Microsoft Patch Tuesday, February 2021 Edition

Microsoft today rolled out updates to plug at least 56 security holes in its Windows operating systems and other software. Nine of the 56 vulnerabilities earned Microsoft’s most urgent “critical” rating, meaning malware or miscreants could use them to seize remote control over unpatched systems with little or no help from users. Yes, good people of the Windows world, it’s time once again to use XEOX!

Get back full control on windows update by using XEOX Job Editor.

automated updates

The February 2021 Patch Tuesday Security Updates

Security Updates are available for the following software:

  • .NET Core
  • .NET Framework
  • Azure IoT
  • Developer Tools
  • Microsoft Azure Kubernetes Service
  • Microsoft Dynamics
  • Microsoft Edge for Android
  • Microsoft Exchange Server
  • Microsoft Graphics Component
  • Microsoft Office Excel
  • Microsoft Office SharePoint
  • Microsoft Windows Codecs Library
  • Role: DNS Server
  • Role: Hyper-V
  • Role: Windows Fax Service
  • Skype for Business
  • SysInternals
  • System Center
  • Visual Studio
  • Windows Address Book
  • Windows Backup Engine
  • Windows Console Driver
  • Windows Defender
  • Windows DirectX
  • Windows Event Tracing
  • Windows Installer
  • Windows Kernel
  • Windows Mobile Device Management
  • Windows Network File System
  • Windows PFX Encryption
  • Windows PKU2U
  • Windows PowerShell
  • Windows Print Spooler Components
  • Windows Remote Procedure Call
  • Windows TCP/IP
  • Windows Trust Verification API

Information about the updates:

  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  • Microsoft is improving Windows Release Notes. For more information, please see What’s next for Windows release notes.
  • A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
  • Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
TagCVE IDCVE Title
.NET CoreCVE-2021-26701.NET Core Remote Code Execution Vulnerability
.NET CoreCVE-2021-24112.NET Core Remote Code Execution Vulnerability
.NET Core & Visual StudioCVE-2021-1721.NET Core and Visual Studio Denial of Service Vulnerability
.NET FrameworkCVE-2021-24111.NET Framework Denial of Service Vulnerability
Azure IoTCVE-2021-24087Azure IoT CLI extension Elevation of Privilege Vulnerability
Developer ToolsCVE-2021-24105Package Managers Configurations Remote Code Execution Vulnerability
Microsoft Azure Kubernetes ServiceCVE-2021-24109Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
Microsoft DynamicsCVE-2021-24101Microsoft Dataverse Information Disclosure Vulnerability
Microsoft DynamicsCVE-2021-1724Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
Microsoft Edge for AndroidCVE-2021-24100Microsoft Edge for Android Information Disclosure Vulnerability
Microsoft Exchange ServerCVE-2021-24085Microsoft Exchange Server Spoofing Vulnerability
Microsoft Exchange ServerCVE-2021-1730Microsoft Exchange Server Spoofing Vulnerability
Microsoft Graphics ComponentCVE-2021-24093Windows Graphics Component Remote Code Execution Vulnerability
Microsoft Office ExcelCVE-2021-24067Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office ExcelCVE-2021-24068Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office ExcelCVE-2021-24069Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office ExcelCVE-2021-24070Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office SharePointCVE-2021-24071Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePointCVE-2021-1726Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePointCVE-2021-24066Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePointCVE-2021-24072Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft TeamsCVE-2021-24114Microsoft Teams iOS Information Disclosure Vulnerability
Microsoft Windows Codecs LibraryCVE-2021-24081Microsoft Windows Codecs Library Remote Code Execution Vulnerability
Microsoft Windows Codecs LibraryCVE-2021-24091Windows Camera Codec Pack Remote Code Execution Vulnerability
Role: DNS ServerCVE-2021-24078Windows DNS Server Remote Code Execution Vulnerability
Role: Hyper-VCVE-2021-24076Microsoft Windows VMSwitch Information Disclosure Vulnerability
Role: Windows Fax ServiceCVE-2021-24077Windows Fax Service Remote Code Execution Vulnerability
Role: Windows Fax ServiceCVE-2021-1722Windows Fax Service Remote Code Execution Vulnerability
Skype for BusinessCVE-2021-24073Skype for Business and Lync Spoofing Vulnerability
Skype for BusinessCVE-2021-24099Skype for Business and Lync Denial of Service Vulnerability
SysInternalsCVE-2021-1733Sysinternals PsExec Elevation of Privilege Vulnerability
System CenterCVE-2021-1728System Center Operations Manager Elevation of Privilege Vulnerability
Visual StudioCVE-2021-1639Visual Studio Code Remote Code Execution Vulnerability
Visual Studio CodeCVE-2021-26700Visual Studio Code npm-script Extension Remote Code Execution Vulnerability
Windows Address BookCVE-2021-24083Windows Address Book Remote Code Execution Vulnerability
Windows Backup EngineCVE-2021-24079Windows Backup Engine Information Disclosure Vulnerability
Windows Console DriverCVE-2021-24098Windows Console Driver Denial of Service Vulnerability
Windows DefenderCVE-2021-24092Microsoft Defender Elevation of Privilege Vulnerability
Windows DirectXCVE-2021-24106Windows DirectX Information Disclosure Vulnerability
Windows Event TracingCVE-2021-24102Windows Event Tracing Elevation of Privilege Vulnerability
Windows Event TracingCVE-2021-24103Windows Event Tracing Elevation of Privilege Vulnerability
Windows InstallerCVE-2021-1727Windows Installer Elevation of Privilege Vulnerability
Windows KernelCVE-2021-24096Windows Kernel Elevation of Privilege Vulnerability
Windows KernelCVE-2021-1732Windows Win32k Elevation of Privilege Vulnerability
Windows KernelCVE-2021-1698Windows Win32k Elevation of Privilege Vulnerability
Windows Mobile Device ManagementCVE-2021-24084Windows Mobile Device Management Information Disclosure Vulnerability
Windows Network File SystemCVE-2021-24075Windows Network File System Denial of Service Vulnerability
Windows PFX EncryptionCVE-2021-1731PFX Encryption Security Feature Bypass Vulnerability
Windows PKU2UCVE-2021-25195Windows PKU2U Elevation of Privilege Vulnerability
Windows PowerShellCVE-2021-24082Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability
Windows Print Spooler ComponentsCVE-2021-24088Windows Local Spooler Remote Code Execution Vulnerability
Windows Remote Procedure CallCVE-2021-1734Windows Remote Procedure Call Information Disclosure Vulnerability
Windows TCP/IPCVE-2021-24086Windows TCP/IP Denial of Service Vulnerability
Windows TCP/IPCVE-2021-24074Windows TCP/IP Remote Code Execution Vulnerability
Windows TCP/IPCVE-2021-24094Windows TCP/IP Remote Code Execution Vulnerability
Windows Trust Verification APICVE-2021-24080Windows Trust Verification API Denial of Service Vulnerability

