Microsoft on Tuesday rolled out its scheduled monthly security update with patches for 55 safety flaws affecting Home windows, Alternate Server, Web Explorer, Workplace, Hyper-V, Visible Studio, and Skype for Enterprise.

Of those 55 bugs, 4 are rated as Crucial, 50 are rated as Vital, and one is listed as Reasonable in severity. Three of the vulnerabilities are publicly identified, though, in contrast to last month, none of them are beneath energetic exploitation on the time of launch.

password auditor

Essentially the most crucial of the issues addressed is CVE-2021-31166, a wormable distant code execution vulnerability within the HTTP protocol stack. The problem, which may permit an unauthenticated attacker to ship a specifically crafted packet to a focused server, is rated 9.8 out of a most of 10 on the CVSS scale.

One other vulnerability of notice is a distant code execution flaw in Hyper-V (CVE-2021-28476), which also scores the very best severity amongst all flaws patched this month with a CVSS ranking of 9.9.

“This challenge permits a visitor VM to pressure the Hyper-V host’s kernel to learn from an arbitrary, probably invalid deal with,” Microsoft mentioned in its advisory. “The contents of the deal with learn wouldn’t be returned to the visitor VM. In most circumstances, this could lead to a denial of service of the Hyper-V host (bugcheck) resulting from studying an unmapped deal with.”

“It’s potential to learn from a reminiscence mapped gadget register similar to a {hardware} gadget hooked up to the Hyper-V host which can set off further, {hardware} gadget particular uncomfortable side effects that would compromise the Hyper-V host’s safety,” the Home windows maker famous.

As well as, the Patch Tuesday replace addresses a scripting engine reminiscence corruption flaw in Web Explorer (CVE-2021-26419) and 4 weaknesses in Microsoft Alternate Server, marking the third consecutive month Microsoft has shipped fixes for the product since ProxyLogon exploits got here to mild in March —

  • CVE-2021-31207 (CVSS rating: 6.6) – Safety Characteristic Bypass Vulnerability (publicly identified)
  • CVE-2021-31195 (CVSS rating: 6.5) – Distant Code Execution Vulnerability
  • CVE-2021-31198 (CVSS rating: 7.8) – Distant Code Execution Vulnerability
  • CVE-2021-31209 (CVSS rating: 6.5) – Spoofing Vulnerability

Whereas CVE-2021-31207 and CVE-2021-31209 have been demonstrated on the 2021 Pwn2Own contest, Orange Tsai from DEVCORE, who disclosed the ProxyLogon Alternate Server vulnerability, is credited with reporting CVE-2021-31195.

Elsewhere, the replace addresses a slew of privilege escalation bugs in Home windows Container Supervisor Service, an info disclosure vulnerability in Home windows Wi-fi Networking, and a number of other distant code execution flaws in Microsoft Workplace, Microsoft SharePoint Server, Skype for Enterprise, and Lync, Visible Studio, and Home windows Media Basis Core.

To put in the most recent safety updates, Home windows customers can head to Begin > Settings > Replace & Safety > Home windows Replace, or by choosing Examine for Home windows updates.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.