Microsoft has fixed 56 CVEs as part of this month’s Patch Tuesday, including several already publicly disclosed and one zero-day being actively exploited in the wild.
Although the workload is relatively light for sysadmins this month, there’s plenty to be concerned about.
The zero-day is CVE-2021-1732, a Windows Win32k.sys elevation of privilege vulnerability affecting Windows 10 and Windows Server 2019. Although rated as “important” rather than critical by Microsoft, its active exploitation should push it up to the top of the priority list.
Windows DNS Server remote code execution (RCE) vulnerability CVE-2021-24078 should be second on the to-do list, according to Recorded Future senior security architect, Allan Liska.
“This vulnerability impacts Windows Server 2008 through 2019. This is a critical vulnerability to which Microsoft has assigned a CVSS score of 9.8,” he added.
“Similar to SIGRed, which was disclosed last year, this vulnerability can be exploited remotely by getting a vulnerable DNS server to query for a domain it has not seen before — e.g. by sending a phishing email with a link to a new domain or even with images embedded that call out to a new domain.”
There are six additional CVEs in total for which proof-of-concept code or other information has been publicly released which could help attackers develop an exploit.
CVE-2021-1733 is a bug in Sysinternals PsExec which could allow an attacker to elevate their privileges. PSExec is commonly used in “living off the land” techniques for lateral movement.
An information disclosure bug in DirectX (CVE-2021-24106) affects Windows 10 and Server 2016 and newer systems, while an elevation of privilege vulnerability in Windows Installer (CVE-2021-1727) impacts Windows 7 and Server 2008 and newer operating systems.
Finally, Microsoft fixed a DoS vulnerability in Windows Console Driver (CVE-2021-24098).
Ivanti senior director of product management, Chris Goettl, highlighted the importance of the .Net Core and PSExec fixes.
“As these development and IT tools do not follow the same update process as OS and application updates it is important to review your DevOps processes and determine if you are able to detect and respond to updates for common dev components,” he explained.
“For tools like PsExec it is important to understand your software inventory and where these tools are installed and ensure you can distribute updated versions as needed.”