Summary
This month Microsoft released patches for multiple serious vulnerabilities in the Windows TCP/IP network stack (including CVE-2021-24074, CVE-2021-24094)[1,2]. These vulnerabilities can allow for remote code execution. Additionally, Microsoft appears to have released patches for Windows 7 and Windows Server 2008 which are officially no longer supported.
Impact
Current Mitigations
- Windows servers managed by the Windows Team will be patched by that team.
- Berkeley Desktop systems running Windows 8.1 and above will automatically be updated and prompt users for a reboot.
- Systems using BigFix for patch management on Windows 8.1 and above are being patched automatically and the patch will be implimented over the next couple of days.
Vulnerable
-
Microsoft Windows 7 and above
-
Microsoft Windows Server 2008 and above
Recommendations
-
If you can patch the vulnerability, please do so.
-
If you are running Windows 7 or Windows Server 2008 confirm that the proper patches are downloaded and applied. [3,4]
-
If prompted for a reboot because of patches, please do so at the earliest opportune time.
-
If immediate patching is not an option see the Workarounds for each of these issues. [5,6]
-
Notify security@berkeley.edu if you anticipate any delays.
References
[1] https://patchtuesdaydashboard.com/
[2] https://msrc-blog.microsoft.com/2021/02/09/multiple-security-updates-affecting-tcp-ip/
[3] https://www.catalog.update.microsoft.com/Search.aspx?q=KB4601363
[4] https://www.catalog.update.microsoft.com/Search.aspx?q=KB4601366
[5] https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24074
[6] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24094