είχαν αποκαλυφθεί πριν λίγο καιρό.
Η zero-day ευπάθεια που χρησιμοποιούνταν ήδη από εγκληματίες του κυβερνοχώρου, είναι γνωστή ως “CVE-2021-1732 – Windows Win32k Elevation of Privilege Vulnerability” και επιτρέπει σε έναν επιτιθέμενο ή σε ένα κακόβουλο πρόγραμμα να αποκτήσει δικαιώματα διαχειριστή στην ευάλωτη συσκευή. Το zero-day ανακαλύφθηκε από ερευνητές της DBAPPSecurity Co., Ltd.
Οι άλλες ευπάθειες που είχαν αποκαλυφθεί νωρίτερα και διορθώθηκαν με το Microsoft Patch Tuesday Φεβρουαρίου, περιλαμβάνουν:
- CVE-2021-1721 -. NET Core and Visual Studio Denial of Service
- CVE-2021-1727 – Windows Installer Elevation of Privilege
- CVE-2021-1733 – Sysinternals PsExec Elevation of Privilege
- CVE-2021-24098 – Windows Console Driver Denial of Service
- CVE-2021-24106 – Windows DirectX Information Disclosure
- CVE-2021-26701 – .NET Core Remote Code Execution
Επιπλέον, η Microsoft διόρθωσε την ευπάθεια CVE-2021-24105 στο προϊόν Azure Artifactory που ανακαλύφθηκε όταν ερευνητές τη χρησιμοποίησαν σε μια επίθεση PoC εναντίον των συστημάτων της Microsoft.
Χάρη σε αυτή την ευπάθεια, οι επιτιθέμενοι μπορούν να δημιουργήσουν κακόβουλα public packages, που έχουν το ίδιο όνομα με τα internal packages που χρησιμοποιούνται από εσωτερικές εταιρικές εφαρμογές. Κατά τη δημιουργία των εφαρμογών αυτών, θα χρησιμοποιηθούν τα κακόβουλα packages αντί για τα εσωτερικά, επιτρέποντας μια supply chain επίθεση.
Αυτή η επίθεση επηρέασε πολλές εταιρείες: Microsoft, Apple, PayPal, Shopify, Netflix, Tesla, Yelp και Uber.
Microsoft Patch Tuesday Φεβρουαρίου 2021: Όλες οι διορθώσεις
Στον παρακάτω πίνακα, μπορείτε να δείτε όλες τις ευπάθειες που διορθώνονται με το Microsoft Patch Tuesday Φεβρουαρίου:
| .NET Core | CVE-2021-26701 | .NET Core Remote Code Execution Vulnerability | Critical |
| .NET Core | CVE-2021-24112 | .NET Core Remote Code Execution Vulnerability | Critical |
| .NET Core & Visual Studio | CVE-2021-1721 | .NET Core and Visual Studio Denial of Service Vulnerability | Important |
| .NET Framework | CVE-2021-24111 | .NET Framework Denial of Service Vulnerability | Important |
| Azure IoT | CVE-2021-24087 | Azure IoT CLI extension Elevation of Privilege Vulnerability | Important |
| Developer Tools | CVE-2021-24105 | Package Managers Configurations Remote Code Execution Vulnerability | Important |
| Microsoft Azure Kubernetes Service | CVE-2021-24109 | Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability | Moderate |
| Microsoft Dynamics | CVE-2021-24101 | Microsoft Dataverse Information Disclosure Vulnerability | Important |
| Microsoft Dynamics | CVE-2021-1724 | Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | Important |
| Microsoft Edge for Android | CVE-2021-24100 | Microsoft Edge for Android Information Disclosure Vulnerability | Important |
| Microsoft Exchange Server | CVE-2021-24085 | Microsoft Exchange Server Spoofing Vulnerability | Important |
| Microsoft Exchange Server | CVE-2021-1730 | Microsoft Exchange Server Spoofing Vulnerability | Important |
| Microsoft Graphics Component | CVE-2021-24093 | Windows Graphics Component Remote Code Execution Vulnerability | Critical |
| Microsoft Office Excel | CVE-2021-24067 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2021-24068 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2021-24069 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2021-24070 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2021-24071 | Microsoft SharePoint Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2021-1726 | Microsoft SharePoint Spoofing Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2021-24066 | Microsoft SharePoint Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2021-24072 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Teams | CVE-2021-24114 | Microsoft Teams iOS Information Disclosure Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2021-24081 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability | Critical |
