Microsoft released its monthly set of security updates as part of its February 2021 Patch Tuesday to fix over 56 security vulnerabilities affecting Windows TCP/IP implementation, including two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and a Denial of Service (DoS) vulnerability (CVE-2021-24086). The three flaws are unique and require a separate patch process based on the exposure of an affected system.
If exploited, the vulnerabilities would allow a remote attacker to cause a stop error and users may receive a blue screen on their systems that are exposed online with minimal network traffic.
While there is no evidence that these vulnerabilities have been exploited, Microsoft urged users to patch the affected systems as early as possible due to the elevated risk associated with them. However, users who have enabled automatic updates are protected from these vulnerabilities.
“We believe attackers will be able to create DoS exploits much more quickly and expect all three issues might be exploited with a DoS attack shortly after release. Thus, we recommend customers move quickly to apply Windows security updates this month,” Microsoft said.
“These vulnerabilities were discovered by Microsoft as part of our continual focus on strengthening the security of our products. At this time, we have no evidence that these vulnerabilities were known to any third-party. These vulnerabilities result from a flaw in Microsoft’s implementation of TCP/IP and affect all Windows versions. Non-Microsoft implementations are not affected,” Microsoft added.
Last month Microsoft released the official patches for over 83 newly discovered vulnerabilities, marking the first of many for 2021. The security updates addressed flaws in around 11 of Microsoft’s products and services, including an actively exploited zero-day vulnerability. Out of 83 vulnerabilities, 10 were listed as critical, and 73 as important in severity.