Microsoft Windows TCP/IP Vulnerabilities February 2021 | Daisy Corporate Services

Microsoft Windows TCP/IP Vulnerabilities February 2021

11th February 2021

DCS Security Advisory – Microsoft Windows TCP/IP Vulnerabilities February 2021

 

Februarys “Patch Tuesday” fixes multiple high severity vulnerabilities, of the 56 vulnerabilities patched 11 have been rated by Microsoft as “critical”.

 

Regarding the Windows TCP/IP Vulnerabilities, CVE-2021-24074, CVE-2021-24086 and CVE-2021-24094, Microsoft have stated, “It is important that affected systems are patched as quickly as possible because of the elevated risk associated with these vulnerabilities”.

 

Applying these patches before attackers learn how to turn these vulnerabilities into exploits is key to protecting systems. Patching priority should be given to any system that is directly exposed to the internet, or services requests from a public network.

 

Additionally Microsoft have advised on other mitigations applicable where patching is not possible or practicable. This would be required on, say, End of Life devices, where Extended Support is not purchased.

 

Please read Microsoft’s documentation regarding these fixes and mitigations to understand how they might affect your network and applications.

 

DCS are working to rapidly patch all affected DCS managed devices, and will only apply mitigations where deemed absolutely necessary following consultation with the systems owner.

 

Our dedicated cyber security team are continuing to assess the situation as it evolves to ensure we continue to maintain a secure environment for all of our customers.

At the time of this notification there are no known reports of active exploitation.

 

You can read Microsoft’s official statement on this here:

https://msrc-blog.microsoft.com/2021/02/09/multiple-security-updates-affecting-tcp-ip/