Microsoft today rolled out updates to plug at least 56 security holes in its Windows operating systems and other software. Nine of the 56 vulnerabilities earned Microsoft’s most urgent “critical” rating, meaning malware or miscreants could use them to seize remote control over unpatched systems with little or no help from users. Yes, good people of the Windows world, it’s time once again to use XEOX!
Get back full control on windows update by using XEOX Job Editor.
The February 2021 Patch Tuesday Security Updates
Security Updates are available for the following software:
- .NET Core
- .NET Framework
- Azure IoT
- Developer Tools
- Microsoft Azure Kubernetes Service
- Microsoft Dynamics
- Microsoft Edge for Android
- Microsoft Exchange Server
- Microsoft Graphics Component
- Microsoft Office Excel
- Microsoft Office SharePoint
- Microsoft Windows Codecs Library
- Role: DNS Server
- Role: Hyper-V
- Role: Windows Fax Service
- Skype for Business
- SysInternals
- System Center
- Visual Studio
- Windows Address Book
- Windows Backup Engine
- Windows Console Driver
- Windows Defender
- Windows DirectX
- Windows Event Tracing
- Windows Installer
- Windows Kernel
- Windows Mobile Device Management
- Windows Network File System
- Windows PFX Encryption
- Windows PKU2U
- Windows PowerShell
- Windows Print Spooler Components
- Windows Remote Procedure Call
- Windows TCP/IP
- Windows Trust Verification API
Information about the updates:
- Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
- Microsoft is improving Windows Release Notes. For more information, please see What’s next for Windows release notes.
- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
- In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
- Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
| Tag | CVE ID | CVE Title |
| .NET Core | CVE-2021-26701 | .NET Core Remote Code Execution Vulnerability |
| .NET Core | CVE-2021-24112 | .NET Core Remote Code Execution Vulnerability |
| .NET Core & Visual Studio | CVE-2021-1721 | .NET Core and Visual Studio Denial of Service Vulnerability |
| .NET Framework | CVE-2021-24111 | .NET Framework Denial of Service Vulnerability |
| Azure IoT | CVE-2021-24087 | Azure IoT CLI extension Elevation of Privilege Vulnerability |
| Developer Tools | CVE-2021-24105 | Package Managers Configurations Remote Code Execution Vulnerability |
| Microsoft Azure Kubernetes Service | CVE-2021-24109 | Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability |
| Microsoft Dynamics | CVE-2021-24101 | Microsoft Dataverse Information Disclosure Vulnerability |
| Microsoft Dynamics | CVE-2021-1724 | Microsoft Dynamics Business Central Cross-site Scripting Vulnerability |
| Microsoft Edge for Android | CVE-2021-24100 | Microsoft Edge for Android Information Disclosure Vulnerability |
| Microsoft Exchange Server | CVE-2021-24085 | Microsoft Exchange Server Spoofing Vulnerability |
| Microsoft Exchange Server | CVE-2021-1730 | Microsoft Exchange Server Spoofing Vulnerability |
| Microsoft Graphics Component | CVE-2021-24093 | Windows Graphics Component Remote Code Execution Vulnerability |
| Microsoft Office Excel | CVE-2021-24067 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office Excel | CVE-2021-24068 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office Excel | CVE-2021-24069 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office Excel | CVE-2021-24070 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2021-24071 | Microsoft SharePoint Information Disclosure Vulnerability |
| Microsoft Office SharePoint | CVE-2021-1726 | Microsoft SharePoint Spoofing Vulnerability |
| Microsoft Office SharePoint | CVE-2021-24066 | Microsoft SharePoint Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2021-24072 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Microsoft Teams | CVE-2021-24114 | Microsoft Teams iOS Information Disclosure Vulnerability |
| Microsoft Windows Codecs Library | CVE-2021-24081 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2021-24091 | Windows Camera Codec Pack Remote Code Execution Vulnerability |
| Role: DNS Server | CVE-2021-24078 | Windows DNS Server Remote Code Execution Vulnerability |
| Role: Hyper-V | CVE-2021-24076 | Microsoft Windows VMSwitch Information Disclosure Vulnerability |
| Role: Windows Fax Service | CVE-2021-24077 | Windows Fax Service Remote Code Execution Vulnerability |
| Role: Windows Fax Service | CVE-2021-1722 | Windows Fax Service Remote Code Execution Vulnerability |
| Skype for Business | CVE-2021-24073 | Skype for Business and Lync Spoofing Vulnerability |
| Skype for Business | CVE-2021-24099 | Skype for Business and Lync Denial of Service Vulnerability |
| SysInternals | CVE-2021-1733 | Sysinternals PsExec Elevation of Privilege Vulnerability |
| System Center | CVE-2021-1728 | System Center Operations Manager Elevation of Privilege Vulnerability |
| Visual Studio | CVE-2021-1639 | Visual Studio Code Remote Code Execution Vulnerability |
| Visual Studio Code | CVE-2021-26700 | Visual Studio Code npm-script Extension Remote Code Execution Vulnerability |
| Windows Address Book | CVE-2021-24083 | Windows Address Book Remote Code Execution Vulnerability |
| Windows Backup Engine | CVE-2021-24079 | Windows Backup Engine Information Disclosure Vulnerability |
| Windows Console Driver | CVE-2021-24098 | Windows Console Driver Denial of Service Vulnerability |
| Windows Defender | CVE-2021-24092 | Microsoft Defender Elevation of Privilege Vulnerability |
| Windows DirectX | CVE-2021-24106 | Windows DirectX Information Disclosure Vulnerability |
| Windows Event Tracing | CVE-2021-24102 | Windows Event Tracing Elevation of Privilege Vulnerability |
| Windows Event Tracing | CVE-2021-24103 | Windows Event Tracing Elevation of Privilege Vulnerability |
| Windows Installer | CVE-2021-1727 | Windows Installer Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2021-24096 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2021-1732 | Windows Win32k Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2021-1698 | Windows Win32k Elevation of Privilege Vulnerability |
| Windows Mobile Device Management | CVE-2021-24084 | Windows Mobile Device Management Information Disclosure Vulnerability |
| Windows Network File System | CVE-2021-24075 | Windows Network File System Denial of Service Vulnerability |
| Windows PFX Encryption | CVE-2021-1731 | PFX Encryption Security Feature Bypass Vulnerability |
| Windows PKU2U | CVE-2021-25195 | Windows PKU2U Elevation of Privilege Vulnerability |
| Windows PowerShell | CVE-2021-24082 | Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability |
| Windows Print Spooler Components | CVE-2021-24088 | Windows Local Spooler Remote Code Execution Vulnerability |
| Windows Remote Procedure Call | CVE-2021-1734 | Windows Remote Procedure Call Information Disclosure Vulnerability |
| Windows TCP/IP | CVE-2021-24086 | Windows TCP/IP Denial of Service Vulnerability |
| Windows TCP/IP | CVE-2021-24074 | Windows TCP/IP Remote Code Execution Vulnerability |
| Windows TCP/IP | CVE-2021-24094 | Windows TCP/IP Remote Code Execution Vulnerability |
| Windows Trust Verification API | CVE-2021-24080 | Windows Trust Verification API Denial of Service Vulnerability |
The following KBs contain information about known issues with the security updates.
