Microsoft Defender Elevation of Privilege Vulnerability
2021-02-09T08:00:00
ID MS:CVE-2021-24092 Type mscve Reporter Microsoft Modified 2021-02-09T08:00:00
Description
{"id": "MS:CVE-2021-24092", "bulletinFamily": "microsoft", "title": "Microsoft Defender Elevation of Privilege Vulnerability", "description": "\n", "published": "2021-02-09T08:00:00", "modified": "2021-02-09T08:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24092", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-24092"], "type": "mscve", "lastseen": "2021-02-09T21:36:46", "edition": 1, "viewCount": 41, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["SMB_NT_MS21_FEB_FEP.NASL", "SMB_NT_MS21_FEB_WIN_DEFENDER.NASL"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:44EA89871AFF6881B909B9FD0E07034F"]}], "modified": "2021-02-09T21:36:46", "rev": 2}, "score": {"value": 4.0, "vector": "NONE", "modified": "2021-02-09T21:36:46", "rev": 2}, "vulnersScore": 4.0}, "kbList": ["KBNone", "KB"], "msrc": "", "mscve": "CVE-2021-24092", "msAffectedSoftware": [{"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "", "name": "Microsoft System Center 2012 R2 Endpoint Protection"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows 10 Version 1803 for x64-based Systems", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows 10 Version 1903 for x64-based Systems", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows Server, version 1909 (Server Core installation)", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows 10 Version 20H2 for ARM64-based Systems", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows Server 2016 (Server Core installation)", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows Server 2012", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows 10 Version 1903 for ARM64-based Systems", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows Server, version 2004 (Server Core installation)", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "", "name": "Microsoft System Center 2012 Endpoint Protection"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows 10 Version 2004 for x64-based Systems", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "", "name": "Microsoft Endpoint Protection"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows Server 2012 R2 (Server Core installation)", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows Server 2019", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows 10 Version 1803 for 32-bit Systems", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows 10 Version 1909 for 32-bit Systems", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows Server, version 1903 (Server Core installation)", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows 10 Version 1809 for 32-bit Systems", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "", "name": "Microsoft System Center Endpoint Protection"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows 10 Version 1909 for x64-based Systems", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows 10 Version 2004 for ARM64-based Systems", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows Server 2012 R2", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows 10 for 32-bit Systems", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows 10 Version 1909 for ARM64-based Systems", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows 10 Version 1903 for 32-bit Systems", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "", "name": "Microsoft Security Essentials"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows 10 for x64-based Systems", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows Server 2016", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows 7 for x64-based Systems Service Pack 1", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows Server 2012 (Server Core installation)", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows 8.1 for 32-bit systems", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows 10 Version 20H2 for x64-based Systems", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows 10 Version 1809 for ARM64-based Systems", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows 10 Version 1607 for x64-based Systems", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows 10 Version 20H2 for 32-bit Systems", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows Server 2019 (Server Core installation)", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows Server, version 20H2 (Server Core Installation)", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows 8.1 for x64-based systems", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows 10 Version 1607 for 32-bit Systems", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows 10 Version 1809 for x64-based Systems", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows 10 Version 1803 for ARM64-based Systems", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows 7 for 32-bit Systems Service Pack 1", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows 10 Version 2004 for 32-bit Systems", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "name": "Windows Defender"}, {"kb": "KB", "kbSupersedence": "KBNone", "msplatform": "Windows Server 2008 for 32-bit Systems Service Pack 2", "name": "Windows Defender"}]}
