VERT Threat Alert: February 2021 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s February 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-928 on Wednesday, February 10th.In-The-Wild & Disclosed CVEsCVE-2021-1732A vulnerability in Win32k that allows for privilege escalation has been exploited in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) released a note about this vulnerability under the National Cyber Awareness System.Microsoft has rated this as Exploit Detected on the latest software release on the Exploitability Index.CVE-2021-1727Microsoft has labeled this vulnerability in the Windows Installer, which could allow for privilege escalation, as Exploitation More Likely, meaning that attackers could create reliable exploit code for this vulnerability. The vulnerability has been publicly disclosed.Microsoft has rated this as Exploitation More Likely on the latest software release on the Exploitability Index.CVE-2021-1721A publicly disclosed vulnerability in .NET Core and Visual Studio could lead to a denial of service. Affected products include .NET 5.0, .NET Core 2.1 and 3.2, as well as Visual Studio 2017 and 2019. Microsoft has rated this as Exploitation Less Likely on the latest software release on the threat alert february patch tuesday analysis