- 106 different CVEs were identified according to the reports that came with this Patch Tuesday.
- 56 affected Microsoft products, while 50 affected Adobe products.
- These CVEs range in terms of severity from Moderate to Critical, but they were dealt with.
- Don't forget to get the latest Patch Tuesday updates to further protect yourself from common vulnerabilities.
Now that Patch Tuesday has finally arrived, so have the CVE reports where users can finally see which Microsoft and Adobe features and apps were targeted by common vulnerabilities and malware attacks.
Last month started off the year 2021 with 91 CVEs, but fortunately enough, very few were actually identified as being serious, with all of them being fixed as soon as they were found.
Well, CVEs were identified this month as well, and we will be listing a brief rundown of how they behave, and what services they affected.
The February CVE report includes 106 identified CVEs
Vulnerabilities found in Adobe products
This month was quite abundant in terms of Adobe-related CVEs, as 50 were discovered with affecting Adobe Dreamweaver, Illustrator, Animate, Photoshop, Magento, and Reader.
Adobe Reader alone was the target of 23 CVEs, 17 of which were rated as Critical.
Magento came second place in terms of sheer CVE numbers, with 18 vulnerabilities discovered, although they were of lesser severity.
Vulnerabilities found in Microsoft products
As always, Microsoft products hold the lead in terms of total CVEs discovered, although not by such a large margin this month, with only 6 more compared to Adobe, totaling 56.
These CVEs covered Microsoft Windows components, .NET Framework, Azure IoT, Azure Kubernetes Service, Microsoft Edge for Android, Exchange Server, Office and Office Services and Web Apps, Skype for Business and Lync, and Windows Defender.
Of the 56, 43 were rated as Important
Which were some of the most severe CVEs?
- Windows Win32k Elevation of Privilege Vulnerability
- Windows DNS Server Remote Code Execution Vulnerability
- Windows TCP/IP Remote Code Execution Vulnerability
- .NET Core and Visual Studio Remote Code Execution Vulnerability
All other identified CVEs are listed in the table below:
|CVE-2021-1732||Windows Win32k Elevation of Privilege Vulnerability||Important|
|CVE-2021-26701||.NET Core and Visual Studio Remote Code Execution Vulnerability||Critical|
|CVE-2021-1721||.NET Core and Visual Studio Denial of Service Vulnerability||Important|
|CVE-2021-1733||Sysinternals PsExec Elevation of Privilege Vulnerability||Important|
|CVE-2021-24098||Windows Console Driver Denial of Service Vulnerability||Important|
|CVE-2021-24106||Windows DirectX Information Disclosure Vulnerability||Important|
|CVE-2021-1727||Windows Installer Elevation of Privilege Vulnerability||Important|
|CVE-2021-24112||.NET Core for Linux Remote Code Execution Vulnerability||Critical|
|CVE-2021-24081||Microsoft Windows Codecs Library Remote Code Execution Vulnerability||Critical|
|CVE-2021-24091||Windows Camera Codec Pack Remote Code Execution Vulnerability||Critical|
|CVE-2021-24078||Windows DNS Server Remote Code Execution Vulnerability||Critical|
|CVE-2021-1722||Windows Fax Service Remote Code Execution Vulnerability||Critical|
|CVE-2021-24077||Windows Fax Service Remote Code Execution Vulnerability||Critical|
|CVE-2021-24093||Windows Graphics Component Remote Code Execution Vulnerability||Critical|
|CVE-2021-24088||Windows Local Spooler Remote Code Execution Vulnerability||Critical|
|CVE-2021-24074||Windows TCP/IP Remote Code Execution Vulnerability||Critical|
|CVE-2021-24094||Windows TCP/IP Remote Code Execution Vulnerability||Critical|
|CVE-2021-24111||.NET Framework Denial of Service Vulnerability||Important|
|CVE-2021-24087||Azure IoT CLI extension Elevation of Privilege Vulnerability||Important|
|CVE-2021-24101||Microsoft Dataverse Information Disclosure Vulnerability||Important|
