fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft February 2021 Patch Tuesday Fixes 56 Flaws, 1 Zero-Day

Microsoft February 2021 Patch Tuesday Fixes 56 Flaws, 1 Zero-Day

Today is Microsoft’s February 2021 Patch Tuesday, so please be buy your Windows administrators some snacks to keep their energy up throughout the day.

With today’s update, Microsoft has fixed for 56 vulnerabilities, with eleven classified as Critical, two as Moderate, and 43 as Important.

There is also one zero-day vulnerability and six previously disclosed vulnerabilities fixed as part of the February 2021 updates.

For information about the non-security Windows updates, you can read about today’s Windows 10 KB4601315 & KB4601319 cumulative updates.

Zero-day and publicly disclosed vulnerabilities fixed

Microsoft fixed both a zero-day and numerous publicly disclosed vulnerabilities as part of the months security updates.

The actively exploited zero-day is tracked as ‘CVE-2021-1732 – Windows Win32k Elevation of Privilege Vulnerability’ and allows an attacker or malicious program to elevate their privileges to administrative privileges.

This vulnerability was discovered by researchers at DBAPPSecurity Co., Ltd.

In addition to the zero-day vulnerability, Microsoft also states that they also patched numerous publicly disclosed vulnerabilities:

  • CVE-2021-1721 – .NET Core and Visual Studio Denial of Service Vulnerability
  • CVE-2021-1727 – Windows Installer Elevation of Privilege Vulnerability
  • CVE-2021-1733 – Sysinternals PsExec Elevation of Privilege Vulnerability
  • CVE-2021-24098 – Windows Console Driver Denial of Service Vulnerability
  • CVE-2021-24106 – Windows DirectX Information Disclosure Vulnerability
  • CVE-2021-26701 – .NET Core Remote Code Execution Vulnerability

Also Read: Website Ownership Laws: Your Rights And What These Protect

Supply chain attack fix

Today, Microsoft fixed a vulnerability tracked as CVE-2021-24105 in their Azure Artifactory product that was discovered after researchers used it in a PoC attack against Microsoft’s systems.

This vulnerability allowed threat actors to create malicious public packages that have the same name as internal packages used by internal company applications. When these applications are built, they would instead pull down the malicious package rather than using their own internal one, and trigger a supply chain attack.

This attack affected numerous companies including Microsoft, Apple, PayPal, Shopify, Netflix, Tesla, Yelp, Tesla, and Uber.

More information about this vulnerability can be found in our dedicated ‘Researcher hacks Microsoft, Apple, more in novel supply chain attack‘ article.

Recent updates from other companies

Other vendors who released updates in February include:

Also Read: Computer Misuse Act Singapore: The Truth And Its Offenses

The February 2021 Patch Tuesday Security Updates

Below is the full list of resolved vulnerabilities and released advisories in the February 2021 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

TagCVE IDCVE TitleSeverity
.NET CoreCVE-2021-26701.NET Core Remote Code Execution VulnerabilityCritical
.NET CoreCVE-2021-24112.NET Core Remote Code Execution VulnerabilityCritical
.NET Core & Visual StudioCVE-2021-1721.NET Core and Visual Studio Denial of Service VulnerabilityImportant
.NET FrameworkCVE-2021-24111.NET Framework Denial of Service VulnerabilityImportant
Azure IoTCVE-2021-24087Azure IoT CLI extension Elevation of Privilege VulnerabilityImportant
Developer ToolsCVE-2021-24105Package Managers Configurations Remote Code Execution VulnerabilityImportant
Microsoft Azure Kubernetes ServiceCVE-2021-24109Microsoft Azure Kubernetes Service Elevation of Privilege VulnerabilityModerate
Microsoft DynamicsCVE-2021-24101Microsoft Dataverse Information Disclosure VulnerabilityImportant
Microsoft DynamicsCVE-2021-1724Microsoft Dynamics Business Central Cross-site Scripting VulnerabilityImportant
Microsoft Edge for AndroidCVE-2021-24100Microsoft Edge for Android Information Disclosure VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-24085Microsoft Exchange Server Spoofing VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-1730Microsoft Exchange Server Spoofing VulnerabilityImportant
Microsoft Graphics ComponentCVE-2021-24093Windows Graphics Component Remote Code Execution VulnerabilityCritical
Microsoft Office ExcelCVE-2021-24067Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-24068Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-24069Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-24070Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-24071Microsoft SharePoint Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2021-1726Microsoft SharePoint Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2021-24066Microsoft SharePoint Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-24072Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft TeamsCVE-2021-24114Microsoft Teams iOS Information Disclosure VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-24081Microsoft Windows Codecs Library Remote Code Execution VulnerabilityCritical
Microsoft Windows Codecs LibraryCVE-2021-24091Windows Camera Codec Pack Remote Code Execution VulnerabilityCritical
Role: DNS ServerCVE-2021-24078Windows DNS Server Remote Code Execution VulnerabilityCritical
Role: Hyper-VCVE-2021-24076Microsoft Windows VMSwitch Information Disclosure VulnerabilityImportant
Role: Windows Fax ServiceCVE-2021-24077Windows Fax Service Remote Code Execution VulnerabilityCritical
Role: Windows Fax ServiceCVE-2021-1722Windows Fax Service Remote Code Execution VulnerabilityCritical
Skype for BusinessCVE-2021-24073Skype for Business and Lync Spoofing VulnerabilityImportant
Skype for BusinessCVE-2021-24099Skype for Business and Lync Denial of Service VulnerabilityImportant
SysInternalsCVE-2021-1733Sysinternals PsExec Elevation of Privilege VulnerabilityImportant
System CenterCVE-2021-1728System Center Operations Manager Elevation of Privilege VulnerabilityImportant
Visual StudioCVE-2021-1639Visual Studio Code Remote Code Execution VulnerabilityImportant
Visual Studio CodeCVE-2021-26700Visual Studio Code npm-script Extension Remote Code Execution VulnerabilityImportant
Windows Address BookCVE-2021-24083Windows Address Book Remote Code Execution VulnerabilityImportant
Windows Backup EngineCVE-2021-24079Windows Backup Engine Information Disclosure VulnerabilityImportant
Windows Console DriverCVE-2021-24098Windows Console Driver Denial of Service VulnerabilityImportant
Windows DefenderCVE-2021-24092Microsoft Defender Elevation of Privilege VulnerabilityImportant
Windows DirectXCVE-2021-24106Windows DirectX Information Disclosure VulnerabilityImportant
Windows Event TracingCVE-2021-24102Windows Event Tracing Elevation of Privilege VulnerabilityImportant
Windows Event TracingCVE-2021-24103Windows Event Tracing Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2021-1727Windows Installer Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2021-24096Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2021-1732Windows Win32k Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2021-1698Windows Win32k Elevation of Privilege VulnerabilityImportant
Windows Mobile Device ManagementCVE-2021-24084Windows Mobile Device Management Information Disclosure VulnerabilityImportant
Windows Network File SystemCVE-2021-24075Windows Network File System Denial of Service VulnerabilityImportant
Windows PFX EncryptionCVE-2021-1731PFX Encryption Security Feature Bypass VulnerabilityImportant
Windows PKU2UCVE-2021-25195Windows PKU2U Elevation of Privilege VulnerabilityImportant
Windows PowerShellCVE-2021-24082Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2021-24088Windows Local Spooler Remote Code Execution VulnerabilityCritical
Windows Remote Procedure CallCVE-2021-1734Windows Remote Procedure Call Information Disclosure VulnerabilityImportant
Windows TCP/IPCVE-2021-24086Windows TCP/IP Denial of Service VulnerabilityImportant
Windows TCP/IPCVE-2021-24074Windows TCP/IP Remote Code Execution VulnerabilityCritical
Windows TCP/IPCVE-2021-24094Windows TCP/IP Remote Code Execution VulnerabilityCritical
Windows Trust Verification APICVE-2021-24080Windows Trust Verification API Denial of Service VulnerabilityModerate

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us