Windows 10: Updates - TCP/IP:  CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086

Discus and support Updates - TCP/IP:  CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086 in Windows 10 News to solve the problem; Today Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities... Discussion in 'Windows 10 News' started by Brink, Feb 10, 2021.

  1. BRINK
    Brink Win User

    Updates - TCP/IP:  CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086


    Source:

    :)
     
    Brink, Feb 10, 2021
    #1
  2. NICK ADSL UK
    NICK ADSL UK Win User

    Microsoft January 2021 Security Updates

    January 2021 Security Updates




    The January 2021 security release consists of security updates for the following software:



    • Microsoft Windows
    • Microsoft Edge (EdgeHTML-based)
    • Microsoft Office and Microsoft Office Services and Web Apps
    • Microsoft Windows Codecs Library
    • Visual Studio
    • SQL Server
    • Microsoft Malware Protection Engine
    • .NET Core
    • .NET Repository
    • ASP .NET
    • Azure
    Please note the following information regarding the security updates:



    • CVE-2020-0689 has been re-released. For further information see Security update for Secure Boot DBX: January 12, 2021.
    • For information regarding enabling Windows 10, version 1909 features, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs.
    • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
    • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
    • A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
    • Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
    • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
    • Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
    The following CVEs have FAQs with additional information. Please note that this is not a complete list of CVEs for this release.



    Known Issues


    The following KBs contain information about known issues with the security updates. For a complete list of security update KBs, please see 20210112. For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).


    KB Article Applies To
    4598229 Windows 10, Version 1903, Windows Server, Version 1903, Windows 10, Version 1909, Windows Server, Version 1909
    4598230 Windows 10, Version 1809, Windows Server 2019
    4598242 Windows 10, Version 2004, Windows Server, Version 2004, Windows 10, Version 20H2, Windows Server, Version 20H2
    4598275 Windows 8.1, Windows Server 2012 R2 (Security-only update)
    4598278 Windows Server 2012 (Monthly Rollup)
    4598279 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
    4598285 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
    4598287 Windows Server 2008 (Security-only update)
    4598288 Windows Server 2008 (Monthly Rollup)
    4598289 Windows 7, Windows Server 2008 R2 (Security-only update)
    4598297 Windows Server 2012 (Security-only update)


    January 2021 Security Updates - Release Notes - Security Update Guide - Microsoft
     
    NICK ADSL UK, Feb 10, 2021
    #2
  3. NICK ADSL UK
    NICK ADSL UK Win User
    Microsoft February 2021 Security Updates

    February 2021 Security Updates
    Updates this Month

    This release consists of security updates for the following products, features and roles.



    • .NET Core
    • .NET Framework
    • Azure IoT
    • Developer Tools
    • Microsoft Azure Kubernetes Service
    • Microsoft Dynamics
    • Microsoft Edge for Android
    • Microsoft Exchange Server
    • Microsoft Graphics Component
    • Microsoft Office Excel
    • Microsoft Office SharePoint
    • Microsoft Windows Codecs Library
    • Role: DNS Server
    • Role: Hyper-V
    • Role: Windows Fax Service
    • Skype for Business
    • SysInternals
    • System Center
    • Visual Studio
    • Windows Address Book
    • Windows Backup Engine
    • Windows Console Driver
    • Windows Defender
    • Windows DirectX
    • Windows Event Tracing
    • Windows Installer
    • Windows Kernel
    • Windows Mobile Device Management
    • Windows Network File System
    • Windows PFX Encryption
    • Windows PKU2U
    • Windows PowerShell
    • Windows Print Spooler Components
    • Windows Remote Procedure Call
    • Windows TCP/IP
    • Windows Trust Verification API
    Relevant Information


    • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
    • Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
    • A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
    • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
    • Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
    FAQs, Mitigations, and Workarounds
    The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting FAQs, Mitigations and Workarounds columns in the Edit Columns panel.




    Known Issues
    You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

    For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

    KB Article Applies To
    4493194 SharePoint Server 2019
    4493195 SharePoint Enterprise Server 2016
    4493210 SharePoint Foundation 2013
    4493223 SharePoint Foundation 2010
    4571787 Exchange Server 2019
    4600944 Security and Quality Rollup for .NET Framework 4.8 for Windows 7 SP1 and Windows Server 2008 R2 SP1
    4600945 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 SP1 and Windows Server 2008 R2 SP1 and Windows Server 2008 SP2
    4600957 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012
    4601048 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1, RT 8.1, and Windows Server 2012 R2
    4601050 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 2004, Windows Server, version 2004, Windows 10, version 20H2, and Windows Server, version 20H2
    4601051 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server, version 2016
    4601052 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703
    4601054 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1803
    4601055 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 1809 and Windows Server, version 2019
    4601056 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 1909, and Windows Server, version 1909
    4601057 Security and Quality Rollup for .NET Framework 4.8 for Windows Server 2012
    4601058 Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1, RT 8.1, and Windows Server 2012 R2
    4601060 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10, version 1809 and Windows Server, version 2019
    4601315 Windows 10, Version 1909, Windows Server, Version 1909
    4601318 Windows 10, Version 1607, Windows Server 2016
    4601319 Windows 10, version 2004
    4601345 Windows 10, Version 1809, Windows Server 2019
    4601347 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
    4601348 Windows Server 2012 (Monthly Rollup)
    4601349 Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Security-only update)
    4601357 Windows Server 2012 (Security-only update)
    4601360 Windows Server 2008 (Monthly Rollup)
    4601363 Windows 7, Windows Server 2008 R2 (Security-only update)
    4601366 Windows Server 2008 (Security-only update)
    4601384 Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Monthly Rollup)
    4601887 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10, version 1809 and Windows Server, version 2019
    4602269 Exchange Server 2019, Exchange Server 2016
    4603002 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1 and Windows Server 2008 R2 SP1
    4603003 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012
    4603004 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1, RT 8.1, and Windows Server 2012 R2
    4603005 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008 SP2



