Microsoft has released an XL-sized set of security patches for its products for this month’s Patch Tuesday, and other vendors are lagging behind in releasing updates.
The Windows goliath bundle for July contains 117 fixes, 13 for what are said to be critical bugs, 103 major and one moderate. Normally, we encourage you to install these updates, testing them if necessary before deployment, before criminals develop exploits for them. However, four of those holes are already mined in the wild, according to Microsoft, so it’s best to put on your skates.
Here’s a look at those four:
- CVE-2021-34527: Also known as Printnightmare, this is the remote code execution hole in the Windows print spooler for which the operating code floats around the web and is used, Redmond said. Some infosec outlets have claimed they can bypass the fix, although Microsoft has said this is not possible as long as your registry keys are certain values. Microsoft has stated that a system with this patch installed is, by default, not vulnerable to Printnightmare although it has been suggested There is a number of ways to make a box vulnerable. Check your registry keys, install the hotfix, and only allow administrators to install printer drivers. To be completely safe, completely disable the print spooler service.
- CVE-2021-34448: A maliciously crafted web page can perform remote code execution through Microsoft’s scripting engine. Exploitation in the wild has been detected and that’s about all Microsoft has said about it. The exploitation code is not said to be public. Researchers from Chinese company Qihoo 360 ATA have been credited with the discovery.
- CVE-2021-31979 and CVE-2021-33771: Privilege escalation flaws in the Windows kernel, which can be, and apparently are, exploited by malware and / or malicious users to gain administrator access. The exploitation code is not said to be public.
During this time, the exploit code would have been developed for CVE-2021-34473 (Exchange Server RCE), CVE-2021-33781 (Active Directory security feature bypass), CVE-2021-34523 (Exchange Server escalation privilege ), CVE-2021 -33779 (Windows ADFS security bypass), and CVE-2021-34492 (Windows certificate spoofing), although no one has yet been spotted abusing them in the wild.
Trend Micro’s Zero-Day Initiative has a great summary of fixes here. He rated CVE-2021-34494, an RCE in Windows DNS Server, as particularly bad and in need of patching before being exploited, and CVE-2021-34458, a Windows kernel RCE that affects virtualization host servers, in depending on the configuration.
There are also critical bugs in Windows Defender, Dynamics Business Central, Windows Media Foundation, Hyper-V, and the Windows MSHTML platform. Then there are notable fixes for HEVC Video Extensions, Microsoft Excel and SharePoint Server, Word, Power BI … the list is huge.
“This patch volume is higher than the past two months combined and comparable to the monthly totals for 2020,” said Dustin Childs of Zero-Day Initiative. “Perhaps the lowered rate seen in previous months was an aberration.”
Other vendors are taking the Patch Tuesday train with Microsoft. Adobe has released its usual batch of security updates, this month fixing 29 CVE-listed bugs for Acrobat and Reader (19 fixes in total and ten of them critical), as well as Dimension, Illustrator, Framemaker, and Adobe Bridge. .
Meanwhile, Intel has warned us to seek a firmware update from system manufacturers to fix a local privilege escalation flaw on machines primarily powered by its Xeon processors. VMware has released a few fixes – one fixing an authentication bypass flaw with ESXi and the other fixing a DLL hijacking vulnerability in ThinApp. SAP has fixed a “critical authentication-based vulnerability in SAP NetWeaver AS Java LM Configuration Assistant”.
And who could forget the July edition of Android security updates. Check your systems large and small for updates and apply as soon as you can. ®