A day after Apple and Google rolled out pressing safety updates, Microsoft has pushed software fixes as a part of its month-to-month Patch Tuesday launch cycle to plug 66 safety holes affecting Home windows and different parts similar to Azure, Workplace, BitLocker, and Visible Studio, together with an actively exploited zero-day in its MSHTML Platform that got here to gentle final week.
Of the 66 flaws, three are rated Crucial, 62 are rated Necessary, and one is rated Reasonable in severity. That is except for the 20 vulnerabilities within the Chromium-based Microsoft Edge browser that the corporate addressed for the reason that begin of the month.
A very powerful of the updates issues a patch for CVE-2021-40444 (CVSS rating: 8.8), an actively exploited distant code execution vulnerability in MSHTML that leverages malware-laced Microsoft Workplace paperwork, with EXPMON researchers noting “the exploit makes use of logical flaws so the exploitation is completely dependable.”
Additionally addressed is a publicly disclosed, however not actively exploited, zero-day flaw in Home windows DNS. Designated as CVE-2021-36968, the elevation of privilege vulnerability is rated 7.8 in severity.
Different flaws of be aware resolved by Microsoft contain quite a few distant code execution bugs in Open Administration Infrastructure (CVE-2021-38647), Home windows WLAN AutoConfig Service (CVE-2021-36965), Workplace (CVE-2021-38659), Visible Studio (CVE-2021-36952), and Phrase (CVE-2021-38656) in addition to a reminiscence corruption flaw in Home windows Scripting Engine (CVE-2021-26435)
What’s extra, the Home windows maker has rectified three privilege escalation flaws newly uncovered in its Print Spooler service (CVE-2021-38667, CVE-2021-38671, and CVE-2021-40447), whereas CVE-2021-36975 and CVE-2021-38639 (CVSS scores: 7.8), each of which relate to an elevation of privilege vulnerabilities in Win32k, are listed as ‘exploitation extra seemingly,’ making it crucial that customers transfer shortly to use the safety updates.
Software program Patches From Different Distributors
Apart from Microsoft, patches have additionally been launched by quite a few different distributors to handle a number of vulnerabilities, together with –