Security News > 2021 > February > Microsoft Patch Tuesday gaffe leads netizens to 'Microosft' typo-squatting domain
For its February Patch Day, Microsoft released security advisories covering 56 CVE-assigned vulnerabilities, 11 of them rated critical.
The Windows giant managed to publish a misspelled URL on the landing page for its February updates that instead of taking visitors to the intended Microsoft Security Response Center post about API changes, pointed to msrc-blog.
The Register has asked Microsoft whether this snafu - fixed after we inquired - was the result of ham-fingered typing or a web page vulnerability that allowed the link to be altered after it was posted.
Zero Day Initiative's Dustin Childs in his monthly write up advises prioritizing CVE-2021-24078, Windows DNS Server Remote Code Execution Vulnerability, if you use Microsoft DNS servers, because it's potentially wormable.
Underscoring a point made recently by Google security researcher Maddie Stone about the perils of incomplete patches, one of the updates addresses CVE-2021-21468, a second stab at fixing multiple vulnerabilities in SAP Business Warehouse patched as CVE-2021-21465 in January.
Red Hat dropped two security bulletins describing a moderate qemu-kvm-rhev security update and an important OpenShift Container Platform 4.5.31 fix.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/02/09/microsoft_patch_tuesday/
Related news
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft holds last Patch Tuesday of the year with 72 gifts for admins (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- What Is Patch Tuesday? Microsoft’s Monthly Update Explained (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Microsoft says premature patch could make Windows Recall forget how to work (source)
- December 2024 Patch Tuesday forecast: The secure future initiative impact (source)
- Week in review: Veeam Service Provider Console flaws fixed, Patch Tuesday forecast (source)
- Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability (source)
- January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-25 | CVE-2021-24078 | Unspecified vulnerability in Microsoft products Windows DNS Server Remote Code Execution Vulnerability | 0.0 |
| 2021-01-12 | CVE-2021-21465 | SQL Injection vulnerability in SAP Business Warehouse The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. | 9.9 |
| 2021-01-12 | CVE-2021-21468 | Missing Authorization vulnerability in SAP Business Warehouse The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table. | 6.5 |