Critical vulnerabilities in Microsoft Windows TCP/IP stack

Our advisories highlight current cyber security threats and vulnerabilities in New Zealand, and provide guidance on how to mitigate their impact.

Subscribe to our updates to be notified as soon as we publish an advisory.

12:45pm, 10 February 2021

TLP Rating: Clear

Critical vulnerabilities in Microsoft Windows TCP/IP stack

Microsoft’s February 2021 monthly security update addresses several vulnerabilities in the TCP/IP stack. Two critical vulnerabilities in particular could allow an attacker to gain Remote Code Execution (RCE) access on vulnerable Windows devices. One of the vulnerabilities affects IPv4, and the other affects IPv6.

Mitigations are available, however applying Windows' February 2021 security update is the simplest way to remediate this vulnerability.

What's happening

Systems affected

The following Windows versions are known to be affected by these vulnerabilities:

  • 7
  • 8.1
  • 10

As well as Windows Server:

  • 2008
  • 2012
  • 2016
  • 2019
  • version 1909
  • version 2004
  • version 20H2

What this means

In a blog post, the Microsoft Security Response Centre has stated the two RCE vulnerabilities are complex to exploit, so it is unlikely that they will be actively exploited in the short term. However, it is likely attackers will be able to develop Denial-of-Service exploits more quickly, so it is imperative that users apply the Windows security updates as soon as possible.

What to look for

How to tell if you're at risk

Windows devices that have not had the February 2021 security updates applied are at risk.

What to do

Prevention

Apply the February 2021 security updates as soon as possible.

Mitigation

Microsoft has detailed workarounds (see the “More Information” section for further details) for these vulnerabilities, though the workarounds could impact the functionality of your Windows devices – so applying the updates instead is recommended.

More information

Microsoft Security Response Centre has written about these vulnerabilities. External Link

If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.

Report an incident to CERT NZ External Link

For media enquiries, email our media desk at certmedia@cert.govt.nz or call on 021 854 384