Microsoft will fix 117 vulnerabilities and four zero days during Patch Tuesday

Microsoft patched 117 vulnerabilities in Windows during Patch Tuesday. Four of them were actively attacked, the company says. Thirteen bugs received a critical score, including a remote code execution in the OS’s DNS server.

The July patch round fixes a total of 117 vulnerabilities, with thirteen receiving a Critical score and 103 an Important score. One bug gets a Moderate score. Four of the bugs, according to Microsoft, are vulnerabilities that are being exploited in the field, but as usual, the company does not provide details about the attacks themselves.

Two of the bugs allow local privilege escalation to be performed on all Windows kernels. Another zero day is used for remote code executions. Among the vulnerabilities that are not actively exploited are, among others CVE-2021-34494 op, a remote code execution for dns server in Windows.

An important patch is for PrintNightmare, a bug discovered earlier this month in the Print Spooler Service. A patch was previously released for this, but it did not close all problems. This way a local privilege escalation remained possible. The new patch also has to fix those last vulnerabilities.

The actively attacked vulnerabilities:

In addition, five bugs are being patched, the details of which were already made public, but were not actively attacked:

In addition to the standard security update, there is also a Cumulative Update, KB5004237 for Windows 10 1904.1110, 19042.1110, and 19043.1110.