Security News > 2021 > February > Microsoft Patch Tuesday gaffe leads netizens to 'Microosft' typo-squatting domain
For its February Patch Day, Microsoft released security advisories covering 56 CVE-assigned vulnerabilities, 11 of them rated critical.
The Windows giant managed to publish a misspelled URL on the landing page for its February updates that instead of taking visitors to the intended Microsoft Security Response Center post about API changes, pointed to msrc-blog.
The Register has asked Microsoft whether this snafu - fixed after we inquired - was the result of ham-fingered typing or a web page vulnerability that allowed the link to be altered after it was posted.
Zero Day Initiative's Dustin Childs in his monthly write up advises prioritizing CVE-2021-24078, Windows DNS Server Remote Code Execution Vulnerability, if you use Microsoft DNS servers, because it's potentially wormable.
Underscoring a point made recently by Google security researcher Maddie Stone about the perils of incomplete patches, one of the updates addresses CVE-2021-21468, a second stab at fixing multiple vulnerabilities in SAP Business Warehouse patched as CVE-2021-21465 in January.
Red Hat dropped two security bulletins describing a moderate qemu-kvm-rhev security update and an important OpenShift Container Platform 4.5.31 fix.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/02/09/microsoft_patch_tuesday/
Related news
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft cleans up hot mess of Patch Tuesday preview (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft slips Task Manager and processor count fixes into Patch Tuesday (source)
- October 2024 Patch Tuesday forecast: Recall can be recalled (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Patch Tuesday: Internet Explorer Vulnerabilities Still Pose a Problem (source)
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- November 2024 Patch Tuesday forecast: New servers arrive early (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-25 | CVE-2021-24078 | Unspecified vulnerability in Microsoft products Windows DNS Server Remote Code Execution Vulnerability | 9.8 |
| 2021-01-12 | CVE-2021-21465 | SQL Injection vulnerability in SAP Business Warehouse The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. | 9.9 |
| 2021-01-12 | CVE-2021-21468 | Missing Authorization vulnerability in SAP Business Warehouse The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table. | 6.5 |