Microsoft tackles 12 critical bugs, aspect of its July 2021 Patch Tuesday roundup, capping a ‘PrintNightmare’ month of headaches for process admins.
A few bugs beneath lively exploit have been squashed by Microsoft Tuesday, element of its July security roundup of fixes for Windows, Microsoft Office, SharePoint Server and Exchange Server. In all, Microsoft patched 116 bugs. Twelve bugs are rated critical, 103 rated significant and one particular labeled as average in severity.
Bugs underneath energetic attack consist of a critical scripting motor memory corruption (CVE-2021-34448) flaw and two additional Windows kernel elevation-of-privilege vulnerabilities (CVE-2021-31979, CVE-2021-33771), both with a severity rating of crucial.
The hundred-in addition bug fixes insert to a rough July for Microsoft, which rolled out an out-of-band resolve for a Windows print spooler remote-code-execution vulnerability (CVE-2021-34527), dubbed PrintNightmare, previously this month. The nightmare bug, to start with disclosed in April, was later found to be extra significant than originally imagined.
Community, But Not Exploited
Five of the bugs patched by Microsoft (CVE-2021-34473, CVE-2021-33781, CVE-2021-34523, CVE-2021-33779, CVE-2021-34492) have been publicly recognized, albeit not exploited. Only a person of all those bugs (CVE-2021-34473), a Microsoft Exchange Server distant code execution (RCE) vulnerability, has a severity ranking of critical, with a CVSS rating of 9.1. The bug, one of the greatest rated in conditions of relevance to repair this month, was part of Microsoft’s April Patch Tuesday roundup of fixes, according to commentary by Cisco Talos.
“This vulnerability was now patched in Microsoft’s April security update but was mistakenly not disclosed. Users who by now set up the April 2021 update are previously guarded from this vulnerability, nevertheless it is worth noting that this issue was element of a collection of zero-days in Exchange Server made use of in a wide-ranging APT attack,” wrote Talos authors Jon Munshaw and Jaeson Schultz.
Patching Priorities
The most urgent of bugs is a memory corruption vulnerability (CVE-2021-34448) in Windows Server’s scripting motor that is activated when the consumer opens a specially crafted file, possibly connected to an email or a compromised web-site.
“[This bug] is the most serious vulnerability for me. It is tasteful in its simplicity, letting an attacker get distant code execution just by having the focus on to stop by a domain,” wrote Kevin Breen, director of cyber threat analysis with Immersive Labs, in his Patch Tuesday commentary. “With destructive, yet expert looking, domains carrying valid TLS certificates a frequent attribute nowadays, seamless compromise would be a trivial issue. Victims could even be attacked by sending .js or .hta documents in qualified phishing e-mails.”
Cisco Talos advises process admin to prioritize a patch for a critical bug (CVE-2021-34464) in Microsoft’s free Defender anti-virus computer software. “This issue could allow an attacker to execute remote code on the victim equipment. However, customers do not need to choose any steps to take care of this issue, as the update will routinely install. The organization has mentioned measures in its advisory customers can just take to ensure the update is appropriately set up,” wrote Munshaw and Schultz.
Scientists have also identified three SharePoint Server bugs (CVE-2021-34520, CVE-2021-34467, CVE-2021-34468) as precedence patches. Each individual let an attacker to execute remote code on the sufferer equipment. All are rated significant. Having said that, Microsoft experiences that exploitation is “more likely” with these vulnerabilities, Talos said.
Zero Day Initiative’s Dustin Childs recommends tackling (CVE-2021-34458), a Windows kernel vulnerability. “It’s scarce to see distant code execution in a kernel bug, but this is that rare exception. This bug impacts systems hosting digital equipment with solitary root input/output virtualization (SR-IOV) units,” he wrote.
“It’s not crystal clear how common this configuration is, but considering this bug costs as a CVSS 9.9, it is not a person to disregard. If you have digital equipment in your setting, take a look at and patch quickly,” Childs added.
In similar information, Adobe’s July patch roundup, also produced Tuesday, involves fixes for its ubiquitous and cost-free PDF reader Acrobat 2020 and other software program these types of as Illustrator and Bridge. In all, Adobe patched 20 Acrobat bugs, with nine rated vital.
Test out our no cost future live and on-demand webinar events – exceptional, dynamic conversations with cybersecurity gurus and the Threatpost group.
Some parts of this article are sourced from:
threatpost.com