Microsoft releases patches for 44 vulnerabilities, including three 0-days

patches for 44 Microsoft vulnerabilities

As part of Patch Tuesday this week, Microsoft released patches for 44 vulnerabilities (51 including bugs in Microsoft Edge), seven of which were classified as critical, three were 0-day, and one was already under attack.

Patches released this month: .NET Core and Visual Studio, ASP.NET Core and Visual Studio, Azure, Windows Update, Windows Print Spooler Components, Windows Media, Windows Defender, Remote Desktop Client, Microsoft Dynamics, Microsoft Edge, Microsoft Office, Microsoft Office Word, Microsoft Office SharePoint and so on.

Of the 44 vulnerabilities, 13 were related to remote code execution, eight were related to information disclosure, two were related to denial of service, and another four were related to various spoofing.Microsoft tells.

This month, Microsoft released updates for two zero-day vulnerabilities that were previously reported. The first of these is the PrintNightmare problem, which we have written about more than once. This vulnerability allows an attacker to gain System-level privileges simply by connecting to a remote print server under their control.

Microsoft is now confident that it has finally fixed this problem by improving new variations. In addition, users now need administrator rights to install Point and Print drivers.

The second fixed 0-day vulnerability is PetitPotam, which uses the MS-EFSRPC API to force remote Windows servers to authenticate an attacker and share NTLM authentication data or authentication certificates with him.

Another zero-day vulnerability, which, according to the company, is already exploited by hackers, is CVE-2021-36948 (7.8 on the CVSS scale). The issue is local privilege escalation in Windows Update Medic. Who exactly and how exploited this bug has not yet been reported.

Also, a critical bug with a rating of 9.9 on the CVSS scale (affecting Windows 7-10, Windows Server 2008-2019) cannot be ignored, as this vulnerability is associated with Windows TCP / IP and leads to remote code execution (CVE-2021-26424 ); and also the problem of remote code execution in the Remote Desktop Client (CVE-2021-34535), which scored 8.8 points on the CVSS scale.

Let me remind you that last month Microsoft patched 117 vulnerabilities, including 9 zero-day vulnerabilities.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *