Critical Windows Update: Address 117 Security Flaws, Including 9 Active Zero-Days

July 14, 2021

Microsoft has released its July Patch Tuesday updates, addressing a total of 117 security vulnerabilities, among which are nine zero-day flaws—four of which are currently being exploited in the wild, potentially allowing attackers to gain control of affected systems. Out of these vulnerabilities, 13 are classified as Critical, 103 as Important, and one as Moderate in severity. Notably, six of these vulnerabilities were publicly known at the time of the update.

The updates affect a wide range of Microsoft products, including Windows, Bing, Dynamics, Exchange Server, Office, the Scripting Engine, Windows DNS, and Visual Studio Code. This month saw a significant increase in the number of vulnerabilities patched, surpassing the totals from May (55) and June (50).

Among the most critical actively exploited vulnerabilities are:

  • CVE-2021-34527 (CVSS Score: 8.8) – Windows Print Spooler Remote Code Execution…

Microsoft Addresses 117 Security Vulnerabilities in July Patch Update, Including Nine Zero-Day Flaws

Microsoft has released its July Patch Tuesday updates, addressing a total of 117 security vulnerabilities across a wide range of its products. Among these, there are nine critical zero-day flaws, four of which are reportedly under active exploitation in the wild. These vulnerabilities pose a significant risk, potentially allowing attackers to gain control over affected systems.

The severity ratings of the vulnerabilities reveal a concerning landscape—13 issues are categorized as Critical, while 103 are rated Important, with one classified as Moderate. Notably, six of these vulnerabilities were publicly known at the time of release. The affected products include essential tools and software like Windows, Bing, Dynamics, Exchange Server, Office, the Scripting Engine, Windows DNS, and Visual Studio Code.

This month’s updates represent a dramatic increase in vulnerability volume, surpassing the combined total of 105 flaws addressed in May and June. This escalation in potential security risks underscores the urgency for organizations to implement these updates promptly.

One of the most critical vulnerabilities is identified as CVE-2021-34527, which has a CVSS score of 8.8. This flaw within the Windows Print Spooler could allow for remote code execution, signifying an immediate threat to users and organizations utilizing this service. Organizations are urged to prioritize patching these vulnerabilities to safeguard their systems against potential intrusions.

The primary target of these vulnerabilities is, therefore, the wide array of businesses that utilize Microsoft products as part of their operational infrastructure. Given the global reach of Microsoft’s services, the implications of these vulnerabilities extend to organizations based in various countries, including the United States.

In terms of potential attack methodologies, the MITRE ATT&CK framework can provide context to understanding how adversaries might exploit these vulnerabilities. Techniques such as initial access, where an attacker gains a foothold in a target system, and privilege escalation, allowing elevated access to sensitive areas of the network, are likely avenues for exploitation.

Organizations must remain vigilant, ensuring that they implement the latest updates to mitigate risks associated with these vulnerabilities. By adopting a proactive approach to cybersecurity—incorporating regular updates and understanding adversarial tactics—business owners can better protect their operational environments from increasingly sophisticated threats.

As the cybersecurity landscape evolves, staying informed and proactive about potential vulnerabilities is essential for maintaining security and safeguarding sensitive data. The significant number of flaws addressed this month serves as a crucial reminder of the ongoing threats facing organizations today.

Source link

Related Posts

Apple Issues Critical Security Updates for Zero-Day Vulnerabilities Amid Active Exploits

On May 4, 2021, Apple launched urgent security updates for iOS, macOS, and watchOS to tackle three zero-day vulnerabilities and to enhance protections for a fourth flaw that may have been actively exploited. These vulnerabilities, primarily affecting WebKit—the engine behind Safari and other browsers on iOS—could allow attackers to execute arbitrary code on targeted devices. Here’s a summary of the three security issues:

  • CVE-2021-30663: An integer overflow vulnerability exploitable via crafted web content, potentially leading to code execution. This was mitigated through improved input validation.

  • CVE-2021-30665: A memory corruption issue that could be leveraged to create malicious web content, resulting in code execution. This was remedied with enhanced state management.

  • CVE-2021-30666: A buffer overflow vulnerability that might be exploited to generate malicious web content, leading to…

New Spectre Vulnerabilities in Intel and AMD CPUs Impact Billions of Devices

May 06, 2021

Since the revelation of Spectre, a serious vulnerability affecting modern processors, in January 2018, experts have warned that the issue is challenging to resolve, leading to its continued prevalence. Over three years later, researchers from the University of Virginia and the University of California, San Diego, have uncovered a new method of attack that circumvents existing Spectre defenses. This discovery places virtually all systems—including desktops, laptops, cloud servers, and smartphones—at significant risk once again. The initial disclosures of Spectre and Meltdown opened the floodgates to numerous attack variants, and the problem seems far from resolved, even as manufacturers strive to enhance security.

Critical Vulnerability Discovered in Pulse Connect Secure VPN

May 25, 2021

Ivanti, the provider of Pulse Secure VPN appliances, has issued a security advisory regarding a critical vulnerability that could enable an authenticated remote attacker to execute arbitrary code with elevated privileges. The issue, described as a “Buffer Overflow in Windows File Resource Profiles” in version 9.X, allows a remote user with permission to access SMB shares to potentially execute arbitrary code as the root user. Notably, as of version 9.1R3, this permission is disabled by default. The vulnerability, classified as CVE-2021-22908, has a CVSS score of 8.5 out of 10 and affects Pulse Connect Secure versions 9.0Rx and 9.1Rx. According to a report from the CERT Coordination Center, the vulnerability arises from the gateway’s capacity to connect to Windows file shares using various CGI endpoints that can be exploited in the attack.

Urgent Security Alert: Critical RCE Flaw Discovered in VMware vCenter Server – Immediate Patching Recommended!

May 26, 2021

VMware has issued patches to fix a severe security vulnerability in vCenter Server that could allow attackers to execute arbitrary code on the server. Identified as CVE-2021-21985 (with a CVSS score of 9.8), this vulnerability arises from insufficient input validation in the Virtual SAN (vSAN) Health Check plug-in, which is enabled by default in vCenter Server. According to VMware, “An attacker with network access to port 443 could exploit this vulnerability to run commands with unrestricted privileges on the underlying operating system hosting vCenter Server.”

VMware vCenter Server is a management tool for controlling virtual machines, ESXi hosts, and other related components from a centralized interface. The flaw impacts vCenter Server versions 6.5, 6.7, and 7.0, as well as Cloud Foundation versions 3.x and 4.x. VMware has acknowledged Ricter Z from 360 Noah Lab for reporting this critical vulnerability. The patch also addresses an authentication issue…