Security News > 2021 > February > Actively Exploited Windows Kernel EoP Bug Allows Takeover

Actively Exploited Windows Kernel EoP Bug Allows Takeover
2021-02-09 22:33

"The vulnerability affects Windows 10 and corresponding server editions of the Windows OS," said Chris Goettl, senior director of product management and security at Ivanti.

"The Windows Fax Service is used by the Windows Fax and Scan application included in all versions of Microsoft Windows 7, Windows 8 and Windows 10 and some earlier versions."

"Even if you do not use Windows Fax and Scan, the Windows Fax Services is enabled by default."

The former is found in the way Windows handles iPv4 source routing; the latter is found in the way Windows handles iPv6 packet reassembly.

CVE-2021-24088 affects the Windows Local Spooler, which is an important component within the Windows operating system that stores print jobs in memory until the printer is ready to accept them.

The other publicly reported vulnerabilities this month are CVE-2021-1727, an EoP vulnerability in Windows Installer; CVE-2021-24098, a DoS vulnerability in the Windows Console Driver; CVE-2021-24106, an information-disclosure vulnerability in Windows DirectX; and CVE-2021-1721, a.NET Core and Visual Studio DoS problem.


News URL

https://threatpost.com/exploited-windows-kernel-bug-takeover/163800/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-02-25 CVE-2021-1721 Unspecified vulnerability in Microsoft products
.NET Core and Visual Studio Denial of Service Vulnerability
0.0
2021-02-25 CVE-2021-1727 Improper Privilege Management vulnerability in Microsoft products
Windows Installer Elevation of Privilege Vulnerability
0.0
2021-02-25 CVE-2021-24088 Unspecified vulnerability in Microsoft products
Windows Local Spooler Remote Code Execution Vulnerability
0.0
2021-02-25 CVE-2021-24098 Unspecified vulnerability in Microsoft products
Windows Console Driver Denial of Service Vulnerability
0.0
2021-02-25 CVE-2021-24106 Unspecified vulnerability in Microsoft products
Windows DirectX Information Disclosure Vulnerability
0.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Kernel 3 0 7 4 1 12