Security News > 2021 > February > Microsoft Patch Tuesday gaffe leads netizens to 'Microosft' typo-squatting domain
For its February Patch Day, Microsoft released security advisories covering 56 CVE-assigned vulnerabilities, 11 of them rated critical.
The Windows giant managed to publish a misspelled URL on the landing page for its February updates that instead of taking visitors to the intended Microsoft Security Response Center post about API changes, pointed to msrc-blog.
The Register has asked Microsoft whether this snafu - fixed after we inquired - was the result of ham-fingered typing or a web page vulnerability that allowed the link to be altered after it was posted.
Zero Day Initiative's Dustin Childs in his monthly write up advises prioritizing CVE-2021-24078, Windows DNS Server Remote Code Execution Vulnerability, if you use Microsoft DNS servers, because it's potentially wormable.
Underscoring a point made recently by Google security researcher Maddie Stone about the perils of incomplete patches, one of the updates addresses CVE-2021-21468, a second stab at fixing multiple vulnerabilities in SAP Business Warehouse patched as CVE-2021-21465 in January.
Red Hat dropped two security bulletins describing a moderate qemu-kvm-rhev security update and an important OpenShift Container Platform 4.5.31 fix.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/02/09/microsoft_patch_tuesday/
Related news
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- February's Patch Tuesday sees Microsoft offer just 63 fixes (source)
- Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance (source)
- Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- Windows Patch Tuesday hits snag with Citrix software, workarounds published (source)
- February 2025 Patch Tuesday forecast: New directions for AI development (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-25 | CVE-2021-24078 | Unspecified vulnerability in Microsoft products Windows DNS Server Remote Code Execution Vulnerability | 0.0 |
| 2021-01-12 | CVE-2021-21465 | SQL Injection vulnerability in SAP Business Warehouse The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. | 9.9 |
| 2021-01-12 | CVE-2021-21468 | Missing Authorization vulnerability in SAP Business Warehouse The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table. | 6.5 |