The Art of Defense

[ SB 21.02 ] Critical vulns in Windows TCP-Stack with DOS, RCE or wormable capabilities (CVE-2021-24074, CVE-2021-24094)

Microsoft released an advisory with critical vulns in Windows-TCP-Stack (IPv4 and IPv6)

  • Windows IPv4 TCP/IP Remote Code Execution Vulnerability CVE-2021-24074
  • Windows IPv6 TCP/IP Remote Code Execution Vulnerability CVE-2021-24094

Patches are available, Mitigations for both vuln are found in the advisories.

The following Windows versions are known to be affected by these vulnerabilities:

  • 7
  • 8.1
  • 10

As well as Windows Server:

  • 2008
  • 2012
  • 2016
  • 2019
  • version 1909
  • version 2004
  • version 20H2

References

  • Windows IPv4 TCP/IP Remote Code Execution Vulnerability CVE-2021-24074
  • Windows IPv6 TCP/IP Remote Code Execution Vulnerability CVE-2021-24094
  • cert.govt.nz Critical vulnerabilities in Microsoft Windows TCP/IP stack
  • PaloAlto Unit42: Threat Brief: Windows IPv4 and IPv6 Stack Vulnerabilities (CVE-2021-24074, CVE-2021-24086 and CVE-2021-24094)
  • ZDI: THE FEBRUARY 2021 SECURITY UPDATE REVIEW




Fragen? Kontakt: info@zero.bs
Filed: Wed 10 February 2021 | Security Bulletin | Tags: sb widnows dos rce



Main-Links

  • zeroBS Home
  • Imprint / Contact
  • AGB
  • PGP-Keys
  • Report a Bug
  • zeroBS @ Twitter
  • zeroBS @ XING

Blog

  • Blog-Index
  • Security Bulletins
  • zeroBS-News
  • DDoS-Blogs
  • Security-Blogs
  • Botnet-Blogs

OSS & Projects

  • Botnetz-Monitoring und Tracking
  • DDoS Resiliency Score
  • Spike, Naxsi Rules Builder



(c) copyright 2017-2023 zeroBS GmbH, all rights reserved
info@zero.bs