Microsoft Security Bulletin Coverage for February 2021

February 9, 2021

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of February 2021. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2021-1698 Windows Win32k Elevation of Privilege Vulnerability
ASPY 5907:Malformed-File exe.MP.131

CVE-2021-1732 Windows Win32k Elevation of Privilege Vulnerability
ASPY 149:Malformed-File exe.MP.170

CVE-2021-24072 Microsoft SharePoint Server Remote Code Execution Vulnerability
IPS 15383:Microsoft SharePoint Server Remote Code Execution (CVE-2021-24072)

CVE-2021-24074 Windows TCP/IP Remote Code Execution Vulnerability
IPS 15379:Windows TCP/IP Remote Code Execution (CVE-2021-24074)

CVE-2021-24078 Windows DNS Server Remote Code Execution Vulnerability
IPS 15380:Windows DNS Server Remote Code Execution (CVE-2021-24078)

CVE-2021-24086 Windows TCP/IP Denial of Service Vulnerability
IPS 15377:Windows TCP/IP DoS (CVE-2021-24086)

CVE-2021-24094 Windows TCP/IP Remote Code Execution Vulnerability
IPS 15378:Windows TCP/IP Remote Code Execution (CVE-2021-24094)

Adobe Coverage

CVE-2021-21017 Heap-based Buffer Overflow Vulnerability
ASPY 500 :Malformed-File pdf.MP.428
CVE-2021-21037 Path Traversal Vulnerability
ASPY 501 :Malformed-File pdf.MP.429
CVE-2021-21060 Improper Input Validation Vulnerability
ASPY 502 Malformed-File jpg.MP.18

Following vulnerabilities do not have exploits in the wild :
CVE-2021-1639 Visual Studio Code Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-1721 .NET Core and Visual Studio Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-1722 Windows Fax Service Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-1724 Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2021-1726 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-1727 Windows Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1728 System Center Operations Manager Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1730 Microsoft Exchange Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-1731 PFX Encryption Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2021-1733 Sysinternals PsExec Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1734 Windows Remote Procedure Call Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-24066 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-24067 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-24068 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-24069 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-24070 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-24071 Microsoft SharePoint Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-24073 Skype for Business and Lync Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-24075 Windows Network File System Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-24076 Microsoft Windows VMSwitch Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-24077 Windows Fax Service Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-24079 Windows Backup Engine Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-24080 Windows Trust Verification API Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-24081 Microsoft Windows Codecs Library Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-24082 Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2021-24083 Windows Address Book Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-24084 Windows Mobile Device Management Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-24085 Microsoft Exchange Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-24087 Azure IoT CLI extension Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-24088 Windows Local Spooler Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-24091 Windows Camera Codec Pack Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-24092 Microsoft Defender Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-24093 Windows Graphics Component Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-24096 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-24098 Windows Console Driver Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-24099 Skype for Business and Lync Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-24100 Microsoft Edge for Android Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-24101 Microsoft Dataverse Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-24102 Windows Event Tracing Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-24103 Windows Event Tracing Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-24105 Package Managers Configurations Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-24106 Windows DirectX Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-24109 Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-24111 .NET Framework Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-24112 .NET Core for Linux Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-24114 Microsoft Teams iOS Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-25195 Windows PKU2U Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-26700 Visual Studio Code npm-script Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-26701 .NET Core and Visual Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.