February 9, 2021

February Patch Tuesday is upon us! Top priorities this month are some Zero Days from both Microsoft and Adobe Adobe that need immediate attention. Microsoft has fixed 18 1 1 0 56 new and re-released 2 vulnerabilities (CVEs) across Bulletin Critical Important the Windows Operating System, Office, .Net Framework, New Bulletins a host of OS components and system tools and Microsoft 17 11 6 development tools. Adobe has also released a priority 1 12 Bulletins Critical Important update for Adobe Acrobat and Reader resolving 23 CVEs, one of which is actively exploited (Zero Day). Critical

Affected CVE Vendor Ivanti Threat Disclosures Bulletins Products Count Impact Severity Priority Risk and Exploits

Adobe Adobe Acrobat and Remote Code Exploited: APSB21-09 Critical Reader 23 Execution 1 CVE-2021-21017

Microsoft Exchange Server MS21-02-EXCH Spoofing Important 2016 and 2019 2 2

Server 2008 and IE 9 Remote Code Publicly Disclosed: MS21-02-MR2K8-ESU Critical - Extended Security 12 Execution 1 CVE-2021-1727

Server 2008 R2 + IE - Remote Code Publicly Disclosed: MS21-02-MR2K8R2-ESU Critical Extended Security 14 Execution 1 CVE-2021-1727

Windows 7 + IE - Remote Code Publicly Disclosed: MS21-02-MR7-ESU Critical Extended Secuity 14 Execution 1 CVE-2021-1727

Remote Code Publicly Disclosed: MS21-02-MR8 Server 2012 and IE Critical 16 Execution 1 CVE-2021-1727

Windows 8.1, Server Remote Code Publicly Disclosed: MS21-02-MR81 Critical 2012 R2 and IE 16 Execution 1 CVE-2021-1727

.NET Framework Remote Code MS21-02-MRNET Important 4.6-4.8 1 Execution 2

Excel 2010-2016, Office 2019 for Denial of MS21-02-OFF macOS, Office Online Important 4 Service 2 Server, Office Web Apps 2010-2013

Microsoft 365 Apps, Remote Code MS21-02-O365 Important Office 2019 3 Execution 2

Server 2008 - Extend- Remote Code Publicly Disclosed: MS21-02-SO2K8-ESU Critical ed Security 12 Execution 1 CVE-2021-1727

Server 2008 R2 - Remote Code Publicly Disclosed: MS21-02-SO2K8R2-ESU Critical Extended Security 14 Execution 1 CVE-2021-1727

Windows 7 - Extended Remote Code Publicly Disclosed: MS21-02-SO7-ESU Critical Secuity 14 Execution 1 CVE-2021-1727

Remote Code Publicly Disclosed: MS21-02-SO8 Server 2012 Critical 16 Execution 1 CVE-2021-1727

Windows 8.1 and Remote Code Publicly Disclosed: MS21-02-SO81 Critical Server 2012 R2 16 Execution 1 CVE-2021-1727

.NET Framework Denial of MS21-02-SONET Important 4.6-4.8 1 Service 2

Sharepoint Server Remote Code MS21-02-SPT Important 2010 SP2 - 2019 4 Execution 2

Known Exploited: CVE-2021-1732 Windows 10, Server Remote Code Publicly Disclosed: MS21-02-W10 2016, Server 2019, IE Critical 28 Execution 1 CVE-2021-1727, 11, and HTML Edge CVE-2021-24098, CVE-2021-24106

For more information visit: ivanti.com/patch-tuesday