{"nessus": [{"lastseen": "2021-02-12T13:59:02", "description": "The Malware Protection Engine version of Forefront Endpoint Protection installed on the remote Windows host\nis equal or prior to 1.1.17700.4. It is, therefore, affected by a unspecified privilege escalation vulnerability. An\nauthenticated, local attacker can exploit this to gain administrator access to the system.", "edition": 2, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-02-09T00:00:00", "title": "Security Update for Forefront Endpoint Protection (February 2021)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-24092"], "modified": "2021-02-09T00:00:00", "cpe": ["cpe:/a:microsoft:system_center_endpoint_protection"], "id": "SMB_NT_MS21_FEB_FEP.NASL", "href": "https://www.tenable.com/plugins/nessus/146332", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146332);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/11\");\n\n script_cve_id(\"CVE-2021-24092\");\n\n script_name(english:\"Security Update for Forefront Endpoint Protection (February 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An antimalware application installed on the remote host is affected by a privilege escalation vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Malware Protection Engine version of Forefront Endpoint Protection installed on the remote Windows host\nis equal or prior to 1.1.17700.4. It is, therefore, affected by a unspecified privilege escalation vulnerability. An\nauthenticated, local attacker can exploit this to gain administrator access to the system.\");\n # https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24092\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ba846d3c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Enable automatic updates to update the malware engine for the relevant antimalware applications. Refer to Knowledge Base\nArticle 2510781 for information on how to verify that MMPE has been updated.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-24092\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:system_center_endpoint_protection\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"fep_installed.nasl\");\n script_require_keys(\"installed_sw/Forefront Endpoint Protection\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\napp = 'Forefront Endpoint Protection';\n\napp_info = vcf::get_app_info(app:app, win_local:TRUE);\n\n# Check if we got the Malware Engine Version\nif (isnull(app_info['engine_version']))\n exit(0,'Unable to get the Malware Engine Version.');\n\nconstraints = [{'max_version': '1.1.17700.4', 'fixed_version':'1.1.17800.5'}];\n\nvcf::av_checks::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, check:'engine_version');\n", "cvss": {"score": 6.8, "vector": "AV:L/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-02-12T13:59:02", "description": "The Malware Protection Engine version of Microsoft Windows Defender installed on the remote Windows host\nis equal or prior to 1.1.17700.4. It is, therefore, affected by a unspecified privilege escalation vulnerability. An\nauthenticated, local attacker can exploit this to gain administrator access to the system.", "edition": 2, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-02-09T00:00:00", "title": "Security Update for Windows Defender (February 2021)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-24092"], "modified": "2021-02-09T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:windows_defender"], "id": "SMB_NT_MS21_FEB_WIN_DEFENDER.NASL", "href": "https://www.tenable.com/plugins/nessus/146334", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146334);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/11\");\n\n script_cve_id(\"CVE-2021-24092\");\n\n script_name(english:\"Security Update for Windows Defender (February 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An antimalware application installed on the remote host is affected by privilege escalation vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Malware Protection Engine version of Microsoft Windows Defender installed on the remote Windows host\nis equal or prior to 1.1.17700.4. It is, therefore, affected by a unspecified privilege escalation vulnerability. An\nauthenticated, local attacker can exploit this to gain administrator access to the system.\");\n # https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24092\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ba846d3c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Enable automatic updates to update the malware engine for the relevant antimalware applications. Refer to Knowledge Base\nArticle 2510781 for information on how to verify that MMPE has been updated.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-24092\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:windows_defender\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_windows_defender_win_installed.nbin\");\n script_require_keys(\"installed_sw/Windows Defender\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\napp = 'Windows Defender';\n\napp_info = vcf::get_app_info(app:app, win_local:TRUE);\n\n# Check if disabled\nif (!isnull(app_info['Disabled']))\n exit(0,'Windows Defender is disabled.');\n\n# Check if we got the Malware Engine Version\nif (isnull(app_info['Engine Version']))\n exit(0,'Unable to get the Malware Engine Version.');\n\nconstraints = [{'max_version': '1.1.17700.4', 'fixed_version':'1.1.17800.5'}];\n\nvcf::av_checks::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, check:'Engine Version');\n", "cvss": {"score": 6.8, "vector": "AV:L/AC:L/Au:S/C:C/I:C/A:C"}}], "rapid7blog": [{"lastseen": "2021-02-10T00:48:57", "bulletinFamily": "info", "cvelist": ["CVE-2020-1472", "CVE-2021-1639", "CVE-2021-1698", "CVE-2021-1721", "CVE-2021-1722", "CVE-2021-1724", "CVE-2021-1726", "CVE-2021-1727", "CVE-2021-1728", "CVE-2021-1730", "CVE-2021-1731", "CVE-2021-1732", "CVE-2021-1733", "CVE-2021-1734", "CVE-2021-21017", "CVE-2021-21142", "CVE-2021-21143", "CVE-2021-21144", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147", "CVE-2021-21148", "CVE-2021-24066", "CVE-2021-24067", "CVE-2021-24068", "CVE-2021-24069", "CVE-2021-24070", "CVE-2021-24071", "CVE-2021-24072", "CVE-2021-24073", "CVE-2021-24074", "CVE-2021-24075", "CVE-2021-24076", "CVE-2021-24077", "CVE-2021-24078", "CVE-2021-24079", "CVE-2021-24080", "CVE-2021-24081", "CVE-2021-24082", "CVE-2021-24083", "CVE-2021-24084", "CVE-2021-24085", "CVE-2021-24086", "CVE-2021-24087", "CVE-2021-24088", "CVE-2021-24091", "CVE-2021-24092", "CVE-2021-24093", "CVE-2021-24094", "CVE-2021-24096", "CVE-2021-24098", "CVE-2021-24099", "CVE-2021-24100", "CVE-2021-24101", "CVE-2021-24102", "CVE-2021-24103", "CVE-2021-24105", "CVE-2021-24106", "CVE-2021-24109", "CVE-2021-24111", "CVE-2021-24112", "CVE-2021-24113", "CVE-2021-24114", "CVE-2021-25195", "CVE-2021-26700", "CVE-2021-26701"], "description": "\n\nThe