Colin Mc Hugo

0 %
Colin Mc Hugo
Security Engineer Manager & CEO at Quantum Infinite Solutions Group Ltd.
  • Residence:
  • County:
  • Country:
Cyber Security Incident Response
Management & Architecture of Cyber Security Teams
Solutions & Coaching
  • Cyber Security Incident Response
  • Management & Architecture of Cyber Security Teams
  • Solutions
  • Training & Coaching

Microsoft Patch Tuesday fixes 13 critical flaws, including 4 under active attack

July 23, 2021

The newest Patch Tuesday brings a brand new batch of safety updates addressing a complete of 117 vulnerabilities

The second Tuesday of the month is right here, which signifies that Microsoft has rolled out patches for safety vulnerabilities in Windows and its other products as a part of its month-to-month Patch Tuesday bundle. This month’s batch of safety updates brings fixes for no fewer than 117 safety vulnerabilities together with 4 safety loopholes which can be being actively exploited within the wild based on Microsoft.

Of the grand complete, 13 safety flaws have obtained the very best severity ranking of “important”, in the meantime 103 have been labeled as “essential”, and it’s value noting that six safety bugs are listed as publicly recognized on the time of the discharge.

The PrintNightmare zero-day, which obtained an out-of-band replace lately, is without doubt one of the 4 actively exploited safety flaws. Listed as CVE-2021-34527, the distant code execution vulnerability resides within the Home windows Print Spooler service and impacts all supported variations of the Microsoft Home windows working system. Profitable exploitation of this flaw allows distant attackers to run arbitrary code with SYSTEM privileges on the susceptible system and will enable them to utterly take over.

The subsequent actively exploited vulnerability on the listing is a distant code execution bug discovered within the scripting engine. Tracked as  CVE-2021-34448  it holds a rating of 6.8 out of 10 on the CVSS scale and is rated important. “In a web-based assault situation, an attacker might host an internet site (or leverage a compromised web site that accepts or hosts user-provided content material) that comprises a specifically crafted file that’s designed to take advantage of the vulnerability,” said the Redmond tech titan. Nonetheless, for the flaw to be exploited an attacker must dupe the person into visiting the web site, by sending them a hyperlink both through e mail or direct message after which persuade them to open the file.

The final two vulnerabilities underneath energetic assault, listed as CVE-2021-31979 and CVE-2021-33771, are a duo of elevation of privilege flaws residing within the Home windows kernel.

Safety updates have been launched for a variety of merchandise, together with Microsoft Workplace, Alternate Server, Visible Studio Code, in addition to different merchandise in Microsoft’s portfolio.

All updates can be found through this Microsoft Update Catalog for all supported variations of Home windows. Each common customers and system directors can be effectively suggested to use the patches as quickly as practicable.

Posted in SecurityTags:
Write a comment