Patching Recap

Monthly Patching Recap February 2021

A severe remote code execution in VMware ESXi and multiple authentication bypasses in Cisco products kept sysadmins busy in February.

At the end of each month we take a look at our patch data to give an overview on the most important security patches that were released during the last 30 days. In February we tracked 213 patches in total.

Below is an overview on the affected software categories:

Patched Software Categories February 2021

Normally operating system vulnerabilities make the most splashy headlines but February was different. A unusually small Microsoft Patch Tuesday gave Windows admins time to catch a breath. However, other vendors quickly filled the void. For example VMware who fixed a highly critical remote code execution vulnerability in ESXi and vSphere client. To exploit the vulnerability all an attacker needs is access to port 443 on a ESXi server to gain full high-privilege code execution on the operating system. This is as bad as it gets. VMware also released a patch for a command injection vulnerability in vSphere Replication.

Cisco and F5 meanwhile issued patches addressing the Linux Sudo remote code execution flaw that was disclosed in January (Cisco advisory, F5 advisory). And as part of the usual monthly round of patches for its products Cisco also fixed two serious authentication bypass vulnerabilities: One affecting Cisco Application Services Engine and the other Cisco ACI Multi-Site Orchestrator.

And although Microsoft’s Patch Tuesday was rather small with 56 fixed vulnerabilities there were still some interesting patches. For example a fix for remote code execution flaw in Microsoft’s DNS server implementation that scored a nearly perfect 9.8 CVSS score and therefore should have been high up everybody’s patch priority list. Equally critical was a remote code execution vulnerability in the Windows TCP/IP stack. Luckily so far now exploit attempts have been reported for these two vulnerabilities.

However, this is different for the third important vulnerability fixed by Microsoft in February: A privilege escalation flaw in Win32k which is already being exploited in the wild.

Automate your patch management + get alerted about new patches

Patchdeck helps you stay on top of your patching with advanced automations, instant patch alerts, customizable notifications, API and more. Check out our cool features!