second Patch Tuesday of 2021 is relatively light on the vulnerability count, with 64 CVEs being addressed across the majority of Microsoft\u2019s product families. Despite that, there\u2019s still plenty to discuss this month.\n\n### Vulnerability Breakdown by Software Family\n\nFamily | Vulnerability Count \n---|--- \nWindows | 28 \nESU | 14 \nMicrosoft Office | 11 \nBrowser | 9 \nDeveloper Tools | 8 \nMicrosoft Dynamics | 2 \nExchange Server | 2 \nAzure | 2 \nSystem Center | 2 \n \n### Exploited and Publicly Disclosed Vulnerabilities\n\nOne zero-day was announced: [CVE-2021-1732](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1732>) is a privilege elevation vulnerability affecting the Win32k component of Windows 10 and Windows Server 2019, reported to be exploited in the wild. Four vulnerabilities have been previously disclosed: [CVE-2021-1727](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1727>), a privilege elevation vulnerability in Windows Installer, affecting all supported versions of Windows; [CVE-2021-24098](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24098>), which is a denial of service (DoS) affecting Windows 10 and Server 2019; [CVE-2021-24106](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24106>), an information disclosure vulnerability affecting DirectX in Windows 10 and Server 2019; and [CVE-2021-26701](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26701>), an RCE in .NET Core.\n\n### Vulnerabilities in Windows TCP/IP\n\nMicrosoft also disclosed a set of [three serious vulnerabilities](<https://msrc-blog.microsoft.com/2021/02/09/multiple-security-updates-affecting-tcp-ip/>) affecting the TCP/IP networking stack in all supported versions of Windows. Two of these ([CVE-2021-24074](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24074>) and [CVE-2021-24094](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24094>)) carry a base CVSSv3 score of 9.8 and could allow Remote Code Execution (RCE). [CVE-2021-24094](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24094>) is specific to IPv6 link-local addresses, meaning it isn\u2019t exploitable over the public internet. [CVE-2021-24074](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24074>), however, does not have this limitation. The third, [CVE-2021-24086](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24086>), is a DoS vulnerability that could allow an attacker to trigger a \u201cblue screen of death\u201d on any Windows system that is directly exposed to the internet, using only a small amount of network traffic. The RCE exploits are probably not a threat in the short term, due to the complexity of the vulnerabilities, but DoS attacks are expected to be seen much more quickly. Windows systems should be patched as soon as possible to protect against these.\n\nIn the event a patch cannot be applied immediately, such as on systems that cannot be rebooted, Microsoft has published mitigation guidance that will protect against exploitation of the TCP/IP vulnerabilities. Depending on the exposure of an asset, IPv4 Source Routing should be disabled via a Group Policy or a Netsh command, and IPv6 packet reassembly should be disabled via a separate Netsh command. IPv4 Source Routing requests and IPv6 fragments can also be blocked load balancers, firewalls, or other edge devices to mitigate these issues.\n\n### Zerologon Update\n\nBack in August, 2020, Microsoft addressed a critical remote code vulnerability (CVE-2020-1472) affecting the Netlogon protocol (MS-NRPC), a.k.a. \u201c[Zerologon](<https://blog.rapid7.com/2020/09/14/cve-2020-1472-zerologon-critical-privilege-escalation/>)\u201d. In October, Microsoft [noted](<https://msrc-blog.microsoft.com/2020/10/29/attacks-exploiting-netlogon-vulnerability-cve-2020-1472/>) that attacks which exploit this weakness have been seen in the wild. On January 14, 2021, they [reminded](<https://msrc-blog.microsoft.com/2021/01/14/netlogon-domain-controller-enforcement-mode-is-enabled-by-default-beginning-with-the-february-9-2021-security-update-related-to-cve-2020-1472/>) organizations that the February 2021 security update bundle will also be enabling \u201cDomain Controller enforcement mode\" by default to fully address this weakness. Any system that tries to make an insecure Netlogon connection will be denied access. Any business-critical process that relies on these insecure connections will cease to function. Rapid7 encourages all organizations to [heed the detailed guidance](<https://support.microsoft.com/en-us/topic/how-to-manage-the-changes-in-netlogon-secure-channel-connections-associated-with-cve-2020-1472-f7e8cc17-0309-1d6a-304e-5ba73cd1a11e#bkmk_detectingnon_compliant>) before applying the latest updates to ensure continued business process continuity.\n\n### Adobe\n\nMost important amongst the [six security advisories](<https://helpx.adobe.com/security.html>) published by Adobe today is [APSB21-09](<https://helpx.adobe.com/security/products/acrobat/apsb21-09.html>), detailing 23 CVEs affecting Adobe Acrobat and Reader. Six of these are rated Critical and allow Arbitrary Code Execution, and one of which (CVE-2021-21017), has been seen exploited in the wild in attacks targeting Adobe Reader users on Windows.\n\n### Summary Tables\n\n#### Azure Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed | CVSSv3 Base Score | FAQ? \n---|---|---|---|---|--- \n[CVE-2021-24109](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24109>) | Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability | No | No | 6.8 | Yes \n[CVE-2021-24087](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24087>) | Azure IoT CLI extension Elevation of Privilege Vulnerability | No | No | 7 | Yes \n \n#### Browser Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed | CVSSv3 Base Score | FAQ? \n---|---|---|---|---|--- \n[CVE-2021-24100](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24100>) | Microsoft Edge for Android Information Disclosure Vulnerability | No | No | 5 | Yes \n[CVE-2021-24113](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24113>) | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | No | No | 4.6 | Yes \n[CVE-2021-21148](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21148>) | Chromium CVE-2021-21148: Heap buffer overflow in V8 | N/A | N/A | nan | Yes \n[CVE-2021-21147](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21147>) | Chromium CVE-2021-21147: Inappropriate implementation in Skia | N/A | N/A | nan | Yes \n[CVE-2021-21146](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21146>) | Chromium CVE-2021-21146: Use after free in Navigation | N/A | N/A | nan | Yes \n[CVE-2021-21145](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21145>) | Chromium CVE-2021-21145: Use after free in Fonts | N/A | N/A | nan | Yes \n[CVE-2021-21144](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21144>) | Chromium CVE-2021-21144: Heap buffer overflow in Tab Groups | N/A | N/A | nan | Yes \n[CVE-2021-21143](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21143>) | Chromium CVE-2021-21143: Heap buffer overflow in Extensions | N/A | N/A | nan | Yes \n[CVE-2021-21142](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21142>) | Chromium CVE-2021-21142: Use after free in Payments | N/A | N/A | nan | Yes \n \n#### Developer Tools Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed | CVSSv3 Base Score | FAQ? \n---|---|---|---|---|--- \n[CVE-2021-26700](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26700>) | Visual Studio Code npm-script Extension Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-1639](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1639>) | Visual Studio Code Remote Code Execution Vulnerability | No | No | 7 | No \n[CVE-2021-1733](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1733>) | Sysinternals PsExec Elevation of Privilege Vulnerability | No | Yes | 7.8 | Yes \n[CVE-2021-24105](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24105>) | Package Managers Configurations Remote Code Execution Vulnerability | No | No | 8.4 | Yes \n[CVE-2021-24111](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24111>) | .NET Framework Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2021-1721](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721>) | .NET Core and Visual Studio Denial of Service Vulnerability | No | Yes | 6.5 | No \n[CVE-2021-26701](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26701>) | .NET Core Remote Code Execution Vulnerability | No | Yes | 8.1 | Yes \n[CVE-2021-24112](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24112>) | .NET Core Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n \n#### ESU Windows Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed | CVSSv3 Base Score | FAQ? \n---|---|---|---|---|--- \n[CVE-2021-24080](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24080>) | Windows Trust Verification API Denial of Service Vulnerability | No | No | 6.5 | No \n[CVE-2021-24074](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24074>) | Windows TCP/IP Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-24094](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24094>) | Windows TCP/IP Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-24086](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24086>) | Windows TCP/IP Denial of Service Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-1734](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1734>) | Windows Remote Procedure Call Information Disclosure Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-25195](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-25195>) | Windows PKU2U Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-24088](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24088>) | Windows Local Spooler Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-1727](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1727>) | Windows Installer Elevation of Privilege Vulnerability | No | Yes | 7.8 | No \n[CVE-2021-24077](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24077>) | Windows Fax Service Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-1722](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1722>) | Windows Fax Service Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n[CVE-2021-24102](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24102>) | Windows Event Tracing Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-24103](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24103>) | Windows Event Tracing Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-24078](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24078>) | Windows DNS Server Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-24083](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24083>) | Windows Address Book Remote Code Execution Vulnerability | No | No | 7.8 | No \n \n#### Exchange Server Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed | CVSSv3 Base Score | FAQ? \n---|---|---|---|---|--- \n[CVE-2021-24085](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24085>) | Microsoft Exchange Server Spoofing Vulnerability | No | No | 6.5 | Yes \n[CVE-2021-1730](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1730>) | Microsoft Exchange Server Spoofing Vulnerability | No | No | 5.4 | Yes \n \n#### Microsoft Dynamics Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed | CVSSv3 Base Score | FAQ? \n---|---|---|---|---|--- \n[CVE-2021-1724](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1724>) | Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | No | No | 6.1 | No \n[CVE-2021-24101](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24101>) | Microsoft Dataverse Information Disclosure Vulnerability | No | No | 6.5 | Yes \n \n#### Microsoft Office Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed | CVSSv3 Base Score | FAQ? \n---|---|---|---|---|--- \n[CVE-2021-24073](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24073>) | Skype for Business and Lync Spoofing Vulnerability | No | No | 6.5 | No \n[CVE-2021-24099](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24099>) | Skype for Business and Lync Denial of Service Vulnerability | No | No | 6.5 | No \n[CVE-2021-24114](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24114>) | Microsoft Teams iOS Information Disclosure Vulnerability | No | No | 5.7 | Yes \n[CVE-2021-1726](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1726>) | Microsoft SharePoint Spoofing Vulnerability | No | No | 8 | Yes \n[CVE-2021-24072](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24072>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-24066](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24066>) | Microsoft SharePoint Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2021-24071](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24071>) | Microsoft SharePoint Information Disclosure Vulnerability | No | No | 5.3 | Yes \n[CVE-2021-24067](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24067>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-24068](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24068>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-24069](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24069>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-24070](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24070>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n## System Center Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed | CVSSv3 Base Score | FAQ? \n---|---|---|---|---|--- \n[CVE-2021-1728](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1728>) | System Center Operations Manager Elevation of Privilege Vulnerability | No | No | 8.8 | Yes \n[CVE-2021-24092](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24092>) | Microsoft Defender Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n \n#### Windows Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed | CVSSv3 Base Score | FAQ? \n---|---|---|---|---|--- \n[CVE-2021-1732](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1732>) | Windows Win32k Elevation of Privilege Vulnerability | Yes | No | 7.8 | No \n[CVE-2021-1698](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1698>) | Windows Win32k Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-24075](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24075>) | Windows Network File System Denial of Service Vulnerability | No | No | 6.8 | No \n[CVE-2021-24084](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24084>) | Windows Mobile Device Management Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-24096](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24096>) | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-24093](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24093>) | Windows Graphics Component Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2021-24106](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24106>) | Windows DirectX Information Disclosure Vulnerability | No | Yes | 5.5 | Yes \n[CVE-2021-24098](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24098>) | Windows Console Driver Denial of Service Vulnerability | No | Yes | 5.5 | Yes \n[CVE-2021-24091](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24091>) | Windows Camera Codec Pack Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-24079](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24079>) | Windows Backup Engine Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-1731](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1731>) | PFX Encryption Security Feature Bypass Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-24082](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24082>) | Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability | No | No | 4.3 | No \n[CVE-2021-24076](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24076>) | Microsoft Windows VMSwitch Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-24081](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24081>) | Microsoft Windows Codecs Library Remote Code Execution Vulnerability | No | No | 7.8 | No \n \n### Summary Charts\n\n\n\n________Note: _______Chart_______ data is reflective of data presented by Microsoft's CVRF at the time of writing.________", "modified": "2021-02-09T23:51:27", "published": "2021-02-09T23:51:27", "id": "RAPID7BLOG:44EA89871AFF6881B909B9FD0E07034F", "href": "https://blog.rapid7.com/2021/02/09/patch-tuesday-february-2021/", "type": "rapid7blog", "title": "Patch Tuesday - February 2021", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
