Security News > 2021 > February > Microsoft Patch Tuesday gaffe leads netizens to 'Microosft' typo-squatting domain
For its February Patch Day, Microsoft released security advisories covering 56 CVE-assigned vulnerabilities, 11 of them rated critical.
The Windows giant managed to publish a misspelled URL on the landing page for its February updates that instead of taking visitors to the intended Microsoft Security Response Center post about API changes, pointed to msrc-blog.
The Register has asked Microsoft whether this snafu - fixed after we inquired - was the result of ham-fingered typing or a web page vulnerability that allowed the link to be altered after it was posted.
Zero Day Initiative's Dustin Childs in his monthly write up advises prioritizing CVE-2021-24078, Windows DNS Server Remote Code Execution Vulnerability, if you use Microsoft DNS servers, because it's potentially wormable.
Underscoring a point made recently by Google security researcher Maddie Stone about the perils of incomplete patches, one of the updates addresses CVE-2021-21468, a second stab at fixing multiple vulnerabilities in SAP Business Warehouse patched as CVE-2021-21465 in January.
Red Hat dropped two security bulletins describing a moderate qemu-kvm-rhev security update and an important OpenShift Container Platform 4.5.31 fix.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/02/09/microsoft_patch_tuesday/
Related news
- Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited (source)
- Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws (source)
- Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities (source)
- Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day (source)
- August 2024 Patch Tuesday forecast: Looking for a calm August release (source)
- Microsoft discloses Office zero-day, still working on a patch (source)
- Week in review: Tips for starting your cybersecurity career, Patch Tuesday forecast (source)
- September 2024 Patch Tuesday forecast: Downgrade is the new exploit (source)
- Week in review: Vulnerability allows Yubico security keys cloning, Patch Tuesday forecast (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-25 | CVE-2021-24078 | Unspecified vulnerability in Microsoft products Windows DNS Server Remote Code Execution Vulnerability | 9.8 |
| 2021-01-12 | CVE-2021-21465 | SQL Injection vulnerability in SAP Business Warehouse The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. | 6.5 |
| 2021-01-12 | CVE-2021-21468 | Missing Authorization vulnerability in SAP Business Warehouse The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table. | 6.5 |