Microsoft has begun distributing the following safety patch as a part of the Patch Tuesday program. This time, the builders have fastened 117 vulnerabilities in varied merchandise, 4 of that are actively utilized by cybercriminals to hold out assaults. The patch fixes issues in Home windows, Change Server, Microsoft Workplace, Web Explorer, Bing, and others. On the identical time, 13 vulnerabilities are crucial, 103 had been categorized as harmful, and another is of low hazard.
The July patch contains a number of necessary fixes. Considered one of them is a repair for a vulnerability in Home windows Print Supervisor CVE-2021-34527 (PrintNightmare), which was obtainable individually at the start of the month. Exploitation of this vulnerability permits distant code execution with system privileges, which is a significant issue, particularly contemplating that cybercriminals are actively utilizing it nowadays. The July patch additionally features a repair for CVE-2021-1675, one other Home windows Print Supervisor vulnerability that was beforehand obtainable individually.
Microsoft patches 117 vulnerabilities throughout its merchandise together with Home windows
Microsoft has patched CVE-2021-34448, one other crucial vulnerability that was actively exploited by cybercriminals. Its exploitation results in reminiscence corruption of the Home windows Script Host and permits distant code execution. Whereas attacking this vulnerability is difficult, Microsoft notes that hackers are actively exploiting it. Additionally fastened two privilege escalation vulnerabilities affecting the Home windows kernel. We’re speaking about CVE-2021-31979 and CVE-2021-33771 utilized by hackers; the exploitation of which doesn’t require interplay with the sufferer.
Along with the vulnerabilities exploited by cybercriminals, the patch fixes a number of well-known issues. These embody Microsoft Change Server Distant Code Execution Important Vulnerability CVE-2021-34473, Lively Listing Safety Bypass Vulnerability CVE-2021-33781, Change Server Privilege Elevation Vulnerability CVE-2021-34523, Lively Listing Safety Bypass Vulnerability Federation Companies (ADFS) CVE-2021-33779 and Home windows Certificates Spoofing Vulnerability CVE-2021-34492.
Microsoft’s July patch fixes numerous vulnerabilities that enable distant code execution. A few of them are actively in use by hackers, whereas others haven’t but been publicly introduced. Which means customers shouldn’t hesitate to put in patches with a purpose to defend their system from potential attackers.
A few of the most attention-grabbing vulnerabilities resolved on this replace are:
- CVE-2021-31206: A Microsoft Change Server RCE discovered throughout Pwn2Own.
- CVE-2021-34448: An actively exploited scripting engine reminiscence corruption vulnerability, requiring a sufferer to actively go to a malicious web site or to click on a malicious hyperlink.
- CVE-2021-34494: A Home windows DNS Server RCE, albeit restricted to DNS servers solely.
- CVE-2021-34458: A Home windows Kernel RCE which allows a single root enter/output virtualization (SR-IOV) system, assigned to a visitor, to doubtlessly tamper with PCIe associates.