Microsoft fixes 117 vulnerabilities and four zero days on Patch Tuesday

Spread the love

Microsoft fixed 117 vulnerabilities in Windows during Patch Tuesday. Four of them were actively attacked, the company says. Thirteen bugs received a critical score, including remote code execution in the OS’s DNS server.

The July patch round will fix a total of 117 vulnerabilities, 13 of which will receive a Critical score and 103 an Important score. One bug gets a Moderate score. Four of the bugs are vulnerabilities that are exploited in practice, according to Microsoft, but as usual, the company does not provide details about the attacks themselves.

Two of the bugs allow local privilege escalation to be performed on all Windows kernels. Another zeroday is used for remote code executions . The vulnerabilities that are not actively exploited include CVE-2021-34494 , a remote code execution for dns server in Windows.

A major patch is for PrintNightmare, a bug discovered in the Print Spooler Service earlier this month . A patch had already been released for this , but it did not fix all the problems. In this way a local privilege escalation remained possible. The new patch also has to fix those last vulnerabilities.

The actively attacked vulnerabilities:

CVE-2021-34527 Remote code execution in Windows Print Spooler
CVE-2021-33771 Windows kernel privilege escalation
CVE-2021-34448 Memory corruption in Windows Scripting Engine
CVE-2021-31979 Windows kernel privilege escalation

In addition, five bugs are being patched, the details of which had already been made public, but were not actively attacked:

CVE-2021-34492 Windows Certificate Spoofing Vulnerability
CVE-2021-34523 Privilege elevation in Microsoft Exchange Server
CVE-2021-34473 Remote code execution in Microsoft Exchange Server
CVE-2021-33779 ADFS Security Bypass
CVE-2021-33781 Active Directory Security Bypass

In addition to the standard security update, there is also a Cumulative Update, KB5004237 for Windows 10 1904.1110, 19042.1110, and 19043.1110.

You might also like
Exit mobile version