February’s edition of Microsoft Patch Tuesday is now live.
This time around, there are 56 security updates for Windows operating systems and other software.
Nine of the bugs have received a ‘critical’ rating, meaning that an attacker can capitalise on them to take control of your device without additional aid on your part.
Starting with CVE-2021-1732, this is a flaw that affects Windows 10, Server 2016 and later editions, and it is being exploited in the wild already.
If an attacker has already compromised your system, this is what they can take advantage of to escalate to a higher level of control over your system.
CVE-2021-1732 has received the rating of ‘important’.
A couple of Microsoft’s .NET Framework exploits have been rated ‘critical’, and the fact that many users have installed this component for the purpose of being able to run other third-party applications is a cause for concern.
Be advised that .NET Framework updates need to be installed separately, so be sure to head over to Windows Update again once you have finished installing this month’s patches.
You should also take note of CVE-2021-24078, another critical bug in the DNS server that affects Windows Server 2008 through 2019.
According to Recorded Future, this has the potential to be exploited with phishing attacks.
Kevin Breen of Immersive Labs added that exploiting this vulnerability could allow someone to re-route an organisation’s web traffic.
This month’s updates are also designed to address CVE-2020-1472, a serious vulnerability that malicious actors started exploiting back in September 2020.
This vulnerability has received the nickname of ‘Zerologon’, and it is a bug that is present in the core ‘Netlogon’ component of Windows Server devices.
By exploiting it, an attacker can gain administrative rights and run any application at will.