Microsoft has recently released a total of 117 patches to fix 108 newly discovered security vulnerabilities and 9 Zero-day. Four are known to be actively exploited in the wild by adversaries, potentially enabling them to take control of the targeted Windows system.
The patch update aims to fix several Microsoft products, including Windows, Exchange Server, Bing, Office, Windows DNS, Visual Studio Code, Dynamics, and Scripting Engine. The Patch Tuesday release this July marks a jump in the volume of vulnerabilities that Microsoft collectively addressed.
Among the flaws, the following four are actively exploited:
- CVE-2021-34527 – a Windows Print Spooler RCE (Remote Code Execution) flaw, publicly known as PrintNightmare
- CVE-2021-34448 – a Scripting Engine Memory flaw, Microsoft have stressed the vulnerability attack can lure an unsuspecting victim to clicking a link that leads to a hacker-controlled website that contains malicious scripts to trigger the flaw
- CVE-2021-31979 and CVE-2021-33771 – both of which are Windows Kernel privilege elevation flaw
The other five Zero-day vulnerabilities are a Microsoft Exchange Server RCE flaw (CVE-2021-34473), Microsoft Exchange Server privilege elevation vulnerability (CVE-2021-34523), Windows Certificate spoofing flaw (CVE-2021-34492), Windows ADFS Security Bypass flaw (CVE-2021-33779), and Active Directory Security bypass vulnerability.
This batch of patches comes only days after Microsoft released a set of out-of-band updates to address the PrintNightmare flaw, a critical vulnerability using Windows Print Spooler service found on all versions of the Windows OS.
Even though Microsoft released the updates to fix this vulnerability, users and administrators must ensure that the necessary configuration settings are correctly set up. Operating Systems with misconfigurations are still at risk of exploitation. PrintNightmare is a severe flaw that emphasizes the importance of remediation during detection.
CISA has prompted to release an Emergency Directive last July 13 to address the threat coming from the PrintNightmare vulnerability, urging the federal government and agencies to apply the latest security patches as soon as possible and to temporarily disable the print spooler services on the servers within the network of their MS Active Directory Domain Controller servers.
Another vulnerability Microsoft rectified on this update is a security bypass flaw on Windows Hello biometrics authentication solutions under CVE-2021-34466, allowing hackers to spoof their victim’s face to get around the security login screen.
Alongside Microsoft, software patches from other vendors were recently released to address severe exploitable flaws, including Android, Adobe, Apache Tomcat, Citrix, Cisco, Linux distributions such as SUSE, Oracle Linux, and Redhat, SAP, Siemens, and VMware.