The following KBs contain information about known issues with the security updates.

KB ArticleApplies To
4493194SharePoint Server 2019
4493195SharePoint Enterprise Server 2016
4493210SharePoint Foundation 2013
4493223SharePoint Foundation 2010
4571787Exchange Server 2019
4600944Security and Quality Rollup for .NET Framework 4.8 for Windows 7 SP1 and Windows Server 2008 R2 SP1
4600945Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 SP1 and Windows Server 2008 R2 SP1 and Windows Server 2008 SP2
4600957Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012
4601048Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1, RT 8.1, and Windows Server 2012 R2
4601050Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 2004, Windows Server, version 2004, Windows 10, version 20H2, and Windows Server, version 20H2
4601051Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server, version 2016
4601052Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703
4601054Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1803
4601055Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 1809 and Windows Server, version 2019
4601056Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 1909, and Windows Server, version 1909
4601057Security and Quality Rollup for .NET Framework 4.8 for Windows Server 2012
4601058Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1, RT 8.1, and Windows Server 2012 R2
4601060Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10, version 1809 and Windows Server, version 2019
4601315Windows 10, Version 1909, Windows Server, Version 1909
4601318Windows 10, Version 1607, Windows Server 2016
4601319Windows 10, version 2004
4601345Windows 10, Version 1809, Windows Server 2019
4601347Windows 7, Windows Server 2008 R2 (Monthly Rollup)
4601348Windows Server 2012 (Monthly Rollup)
4601349Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Security-only update)
4601357Windows Server 2012 (Security-only update)
4601360Windows Server 2008 (Monthly Rollup)
4601363Windows 7, Windows Server 2008 R2 (Security-only update)
4601366Windows Server 2008 (Security-only update)
4601384Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Monthly Rollup)
4601887Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10, version 1809 and Windows Server, version 2019
4602269Exchange Server 2019, Exchange Server 2016
4603002Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1 and Windows Server 2008 R2 SP1
4603003Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012
4603004Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1, RT 8.1, and Windows Server 2012 R2
4603005Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008 SP2

More Information:

https://krebsonsecurity.com/2021/02/microsoft-patch-tuesday-february-2021-edition/
https://www.zdnet.com/article/microsoft-february-2021-patch-tuesday-fixes-56-bugs-including-windows-zero-day/
https://msrc.microsoft.com/update-guide/releaseNote/2021-Feb
https://wuinstall.com/index.php/blog-list/item/24-how-to-force-windows-2004-feature-upgrade-os-build-19041-to-install-using-the-command-line.html
https://windowsreport.com/windows-10-patch-tuesday-update-history/