Colin Mc Hugo

0 %
Colin Mc Hugo
Security Engineer Manager & CEO at Quantum Infinite Solutions Group Ltd.
  • Residence:
  • County:
  • Country:
Cyber Security Incident Response
Management & Architecture of Cyber Security Teams
Solutions & Coaching
  • Cyber Security Incident Response
  • Management & Architecture of Cyber Security Teams
  • Solutions
  • Training & Coaching

Microsoft Releases Patch for Actively Exploited Windows Zero-Day Vulnerability

September 15, 2021

A day after Apple and Google rolled out pressing safety updates, Microsoft has pushed software fixes as a part of its month-to-month Patch Tuesday launch cycle to plug 66 safety holes affecting Home windows and different parts reminiscent of Azure, Workplace, BitLocker, and Visible Studio, together with an actively exploited zero-day in its MSHTML Platform that got here to gentle final week.

Of the 66 flaws, three are rated Crucial, 62 are rated Necessary, and one is rated Average in severity. That is apart from the 20 vulnerabilities within the Chromium-based Microsoft Edge browser that the corporate addressed for the reason that begin of the month.

Crucial of the updates considerations a patch for CVE-2021-40444 (CVSS rating: 8.8), an actively exploited distant code execution vulnerability in MSHTML that leverages malware-laced Microsoft Workplace paperwork, with EXPMON researchers noting “the exploit makes use of logical flaws so the exploitation is completely dependable.”

Additionally addressed is a publicly disclosed, however not actively exploited, zero-day flaw in Home windows DNS. Designated as CVE-2021-36968, the elevation of privilege vulnerability is rated 7.8 in severity.

Different flaws of word resolved by Microsoft contain a variety of distant code execution bugs in Open Administration Infrastructure (CVE-2021-38647), Home windows WLAN AutoConfig Service (CVE-2021-36965), Workplace (CVE-2021-38659), Visible Studio (CVE-2021-36952), and Phrase (CVE-2021-38656) in addition to a reminiscence corruption flaw in Home windows Scripting Engine (CVE-2021-26435)

What’s extra, the Home windows maker has rectified three privilege escalation flaws newly uncovered in its Print Spooler service (CVE-2021-38667, CVE-2021-38671, and CVE-2021-40447), whereas CVE-2021-36975 and CVE-2021-38639 (CVSS scores: 7.8), each of which relate to an elevation of privilege vulnerabilities in Win32k, are listed as ‘exploitation extra possible,’ making it crucial that customers transfer shortly to use the safety updates.

Software program Patches From Different Distributors

Moreover Microsoft, patches have additionally been launched by a variety of different distributors to handle a number of vulnerabilities, together with –

Posted in SecurityTags:
Write a comment