Security News > 2021 > February > Actively Exploited Windows Kernel EoP Bug Allows Takeover

"The vulnerability affects Windows 10 and corresponding server editions of the Windows OS," said Chris Goettl, senior director of product management and security at Ivanti.

"The Windows Fax Service is used by the Windows Fax and Scan application included in all versions of Microsoft Windows 7, Windows 8 and Windows 10 and some earlier versions."

"Even if you do not use Windows Fax and Scan, the Windows Fax Services is enabled by default."

The former is found in the way Windows handles iPv4 source routing; the latter is found in the way Windows handles iPv6 packet reassembly.

CVE-2021-24088 affects the Windows Local Spooler, which is an important component within the Windows operating system that stores print jobs in memory until the printer is ready to accept them.

The other publicly reported vulnerabilities this month are CVE-2021-1727, an EoP vulnerability in Windows Installer; CVE-2021-24098, a DoS vulnerability in the Windows Console Driver; CVE-2021-24106, an information-disclosure vulnerability in Windows DirectX; and CVE-2021-1721, a.NET Core and Visual Studio DoS problem.

News URL

https://threatpost.com/exploited-windows-kernel-bug-takeover/163800/