Security News > 2021 > February > Microsoft Patch Tuesday gaffe leads netizens to 'Microosft' typo-squatting domain
For its February Patch Day, Microsoft released security advisories covering 56 CVE-assigned vulnerabilities, 11 of them rated critical.
The Windows giant managed to publish a misspelled URL on the landing page for its February updates that instead of taking visitors to the intended Microsoft Security Response Center post about API changes, pointed to msrc-blog.
The Register has asked Microsoft whether this snafu - fixed after we inquired - was the result of ham-fingered typing or a web page vulnerability that allowed the link to be altered after it was posted.
Zero Day Initiative's Dustin Childs in his monthly write up advises prioritizing CVE-2021-24078, Windows DNS Server Remote Code Execution Vulnerability, if you use Microsoft DNS servers, because it's potentially wormable.
Underscoring a point made recently by Google security researcher Maddie Stone about the perils of incomplete patches, one of the updates addresses CVE-2021-21468, a second stab at fixing multiple vulnerabilities in SAP Business Warehouse patched as CVE-2021-21465 in January.
Red Hat dropped two security bulletins describing a moderate qemu-kvm-rhev security update and an important OpenShift Container Platform 4.5.31 fix.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/02/09/microsoft_patch_tuesday/
Related news
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- March 2025 Patch Tuesday forecast: A return to normalcy (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Week in review: Probing activity on Palo Alto Networks GlobalProtect portals, Patch Tuesday forecast (source)
- April's Patch Tuesday leaves unlucky Windows Hello users unable to login (source)
- Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025 (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-25 | CVE-2021-24078 | Unspecified vulnerability in Microsoft products Windows DNS Server Remote Code Execution Vulnerability | 0.0 |
| 2021-01-12 | CVE-2021-21465 | SQL Injection vulnerability in SAP Business Warehouse The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. | 9.9 |
| 2021-01-12 | CVE-2021-21468 | Missing Authorization vulnerability in SAP Business Warehouse The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table. | 6.5 |