Time for a reboot: Windows 10 gets patched against two zero-days

Posted on Wednesday, Feb 10 2021 @ 10:18 CET by Thomas De Maesschalck
It's Patch Tuesday again. This month's dose of security updates from Microsoft sums up to a total of 56 vulnerabilities in products like Windows, Office, and SharePoint. Eleven of the bugs are rated as critical and there's a zero-day that's actively exploited by cybercriminals.

ARS Technica has an overview over here. The article also covers a zero-day vulnerability in Adobe's Reader software.
"The quality of this vulnerability [is] high and the exploit is sophisticated," the researchers wrote. "The use of this in-the-wild zero-day reflects the organization’s strong vulnerability reserve capability. The threat organization may have recruited members with certain strength, or buying it from vulnerability brokers."

The simultaneous patching of CVE-2021-21017 and CVE-2021-1732, their nexus to Windows, and the ability for CVE-2021-1732 to defeat an important Reader defense raise the distinct possibility that in-the-wild attacks are combining exploits for the two vulnerabilities. Neither Microsoft nor Adobe has provided details that confirm this speculation, however.
As always, users are recommended to install these updates as soon as possible.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments