This month’s Microsoft Patch Tuesday updates were released yesterday, fixing a total number of 117 flaws in different Microsoft products, including Windows, Office, Bing, Windows DNS, Exchange Server, Dynamics, and Visual Studio Code. Nine of those flaws are zero-day bugs, four of which are said to have already seen exploitation in the wild with the goal to gain control of the attacked systems.
13 of the patched-out flaws are rated as Critical, another 103 have “Important” rating, and the remaining one has a “Moderate” rating. At the moment of writing, six of the vulnerabilities are known to the public.
This month’s detected and patched-out vulnerabilities of Microsoft products exceeds the collective number of security flaws addressed by the company in the previous two months (55 in May and 50 in June).
The following flaws are the ones from this month’s 117 that threat actors are already exploiting in the wild:
- CVE-2021-34527 – Windows Print Spooler flaw used for remote code execution (also known as “PrintNightmare”)
- CVE-2021-31979 – Windows Kernel Elevation of Privilege flaw
- CVE-2021-33771 – Windows Kernel Elevation of Privilege flaw
- CVE-2021-34448 – Scripting Engine Memory Corruption flaw
Microsoft warns about the high complexity of the attack that uses the last of those four flaws (CVE-2021-34448), noting that the attack starts by tricking the victim into interacting with a malicious link that lands them on a harmful website hosted by the criminal actor. The site contains a special file that triggers the CVE-2021-34448 vulnerability.
The flaws listed below are the other 5 zero-day bugs – according to the latest information, these next flaws have not yet been exploited in the wild.
- CVE-2021-34473 – Microsoft Exchange Server Remote Code Execution flaw
- CVE-2021-34523 – Microsoft Exchange Server Elevation of Privilege flaw
- CVE-2021-33781 – Active Directory Security Feature Bypass flaw
- CVE-2021-33779 – Windows ADFS Security Feature Bypass flaw
- CVE-2021-34492 – Windows Certificate Spoofing flaw
This Patch Tuesday’s release follows a recent emergency update aimed at fixing the PrintNightmare bug – a severe flaw that affects Windows Print Spooler and is present in all Windows versions. LINK
According to security researchers at Qualys, even if the update that addresses the PrintNightmare flaw is installed, users should still make sure that the configuration of their systems is optimized for security. Despite the PrintNightmare update, a misconfigured system could still be vulnerable to attacks that try to use this particularly serious bug.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also addressed the PrintNightmare vulnerability within an emergency directive that recommends that U.S. agencies and departments urgently install the latest security updates released to mitigate this flaw as well as to temporarily disable the Spooler service on their servers.
Another notable vulnerability (CVE-2021-34466) that Microsoft addressed with its latest Patch Tuesday is one that affects Windows Hello and could allow hackers to bypass the login screen of a device by spoofing the victim’s face and using it to get through the biometric authentication.
Additional serious vulnerabilities worth pointing out that were fixed with the latest Microsoft patches affect the Windows DNS Server (CVE-2021-34494) and Windows Kernel (CVE-2021-34458) and allow remote arbitrary code execution.
Regarding the latter of these flaws (CVE-2021-34458), Microsoft notes that it can enable a root input/output virtualization device to make changes in its Peripheral Component Interface Express siblings.
Windows users are advised to make sure that the latest security updates are installed in their systems by going to Start Menu > Settings > Update and Security > Windows Update, from where the updates can be installed manually.
Security Patches from other companies
A number of other companies have also recently released patches to address various newly-discovered flaws, including: