Micro .ft Today it brought updates to plug in at least 56 security holes Windows operating operating systems and other software. One of the bugs is already being actively exploited, and six of them were revealed earlier today, potential attackers began to figure out how to exploit the bugs.
Nine of the Vulne 56 vulnerabilities received a very immediate “critical” rating of microsoft .ft, meaning that malware or rioters could use it to gain remote control over unpatch systems with little or no user help.
Blame is already being exploited in the wild – CVE-2021-1732 – affecting Windows 10, Server 2016 and later versions. It received a slightly less strict “critical” rating, mainly because it is a vulnerability that allows an attacker to increase their power and control over the device, which means that the attacker already needs to take access to the target system.
The other two bugs that were revealed earlier this week are serious and live on Micro .ft .NET Framework, A component required by many third-party applications (most Windows users will have some version of .NET installed).
Windows 10 users should note that while the operating operating system installs all the monthly patch roll-ups at once, the rollup does not specifically include .NET updates, which are installed on their own. So when you back up your system and install this month’s patches, you can re-check the Windows update to see if there are any .NET updates left.
The main concern for the enterprise is that the DNS server on Windows Server 2008 is another complex error from other versions of 2019 that can be used to remotely install software of the attacker’s choice. CVE-2021-24078 got a CVSS score of 9.8, which is as risky as it gets.
Record Future Says this vulnerability can be obtained by remotely navigating to a domain for which it has not previously been viewed (e.g. by sending a phishing email with a link to a new domain or with embedded images that call a new domain). Kevin Breen Of Immersive Labs Note that CVE-2021-24078 allows an attacker to steal a load of data by modifying the destination for the organization’s web traffic – such as pointing internal devices or Outlook email access to a malicious server.
Windows Server users should also be aware that MicroSFT is implementing a second round of security improvements as part of a two-phase update to address CVE 2020-1472, a serious vulnerability that actively exploited in September 2020.
Weakness, dubbedXerologon, “Original error”ProfileComponent of Windows Server Devices. The fault allows an unauthorized attacker to gain administrative access access to the Windows domain controller and run any application at will. A domain controller is a server that responds to security authentication requests in a Windows environment, and a compromised domain controller can give invaders the keys within a corporate corporate network.
The initial patch for Microsoft .ft’s CVE-2020-1472 corrected bugs on Windows server systems, but did nothing to prevent unsupported or third-party devices from communicating with domain controllers using the unsupported on-line communications method. “This is to ensure that vendors of non-compliant implementation can provide updates to customers,” Microsoft said. With this month’s patches, Microsoft will begin to reject unsafe Netlog gun attempts from non-Windows devices.
Some other notable non-Windows security updates are noteworthy. Adobe today released updates to fix at least 50 security holes in a range of products, including Photoshop and Reader. RoCrub / T / Reader Update encounters a zero-day error in saying that Windows users are being actively exploited in the wild, so if you have Adobe Acrobat or Reader installed, please make sure these programs are up Is up to date.
It also has a zero day defect Google’s Chrome web browser (CVE-2021-21148) that is watching active attacks. Chrome downloads security updates automatically, but users still need to restart the browser for the updates to take full effect. If you’re a Chrome user and see a red “update” prompt to the right of the address bar, it’s time to save your work and restart the browser.
Standard reminder: Windows patches must stay up-to-date, it’s important to make sure you’re updating only after you’ve backed up your important data and files Reliable backup means your hair is less likely to be pulled when a strange buggy patch system causes problems booting.
So take advantage of yourself before installing any patches and back up your files. Windows 10 also has some built-in tools that help you to do this, either on a file-folder / folder basis or at the same time complete and bootable of your hard drive.
Keep in mind that Windows 10 will automatically download and install updates on its own schedule by default. If you want to ensure that Windows has stopped updating so that you can back up your files and / or system before you decide to reboot and install your operating system software, see this guide.
And as always, if you experience an error or problems installing any of these patches this month, please consider commenting about it below; There is also a great opportunity that other readers have also experienced and with some helpful tips here it is possible.
Tags: CVE-2020-1472, CVE-2021-1732, CVE-2021-21148, CVE-2021-24078, Immersive Labs, Kevin Breen, MicroFt Patch Tuesday, February 2021, Hagton, Record Future, Zerologen
This entry was posted on Tuesday, February 9th, 2021 at 5:37 pm and is filed under Security Tools, Time to Patch. You can follow any comments for this login via the RSS 2.0 feed. You can skip to the end and leave a comment. Pinging is currently not allowed.
