On Tuesday February 9th, Microsoft released another round of security updates. These patches address vulnerabilities across multiple products, with 11 rating as critical and one zero day that was being actively exploited by attackers, CVE-2021-1732. This CVE affects the Win32k component in Windows allowing attackers to gain SYSTEM-level control from unprivileged user access. Microsoft has withheld any details as this is still being used by various threat actors. CVE-2021-24078 is a critical flaw in Windows DNS servers allowing remote code execution. It has been reported that if a system is not configured to service DNS it is not susceptible to exploitation.
Again, this round of patches illustrates the importance of keeping systems up to date with the latest patches installed. It can be an arduous task to keep systems current when dealing with a large network, but the cost may be far greater if an attacker gains access. AD group policy settings is a solution that can be instituted with minimal effort to mitigate risks associated with out-of-date systems. As the announcement from Microsoft reveals, attackers sometimes exploit vulnerabilities that do not have patches available. Even up-to-date systems require continuous monitoring for unusual and dangerous behaviors that could signal an attacker has control over the system. A best practice is to monitor events on endpoints and other critical systems from a Security Operations Center that operates 24/7, or partner with a managed security provider such as Binary Defense’s Security Operations Task Force to keep watch over systems at any time of day or night.
Link to Microsoft Security Information: https://msrc.microsoft.com/update-guide
ZDNet coverage: https://www.zdnet.com/article/microsoft-february-2021-patch-tuesday-fixes-56-bugs-including-windows-zero-day/
Krebs on Security: https://krebsonsecurity.com/2021/02/microsoft-patch-tuesday-february-2021-edition/
Security Affairs: https://securityaffairs.co/wordpress/114409/security/microsoft-february-2021-patch-tuesday.html