Security News > 2021 > February > Patch now to stop hackers blindly crashing your Windows computers

As you know, our usual advice for Patch Tuesday boils down to four words, "Patch early, patch often."
As well as the four potential RCE holes mentioned above, there's also a patch for a bug dubbed CVE-2021-1732 that is already being abused in the wild by hackers.
The situation where an attack is known before a patch comes out is known as a zero-day bug: the crooks got there first, so there were zero days on which you could have patched to be ahead of them.
It's an elevation of privilege bug in the Windows kernel itself, which means that crooks who have already broken into your computer can almost certainly abuse the flaw to give themselves almighty powers.
If you're still not convinced to patch early, patch often, you might also want to read Microsoft's special security bulletin entitled Multiple Security Updates Affecting TCP/IP. The three vulnerabilities listed in this bulletin are the uninterestingly named CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086.
DoS, of course, is short for denial of service - a type of vulnerability that's often downplayed as the "Last amongst equals" when compared to security holes such as RCE and EoP. Denial of service means exactly what it says: crooks can't take over a vulnerable service, software program or system, but they can stop it working altogether.
News URL
Related news
- SonicWall firewall exploit lets hackers hijack VPN sessions, patch now (source)
- Russian military hackers deploy malicious Windows activators in Ukraine (source)
- New Windows zero-day leaks NTLM hashes, gets unofficial patch (source)
- Update VMware Tools for Windows Now: High-Severity Flaw Lets Hackers Bypass Authentication (source)
- Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-02-25 | CVE-2021-1732 | Out-of-bounds Write vulnerability in Microsoft products Windows Win32k Elevation of Privilege Vulnerability | 0.0 |
2021-02-25 | CVE-2021-24074 | Unspecified vulnerability in Microsoft products Windows TCP/IP Remote Code Execution Vulnerability | 0.0 |
2021-02-25 | CVE-2021-24086 | Unspecified vulnerability in Microsoft products Windows TCP/IP Denial of Service Vulnerability | 0.0 |
2021-02-25 | CVE-2021-24094 | Unspecified vulnerability in Microsoft products Windows TCP/IP Remote Code Execution Vulnerability | 0.0 |