Microsoft Issues Update for Actively Exploited Windows Zero-Day Vulnerability

On September 15, 2021, Microsoft released crucial software updates as part of its monthly Patch Tuesday cycle to address 66 security vulnerabilities across Windows and other platforms, including Azure, Office, BitLocker, and Visual Studio. Among these was an actively exploited zero-day flaw in the MSHTML Platform that surfaced last week. Of the 66 vulnerabilities, three are categorized as Critical, 62 as Important, and one as Moderate. Additionally, the company has resolved 20 vulnerabilities in the Chromium-based Microsoft Edge browser earlier this month. Notably, the most critical update targets CVE-2021-40444 (CVSS score: 8.8), a remote code execution vulnerability in MSHTML that can be exploited through malicious Microsoft Office documents, with experts noting that the exploit takes advantage of logical flaws for effective exploitation.

Microsoft Issues Critical Patch for Windows Zero-Day Vulnerability

On September 15, 2021, Microsoft announced a series of crucial software updates designed to address 66 security vulnerabilities across Windows and various applications, such as Azure, Office, BitLocker, and Visual Studio. This action follows recent urgent security patches released by Apple and Google. Notably, among the vulnerabilities addressed is an actively exploited zero-day flaw in the MSHTML Platform that was disclosed last week.

Of the 66 identified vulnerabilities, three are classified as Critical, 62 are labeled Important, and one is deemed Moderate. These updates come in addition to the 20 vulnerabilities addressed in the Chromium-based Microsoft Edge browser earlier this month. The most urgent of these updates targets CVE-2021-40444, which carries a CVSS score of 8.8. This particular vulnerability enables remote code execution through malicious Microsoft Office documents, posing a significant risk to users.

The exploit associated with CVE-2021-40444 has been observed in the wild, which highlights the importance of immediate updates for affected systems. According to EXPMON researchers, the exploitation method takes advantage of logical flaws, making it particularly effective and challenging to mitigate without prompt action.

Businesses operating within the technology sector should be acutely aware of these vulnerabilities, as they represent potential entry points for adversaries seeking to compromise organizational systems. The targeted exploits raise alarms about the state of cybersecurity across various platforms, reminding business owners of the essential need for vigilance and timely software maintenance.

In this context, it is crucial to consider the tactics and techniques that adversaries may employ, as outlined by the MITRE ATT&CK framework. Potential techniques used in these attacks could include initial access through phishing campaigns or exploitation of the vulnerability itself. Persistence strategies might manifest in follow-up exploits or through command-and-control mechanisms that can maintain an ongoing presence in the target environment.

As businesses grapple with the evolving threat landscape, staying informed and responsive to vulnerabilities like the one found in the MSHTML Platform is imperative. Promptly applying security updates and adopting robust security practices can greatly reduce the risk of exploitation, thereby safeguarding sensitive data and maintaining organizational integrity in an increasingly digital world.

In conclusion, the implications of such vulnerabilities extend beyond individual users; they pose serious risks to organizational security as a whole. Business leaders must prioritize cybersecurity measures and remain abreast of the ongoing developments within the cybersecurity realm to mitigate potential threats that could disrupt their operations.

Source link

Related Posts

VMware Issues Urgent Warning About Critical File Upload Vulnerability in vCenter Server

On September 22, 2021, VMware released a bulletin detailing up to 19 vulnerabilities in vCenter Server and Cloud Foundation appliances that could be exploited by remote attackers to gain control of affected systems. The most pressing concern is an arbitrary file upload vulnerability in the Analytics service (CVE-2021-22005), which affects vCenter Server versions 6.7 and 7.0. According to VMware, “A malicious actor with network access to port 443 on vCenter Server could exploit this issue to execute code by uploading a specially crafted file.” The company emphasized that this vulnerability is accessible to anyone who can reach vCenter Server over the network, irrespective of its configuration settings. While VMware has provided temporary workarounds for this issue, they caution that these measures are intended only as a stopgap until proper updates can be deployed.

Critical Remote Code Execution Vulnerability Found in Multiple Netgear Router Models

On September 22, 2021, networking company Netgear alerted users about a critical remote code execution (RCE) vulnerability, identified as CVE-2021-40847 (CVSS score: 8.1), affecting various router models. This weakness could allow remote attackers to gain control of affected systems. Netgear has released firmware updates to address the issue for the following models:

  • R6400v2 (version 1.0.4.120)
  • R6700 (version 1.0.2.26)
  • R6700v3 (version 1.0.4.120)
  • R6900 (version 1.0.2.26)
  • R6900P (version 3.3.142_HOTFIX)
  • R7000 (version 1.0.11.128)
  • R7000P (version 1.3.3.142_HOTFIX)
  • R7850 (version 1.0.5.76)
  • R7900 (version 1.0.4.46)
  • R8000 (version 1.0.4.76)
  • RS400 (version 1.5.1.80)

Security researcher Adam Nichols from GRIMM noted that the vulnerability is linked to Circle, a third-party component integrated into the router firmware.

Critical Security Updates for Apple iOS and macOS Released to Address Actively Exploited Vulnerabilities

September 24, 2021

On Thursday, Apple launched important security updates to tackle multiple vulnerabilities in older iOS and macOS versions, which have been exploited in real-world attacks. This release also expands on previous patches for a security flaw targeted by NSO Group’s Pegasus spyware aimed at iPhone users.

Notably, CVE-2021-30869, a type confusion vulnerability within Apple’s XNU kernel, could allow malicious apps to execute arbitrary code with elevated privileges. Apple has improved state handling to mitigate this issue. Google’s Threat Analysis Group, which reported the vulnerability, noted it was being exploited alongside a remote code execution vulnerability affecting WebKit.

Additionally, Apple addressed two more vulnerabilities, CVE-2021-30858 and CVE-2021-30860, which were patched earlier this month.