Elastic Compute Service:Vulnerability announcement | Critical Windows vulnerabilities (CVE-2021-24074 and CVE-2021-24078)

Detected vulnerabilities

• Vulnerability ID: CVE-2021-24074 and CVE-2021-24078
• Vulnerability severity: critical
• Affected versions:
  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2008 R2
  • Windows Server, version 2004 (Server Core installation)
  • Windows Server, version 1909 (Server Core installation)

Details

Microsoft released security updates for multiple critical vulnerabilities on February 10, 2021. The TCP/IP remote code execution vulnerability CVE-2021-24074 can be exploited by attackers to control the target host by creating and sending malicious IPv4 or IPv6 packets. The Windows DNS Server remote code execution vulnerability CVE-2021-24078 can be exploited by attackers to execute arbitrary code on a DNS server by creating and sending malicious DNS requests. Microsoft has also released patches for multiple other critical vulnerabilities in February. We recommend that you apply Windows security updates as soon as possible to block attacks.

Security suggestions

Apply security updates for the vulnerabilities in a timely manner.

Solutions

You can use one of the following solutions to fix the vulnerabilities:

• Go to the Microsoft official website to download the corresponding patches. For more information, visit CVE-2021-24074 and CVE-2021-24078.
• Detect and fix the vulnerabilities in the Windows system vulnerabilities module of Alibaba Cloud Security Center. For more information, log on to the Security Center console.
• Set sourceroutingbehavior to drop to mitigate risks caused by the TCP/IP remote code execution vulnerability CVE-2021-24074.

  netsh int ipv4 set global sourceroutingbehavior=drop

References

Microsoft Security Update Guide

Announcing party

Alibaba Cloud Computing Co., Ltd.