[German]Security researchers have found vulnerabilities in nine TCP/IP stacks (according to Amnesia:33), and issued a warning. Microsoft has closed three critical vulnerabilities in the Windows TCP/IP stack as of February 9, 2021, on the occasion of February Patchday.
Advertising
I had reported on the vulnerabilities, called Amnesia:33, in the TCP/IP stack of various implementations that are preferentially used in IoT devices in the blog post Amnesia:33 – Vulnerability in TCP/IP stack put many IoT devices at risk in early December 2020.
Forescout discloses 9 new TCP/IP vulnerabilitie
The security researchers who had already published the Amnesia:33 named vulnerabilities in the TCP/IP stack of various implementations have just found nine more vulnerabilities in the TCP/IP implementations of various products. The collection was named as NUMBER:JACK and is described in more detail in the article NUMBER:JACK – FORESCOUT RESEARCH LABS FINDS NINE ISN GENERATION VULNERABILITIES AFFECTING TCP/IP. Will be a problem for the many IoT devices where firmware updates are not provided to iron out the vulnerabilities.
Microsoft patches 3 Windows TCP/IP vulnerabilities
For Patchday on Feb. 9, 2021, Microsoft patched not one but two critical vulnerabilities and one rated important vulnerability in Windows' TCP/IP implementation with security updates. Security researcher Kevin Beaumont pointed out in the following tweet that the vulnerabilities CVE-2021-24074, CVE-2021-24094 and CVE-2021-24086 were closed by updates.
Microsoft disclosed the vulnerabilities in the blog post Multiple Security Updates Affecting TCP/IP: CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086 (see also this article at Bleeping Computer). The two critical RCE vulnerabilities (CVE-2021-24074, CVE-2021-24094) are classified as complex and difficult to exploit. Microsoft believes that attackers could rather exploit the DoS vulnerability (CVE-2021-24086), which is rated as important, to create DoS exploits. Attackers could then trigger BlueScreens on the Windows system via network packets.
Advertising
To close these vulnerabilities, security updates for Windows 7 through Windows 10 20H2 and server counterparts have been available since Feb. 9, 2020 (see, for example, this Microsoft post). Microsoft recommends installing the Windows updates promptly to address these vulnerabilities as soon as possible. If applying the update quickly is not practical, the CVEs describe workarounds that do not require a server restart. These three vulnerabilities require different remediation depending on the exposure of an affected system; however, they can be considered solutions for Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6).
Similar articles:
Microsoft Office Patchday (February 2, 2021)
Microsoft Security Update Summary (February 9, 2021)
Patchday: Windows 10-Updates (February 9, 2021)
Patchday: Updates for Windows 7/Server 2008 R2 (February 9, 2021)
Patchday: Windows 8.1/Server 2012 Updates (February 9, 2021)
Patchday Microsoft Office Updates (February 9, 2021)
Advertising