| KB ARTICLE | APPLIES TO |
|---|---|
| 4493194 | SharePoint Server 2019 |
| 4493195 | SharePoint Enterprise Server 2016 |
| 4493210 | SharePoint Foundation 2013 |
| 4493223 | SharePoint Foundation 2010 |
| 4571787 | Exchange Server 2019 |
| 4600944 | Security and Quality Rollup for .NET Framework 4.8 for Windows 7 SP1 and Windows Server 2008 R2 SP1 |
| 4600945 | Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 SP1 and Windows Server 2008 R2 SP1 and Windows Server 2008 SP2 |
| 4600957 | Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012 |
| 4601048 | Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1, RT 8.1, and Windows Server 2012 R2 |
| 4601050 | Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 2004, Windows Server, version 2004, Windows 10, version 20H2, and Windows Server, version 20H2 |
| 4601051 | Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server, version 2016 |
| 4601052 | Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703 |
| 4601054 | Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1803 |
| 4601055 | Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 1809 and Windows Server, version 2019 |
| 4601056 | Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 1909, and Windows Server, version 1909 |
| 4601057 | Security and Quality Rollup for .NET Framework 4.8 for Windows Server 2012 |
| 4601058 | Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1, RT 8.1, and Windows Server 2012 R2 |
| 4601060 | Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10, version 1809 and Windows Server, version 2019 |
| 4601315 | Windows 10, Version 1909, Windows Server, Version 1909 |
| 4601318 | Windows 10, Version 1607, Windows Server 2016 |
| 4601319 | Windows 10, version 2004 |
| 4601345 | Windows 10, Version 1809, Windows Server 2019 |
| 4601347 | Windows 7, Windows Server 2008 R2 (Monthly Rollup) |
| 4601348 | Windows Server 2012 (Monthly Rollup) |
| 4601349 | Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Security-only update) |
| 4601357 | Windows Server 2012 (Security-only update) |
| 4601360 | Windows Server 2008 (Monthly Rollup) |
| 4601363 | Windows 7, Windows Server 2008 R2 (Security-only update) |
| 4601366 | Windows Server 2008 (Security-only update) |
| 4601384 | Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Monthly Rollup) |
| 4601887 | Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10, version 1809 and Windows Server, version 2019 |
| 4602269 | Exchange Server 2019, Exchange Server 2016 |
| 4603002 | Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1 and Windows Server 2008 R2 SP1 |
| 4603003 | Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 |
| 4603004 | Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1, RT 8.1, and Windows Server 2012 R2 |
| 4603005 | Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008 SP2 |
More Information:
https://krebsonsecurity.com/2021/02/microsoft-patch-tuesday-february-2021-edition/
https://www.zdnet.com/article/microsoft-february-2021-patch-tuesday-fixes-56-bugs-including-windows-zero-day/
https://msrc.microsoft.com/update-guide/releaseNote/2021-Feb
https://wuinstall.com/index.php/blog-list/item/24-how-to-force-windows-2004-feature-upgrade-os-build-19041-to-install-using-the-command-line.html
https://windowsreport.com/windows-10-patch-tuesday-update-history/
- CVE-2021-1722
- CVE-2021-1726
- CVE-2021-1728
- CVE-2021-1730
- CVE-2021-1731
- CVE-2021-1733
- CVE-2021-1734
- CVE-2021-24066
- CVE-2021-24067
- CVE-2021-24068
- CVE-2021-24069
- CVE-2021-24070
- CVE-2021-24071
- CVE-2021-24074
- CVE-2021-24076
- CVE-2021-24077
- CVE-2021-24078
- CVE-2021-24079
- CVE-2021-24084
- CVE-2021-24085
- CVE-2021-24086
- CVE-2021-24087
- CVE-2021-24092
- CVE-2021-24093
- CVE-2021-24094
- CVE-2021-24098
- CVE-2021-24100
- CVE-2021-24101
- CVE-2021-24105
- CVE-2021-24106
- CVE-2021-24109
- CVE-2021-24112
- CVE-2021-24114
- CVE-2021-25195
- CVE-2021-26700
- CVE-2021-26701