|CVE-2021-24092||Microsoft Defender Elevation of Privilege Vulnerability||Important|
|CVE-2021-1724||Microsoft Dynamics Business Central Cross-site Scripting Vulnerability||Important|
|CVE-2021-24100||Microsoft Edge for Android Information Disclosure Vulnerability||Important|
|CVE-2021-24067||Microsoft Excel Remote Code Execution Vulnerability||Important|
|CVE-2021-24068||Microsoft Excel Remote Code Execution Vulnerability||Important|
|CVE-2021-24069||Microsoft Excel Remote Code Execution Vulnerability||Important|
|CVE-2021-24070||Microsoft Excel Remote Code Execution Vulnerability||Important|
|CVE-2021-1730||Microsoft Exchange Server Spoofing Vulnerability||Important|
|CVE-2021-24085||Microsoft Exchange Server Spoofing Vulnerability||Important|
|CVE-2021-24071||Microsoft SharePoint Information Disclosure Vulnerability||Important|
|CVE-2021-24066||Microsoft SharePoint Remote Code Execution Vulnerability||Important|
|CVE-2021-24072||Microsoft SharePoint Server Remote Code Execution Vulnerability||Important|
|CVE-2021-1726||Microsoft SharePoint Spoofing Vulnerability||Important|
|CVE-2021-24114||Microsoft Teams iOS Information Disclosure Vulnerability||Important|
|CVE-2021-24076||Microsoft Windows VMSwitch Information Disclosure Vulnerability||Important|
|CVE-2021-24082||Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability||Important|
|CVE-2021-24105||Package Managers Configurations Remote Code Execution Vulnerability||Important|
|CVE-2021-1731||PFX Encryption Security Feature Bypass Vulnerability||Important|
|CVE-2021-24099||Skype for Business and Lync Denial of Service Vulnerability||Important|
|CVE-2021-24073||Skype for Business and Lync Spoofing Vulnerability||Important|
|CVE-2021-1728||System Center Operations Manager Elevation of Privilege Vulnerability||Important|
|CVE-2021-26700||Visual Studio Code npm-script Extension Remote Code Execution Vulnerability||Important|
|CVE-2021-1639||Visual Studio Code Remote Code Execution Vulnerability||Important|
|CVE-2021-24083||Windows Address Book Remote Code Execution Vulnerability||Important|
|CVE-2021-24079||Windows Backup Engine Information Disclosure Vulnerability||Important|
|CVE-2021-24102||Windows Event Tracing Elevation of Privilege Vulnerability||Important|
|CVE-2021-24103||Windows Event Tracing Elevation of Privilege Vulnerability||Important|
|CVE-2021-24096||Windows Kernel Elevation of Privilege Vulnerability||Important|
|CVE-2021-24084||Windows Mobile Device Management Information Disclosure Vulnerability||Important|
|CVE-2021-24075||Windows Network File System Denial of Service Vulnerability||Important|
|CVE-2021-25195||Windows PKU2U Elevation of Privilege Vulnerability||Important|
|CVE-2021-1734||Windows Remote Procedure Call Information Disclosure Vulnerability||Important|
|CVE-2021-24086||Windows TCP/IP Denial of Service Vulnerability||Important|
|CVE-2021-1698||Windows Win32k Elevation of Privilege Vulnerability||Important|
|CVE-2021-24109||Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability||Moderate|
|CVE-2021-24080||Windows Trust Verification API Denial of Service Vulnerability||Moderate|
While January started off with quite a large number of CVE, February seems to have topped it off by quite a bit, and it seems that there is a chance that 2021 may have more CVEs compared to 2020.
Keep in mind that if you happen to use any of the affected products mentioned above, you may have exposed yourself to such vulnerabilities, so make sure you take the appropriate measures.
One first step in doing so is making sure that you get the latest updates that comes with patch Tuesday, since their main focus is improving security.
You can download the latest Patch Tuesday cumulative updates from this detailed article where we’ve also listed the complete changelog for each of them.
Were you expecting fewer or more CVEs this month? Let us know what you think by leaving us a message in the comments section below.