| Microsoft Windows Codecs Library | CVE-2021-24091 | Windows Camera Codec Pack Remote Code Execution Vulnerability | Critical |
| Role: DNS Server | CVE-2021-24078 | Windows DNS Server Remote Code Execution Vulnerability | Critical |
| Role: Hyper-V | CVE-2021-24076 | Microsoft Windows VMSwitch Information Disclosure Vulnerability | Important |
| Role: Windows Fax Service | CVE-2021-24077 | Windows Fax Service Remote Code Execution Vulnerability | Critical |
| Role: Windows Fax Service | CVE-2021-1722 | Windows Fax Service Remote Code Execution Vulnerability | Critical |
| Skype for Business | CVE-2021-24073 | Skype for Business and Lync Spoofing Vulnerability | Important |
| Skype for Business | CVE-2021-24099 | Skype for Business and Lync Denial of Service Vulnerability | Important |
| SysInternals | CVE-2021-1733 | Sysinternals PsExec Elevation of Privilege Vulnerability | Important |
| System Center | CVE-2021-1728 | System Center Operations Manager Elevation of Privilege Vulnerability | Important |
| Visual Studio | CVE-2021-1639 | Visual Studio Code Remote Code Execution Vulnerability | Important |
| Visual Studio Code | CVE-2021-26700 | Visual Studio Code npm-script Extension Remote Code Execution Vulnerability | Important |
| Windows Address Book | CVE-2021-24083 | Windows Address Book Remote Code Execution Vulnerability | Important |
| Windows Backup Engine | CVE-2021-24079 | Windows Backup Engine Information Disclosure Vulnerability | Important |
| Windows Console Driver | CVE-2021-24098 | Windows Console Driver Denial of Service Vulnerability | Important |
| Windows Defender | CVE-2021-24092 | Microsoft Defender Elevation of Privilege Vulnerability | Important |
| Windows DirectX | CVE-2021-24106 | Windows DirectX Information Disclosure Vulnerability | Important |
| Windows Event Tracing | CVE-2021-24102 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
| Windows Event Tracing | CVE-2021-24103 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
| Windows Installer | CVE-2021-1727 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2021-24096 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2021-1732 | Windows Win32k Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2021-1698 | Windows Win32k Elevation of Privilege Vulnerability | Important |
| Windows Mobile Device Management | CVE-2021-24084 | Windows Mobile Device Management Information Disclosure Vulnerability | Important |
| Windows Network File System | CVE-2021-24075 | Windows Network File System Denial of Service Vulnerability | Important |
| Windows PFX Encryption | CVE-2021-1731 | PFX Encryption Security Feature Bypass Vulnerability | Important |
| Windows PKU2U | CVE-2021-25195 | Windows PKU2U Elevation of Privilege Vulnerability | Important |
| Windows PowerShell | CVE-2021-24082 | Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability | Important |
| Windows Print Spooler Components | CVE-2021-24088 | Windows Local Spooler Remote Code Execution Vulnerability | Critical |
| Windows Remote Procedure Call | CVE-2021-1734 | Windows Remote Procedure Call Information Disclosure Vulnerability | Important |
| Windows TCP/IP | CVE-2021-24086 | Windows TCP/IP Denial of Service Vulnerability | Important |
| Windows TCP/IP | CVE-2021-24074 | Windows TCP/IP Remote Code Execution Vulnerability | Critical |
| Windows TCP/IP | CVE-2021-24094 | Windows TCP/IP Remote Code Execution Vulnerability | Critical |
| Windows Trust Verification API | CVE-2021-24080 | Windows Trust Verification API Denial of Service Vulnerability | Moderate |
Πηγή: Bleeping Computer