Colin Mc Hugo

0 %
Colin Mc Hugo
Security Engineer Manager & CEO at Quantum Infinite Solutions Group Ltd.
  • Residence:
    Dublin
  • County:
    Dublin
  • Country:
    Ireland
Cyber Security Incident Response
Management & Architecture of Cyber Security Teams
Solutions & Coaching
  • Cyber Security Incident Response
  • Management & Architecture of Cyber Security Teams
  • Solutions
  • Training & Coaching

Microsoft Releases Windows Updates to Patch Actively Exploited Vulnerability

August 11, 2021

Microsoft on Tuesday rolled out security updates to handle a complete of 44 safety points affecting its software program services and products, one in every of which it says is an actively exploited zero-day within the wild.

The replace, which is the smallest launch since December 2019, squashes seven Important and 37 Essential bugs in Home windows, .NET Core & Visible Studio, Azure, Microsoft Graphics Part, Microsoft Workplace, Microsoft Scripting Engine, Microsoft Home windows Codecs Library, Distant Desktop Consumer, amongst others. That is along with seven security flaws it patched within the Microsoft Edge browser on August 5.

Chief among the many patched points is CVE-2021-36948 (CVSS rating: 7.8), an elevation of privilege flaw affecting Home windows Replace Medic Service — a service that permits remediation and safety of Home windows Replace elements — which might be abused to run malicious applications with escalated permissions.

Stack Overflow Teams

Microsoft’s Risk Intelligence Heart has been credited with reporting the flaw, though the corporate kept away from sharing extra specifics or element on how widespread these assaults had been in gentle of energetic exploitation makes an attempt.

Two of the safety vulnerabilities are publicly recognized on the time of launch –

  • CVE-2021-36942 (CVSS rating: 9.8) – Home windows LSA Spoofing Vulnerability
  • CVE-2021-36936 (CVSS rating: 8.8) – Home windows Print Spooler Distant Code Execution Vulnerability

Whereas CVE-2021-36942 comprises fixes to safe techniques towards NTLM relay assaults like PetitPotam by blocking the LSARPC interface, CVE-2021-36936 resolves one more distant code execution flaw within the Home windows Print Spooler element.

“An unauthenticated attacker might name a way on the LSARPC interface and coerce the area controller to authenticate towards one other server utilizing NTLM,” Microsoft stated in its advisory for CVE-2021-36942; including the “safety replace blocks the affected API calls OpenEncryptedFileRawA and OpenEncryptedFileRawW via LSARPC interface.”

CVE-2021-36936 can also be one among the many three flaws within the Print Spooler service that Microsoft has mounted this month, with the 2 different vulnerabilities being CVE-2021-36947 and (CVSS rating: 8.2) and CVE-2021-34483 (CVSS rating: 7.8), the latter of which issues an elevation of privilege vulnerability.

As well as, Microsoft has launched security updates to resolve a beforehand disclosed distant code execution within the Print Spooler service tracked as CVE-2021-34481 (CVSS rating: 8.8). This adjustments the default conduct of the “Point and Print” characteristic, successfully stopping non-administrator customers from putting in or updating new and current printer drivers utilizing drivers from a distant pc or server with out first elevating themselves to an administrator.

One other essential flaw remediated as a part of Patch Tuesday updates is CVE-2021-26424 (CVSS rating: 9.9), a distant code execution vulnerability in Home windows TCP/IP, which Microsoft notes “is remotely triggerable by a malicious Hyper-V visitor sending an ipv6 ping to the Hyper-V host. An attacker might ship a specifically crafted TCP/IP packet to its host using the TCP/IP Protocol Stack (tcpip.sys) to course of packets.”

Prevent Ransomware Attacks

To put in the newest safety updates, Home windows customers can head to Begin > Settings > Replace & Safety > Home windows Replace or by choosing Examine for Home windows updates.

Software program Patches From Different Distributors

Moreover Microsoft, patches have additionally been launched by various different distributors to handle a number of vulnerabilities, together with –

Posted in SecurityTags:
Write a comment