Although I think MS calls it Update Tuesday now, Patch Tuesday is the second Tuesday of each month. It’s the usual time when MS releases monthly updates, including security patches and fixes. This latest batch, released yesterday, includes some important stuff. These Patch Tuesday Updates include 3 critical TCP/IP fixes, according to BleepingComputer among other sources. They join MS In urging organizations to update them sooner rather than later.
Patch Tuesday Updates Include 3 Critical TCP/IP Fixes: Relevant CVEs
These vulnerabilities affect all Windows client and server versions starting at Windows 7/Server 2008 and up to present-day, current versions. The relevant CVEs are: CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086. Each one may be exploited remotely. Two of them could lead to remote code execution (RCE) attacks. The third offers a means to crash an exposed Windows PC, offering a potential denial-of-service attack vector.
All three show February 9 release dates, which also makes them zero-day exploits as well. They also pose low attack complexity, which makes them easy for malefactors to foist. All require no privileges to launch which only increases their danger levels.
Who’s Covered By Patch Tuesday Updates?
Only older versions of Windows client and server OSes need to download and install their corresponding Monthly Security Rollups (Server 2008, Server 2012, Server 2012 R2, Windows 7 SP1). Check the afore-linked Security Bulletins (shown above as CVE links) for Microsoft Catalog download links. Other client and server versions can get their updates through normal channels, including Windows Update.
Don’t delay, dear readers. These updates are better installed than not, especially for any Windows PCs directly exposed to the Internet.