    https://msrc.microsoft.com/update-gu...eNote/2021-Feb
     
    NICK ADSL UK, Feb 10, 2021
    #3
  4. TD47
    TD47 Win User

    Updates - TCP/IP:  CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086

    SQLITE vulnerability CVE-2018-20346, CVE-2018-20505, CVE-2018-20506

    There is a reported vulnerability in older versions of SQLITE:

    See 21th Dec 2018 CVE ID has been assigned as CVE-2018-20346, CVE-2018-20505, CVE-2018-20506

    https://blade.tencent.com/magellan/index_en.html

    and

    Crash Chrome 70 with the SQLite Magellan bug

    However, I see that the Windows Update Installer Patch Cache uses sqlite.dll version 15.7.20033 (dated 2015):

    C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\sqlite.dll

    Since this is 3 years old, does anyone know if this is vulnerable?
     
    TD47, Feb 10, 2021
    #4
Thema:

Updates - TCP/IP:  CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086

Loading...

  1. Updates - TCP/IP:  CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086 - Similar Threads - Updates TCP  

  2. Microsoft’s Response to CVE-2021-44228 Apache Log4j 2

    in AntiVirus, Firewalls and System Security
    Microsoft’s Response to CVE-2021-44228 Apache Log4j 2: Dear community,I followed the article related to Microsoft’s Response to CVE-2021-44228 Apache Log4j 2 but still I’m not clear LWhat is Microsoft’s Response to Windows Servers and applications on prem such as Exchange, AD, EDGE Transporter ?Is there any update or do we need...

  3. Is Visual Studio affected by Apache Log4j Vulnerability, CVE-2021-44228?

    in AntiVirus, Firewalls and System Security
    Is Visual Studio affected by Apache Log4j Vulnerability, CVE-2021-44228?: Is Visual Studio Affected by the vulnerability below, and if so what the recommendation is to address it? I mean not only newest version, but for example 2010, 2012, 2013....

  4. CVE-2021-41379

    in Windows 10 Gaming
    CVE-2021-41379: CVE-2021-41379 vulnerability can be hacked if an unupdated computer has any internet access https://answers.microsoft.com/en-us/windows/forum/all/cve-2021-41379/ee8db398-6e99-4061-a3a0-c2dcfea656f7

  5. CVE-2021-41379

    in Windows 10 Software and Apps
    CVE-2021-41379: CVE-2021-41379 vulnerability can be hacked if an unupdated computer has any internet access https://answers.microsoft.com/en-us/windows/forum/all/cve-2021-41379/ee8db398-6e99-4061-a3a0-c2dcfea656f7

  6. Windows – CVE-2021-36934 Work around

    in AntiVirus, Firewalls and System Security
    Windows – CVE-2021-36934 Work around: Hi Everyone,I hope someone can help me.I am currently working in a Windows environment with an Active Directory server managing several servers and workstations I am looking at implementing the work around for CVE-2021-36934 HiveNightmareWhat I am unsure about is how...

  7. Vulnerability CVE-2021-36934

    in Windows 10 BSOD Crashes and Debugging
    Vulnerability CVE-2021-36934: I saw in the press that an additional vulnerability of Windows 10, known as CVE-2021-36934, can be remedied at list until a Microsoft patch is available by running as administrator Win 10 Powershell and then typing: icacls $env:windir\system32\config\*.*...

  8. PrintNightmare and CVE-2021-1675

    in Windows 10 Installation and Upgrade
    PrintNightmare and CVE-2021-1675: Does "2021-07 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems KB5004945" include the patch for CVE-2021-1675 i.e. PrintNightmare?If not, where do I find the proper update?Thank you in advance....

  9. Windows Print Spooler Remote Code Execution Vulnerability CVE-2021-34527

    in AntiVirus, Firewalls and System Security
    Windows Print Spooler Remote Code Execution Vulnerability CVE-2021-34527: Do I need to do do/patch something for Windows 10? what? how?Or will this be updated through the standard windows/security updates that install automatically...

  10. CVE-2020-1425 and CVE-2020-1457

    in Windows 10 News
    CVE-2020-1425 and CVE-2020-1457: Windows Codec Library vulnerabilities. Fixes auto-updated via Microsoft Store, not WU. https://portal.msrc.microsoft.com/en.../CVE-2020-1425 and https://portal.msrc.microsoft.com/en.../CVE-2020-1457 159755