Tuesday, February 9, 2021

Microsoft Patch Tuesday for Feb. 2021 — Snort rules and prominent vulnerabilities



By Jon Munshaw, with contributions from Bill Largent. 

Microsoft released its monthly security update Tuesday, disclosing 56 vulnerabilities across its suite of products. This is the smallest amount of vulnerabilities Microsoft has disclosed in a month since January 2020. 

There are only 11 critical vulnerabilities as part of this release, while there are three moderate-severity exploits, and the remainder are considered “important.” Users of all Microsoft and Windows products are urged to update their software as soon as possible to avoid possible exploitation of all these bugs.

The security updates cover several different products and services, including the Microsoft Office suite of products, the Windows DNS server and the SharePoint file-sharing service. 

Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For complete details, check out the latest Snort advisory here

Two of the critical vulnerabilities exist in Windows’ TCP/IP settings. CVE-2021-24074 and CVE-2021-24094 could allow an adversary to execute arbitrary code on the victim machine. Both have a CVSS severity score of 8.1 out of 10. While Microsoft made a patch available to fix these vulnerabilities, there are also multiple workarounds to protect users the company outlined in its advisory. 

Another critical vulnerability subsists in SharePoint with a CVSS score of 8.8 out of 10. CVE-2021-24072 requires no user interaction, allowing an adversary to exploit the software in a way that would allow them to execute remote code on the targeted machine. 

It’s also worth highlighting CVE-2021-1732, a privilege escalation vulnerability in the Win32k program. While Microsoft only lists this vulnerability as being “important,” the company did note that this vulnerability has been spotted being exploited in the wild, though it has not been publicly reported. This exploit affects multiple versions of Windows 10, along with some versions of Windows Server 2019. 

For a complete list of all the vulnerabilities Microsoft disclosed this month, check out its update page

In response to these vulnerability disclosures, Talos is releasing a new SNORTⓇ rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org. 

The rules included in this release that protect against the exploitation of many of these vulnerabilities are 57103, 57104, 57106 - 57108, 57123 and 57128. 

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.