It seems like the mass number of vulnerabilities slated for getting patch managed is returning to the earlier numbers. I guess we can count Patch Tuesday among those things that got out of hand during 2020. New Year, new attitude! We are looking at 56 vulnerabilities patched, and 11 of those being considered critical. One of the vulnerabilities that is not rated as critical is being actively used.
Some highlights (or lowlights)
CVE-2021-24078: This is a remote execution exploit for DNS; this particular vulnerability requires the machine to be configured as a DNS server. The good news is that the pool of machines is limited; the bad is that DNS servers are more likely to be externally facing. It allows an unauthenticated user to execute code as a privileged service account. I have to believe if we could get the information we used to get on patch Tuesday that this one would be getting a name. Hopefully, your testing environment includes a DNS server because you need to test this quickly and get it out there.
CVE-2021-26701: This exploit involves .net core and is publicly known at the time of release. It is a remote code execution vulnerability that does not require any user interaction. I have been unable to dig up much more on it, but remote execution that can run without elevation sounds like the wrong time. Even worse when it is publicly known.
CVE-2021-1732: This one does not sound that bad, but it is the one that is actively being exploited, so it is worth mentioning. It does require privileges to run but can elevate those once it has run. It also seems to be local only but able to run remotely. Without something else helping this along, or maybe some tricking of users, it seems not a huge risk. It has been used, though, so sooner rather than later would be good on the patching front.
Another Patch Tuesday in the books. While the numbers are lower, we seem to be getting an increase of already known or actively exploited issues. That seems far from ideal. Luckily the solution is the same, whether known or not... patch your crap. Just make sure you test it first.