Security News > 2021 > February > Microsoft Patch Tuesday, February 2021 Edition
Microsoft today rolled out updates to plug at least 56 security holes in its Windows operating systems and other software.
Windows 10 users should note that while the operating system installs all monthly patch roll-ups in one go, that rollup does not typically include.
Windows Server users also should be aware that Microsoft this month is enforcing the second round of security improvements as part of a two-phase update to address CVE-2020-1472, a severe vulnerability that first saw active exploitation back in September 2020.
A domain controller is a server that responds to security authentication requests in a Windows environment, and a compromised domain controller can give attackers the keys to the kingdom inside a corporate network.
Microsoft's initial patch for CVE-2020-1472 fixed the flaw on Windows Server systems, but did nothing to stop unsupported or third-party devices from talking to domain controllers using the insecure Netlogon communications method.
Chrome downloads security updates automatically, but users still need to restart the browser for the updates to fully take effect.
News URL
https://krebsonsecurity.com/2021/02/microsoft-patch-tuesday-february-2021-edition/
Related news
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft cleans up hot mess of Patch Tuesday preview (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft slips Task Manager and processor count fixes into Patch Tuesday (source)
- October 2024 Patch Tuesday forecast: Recall can be recalled (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Patch Tuesday: Internet Explorer Vulnerabilities Still Pose a Problem (source)
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- November 2024 Patch Tuesday forecast: New servers arrive early (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-17 | CVE-2020-1472 | Use of Insufficiently Random Values vulnerability in multiple products An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). | 5.5 |