Tripwire’s February 2021 Patch Precedence Index (PPI) brings collectively necessary vulnerabilities from Apache, VWware and Microsoft.
First on the patch precedence checklist this month is a patch for Apache Tomcat. The Apache Tomcat “Ghostcat” vulnerability, recognized as CVE-2020-1938, has been just lately added to the Metasploit Exploit Framework.
Subsequent on the checklist are patches for ESXi and vCenter. These patches resolve three points together with heap-overflow, SSRF, and distant code execution. Word that proof of idea exploit code is accessible for CVE-2021-21972.
Up subsequent on the patch precedence checklist this month are patches for Microsoft Excel. These patches resolve 4 distant code execution vulnerabilities.
Subsequent are patches that have an effect on elements of the Home windows working methods. These patches resolve over 25 vulnerabilities together with elevation of privilege, data disclosure, distant code execution, denial of service and reminiscence corruption vulnerabilities. These vulnerabilities have an effect on core Home windows, Graphics, Hyper-V, Digicam Codec, Occasion Tracing, PKU2U, TCP/IP, Fax Service, Console Driver and others.
Up subsequent is a patch that resolves a denial-of-service vulnerability for the .NET Framework.
Lastly, directors ought to deal with server-side patches for Microsoft, which resolve points in Microsoft SharePoint, Dynamics, Change, SharePoint, DNS and Skype for Enterprise and Lync. These patches resolve a number of points together with distant code execution, data disclosure, XSS, denial of service and spoofing vulnerabilities.
BULLETINCVEExploit Framework – MetasploitCVE-2020-1938VWware VMSA-2021-0002CVE-2021-21974, CVE-2021-21972, CVE-2021-21973Microsoft Workplace ExcelCVE-2021-24070, CVE-2021-24069, CVE-2021-24067, CVE-2021-24068Microsoft WindowsCVE-2020-17162,CVE-2021-1727, CVE-2021-24106,CVE-2021-24075,CVE-2021-24082,CVE-2021-24093,CVE-2021-24081,CVE-2021-24091,CVE-2021-24102,CVE-2021-24103,CVE-2021-24096,CVE-2021-1732,CVE-2021-1698, CVE-2021-24076,CVE-2021-1734, CVE-2021-24083,CVE-2021-25195,CVE-2021-24079,CVE-2021-24086,CVE-2021-24074,CVE-2021-24094,CVE-2021-24080,CVE-2021-24088,CVE-2021-24084,CVE-2021-1731, CVE-2021-24077,CVE-2021-1722, CVE-2021-24098.NET FrameworkCVE-2021-24111Microsoft DynamicsCVE-2021-24101,CVE-2021-1724Microsoft Change ServerCVE-2021-1730, CVE-2021-24085Microsoft Workplace SharePointCVE-2021-24071,CVE-2021-24066,CVE-2021-24072,CVE-2021-1726DNS ServerCVE-2021-24078Skype for BusinessCVE-2021-24099, CVE-2021-24073