Microsoft preset 74 new CVEs yesterday, which include many zero-working day vulnerabilities, a single of which is being actively exploited in the wild.
Zero-day bug CVE-2021-40449 is a Earn32k elevation of privilege vulnerability in Windows influencing Windows 7 and Server 2008 up to Windows 11 and Server 2022. It has reportedly been exploited by Chinese threat actors identified as “IronHusky.”
“Microsoft only rated the vulnerability as “important” by their severity scoring procedure, which is a fantastic example of why organizations require to concentration on vulnerability remediation centered on risk,” argued Ivanti senior director of product management, Chris Goettl.
“A risk-centered method to vulnerability administration can take into account additional true-earth indicators this sort of as acknowledged exploited, public disclosure, and usage tendencies by danger actors to superior recognize what exposures you ought to be concentrating on 1st.”
Microsoft also set three publicly disclosed (zero-day) flaws which have experienced proof-of-principle code introduced, offering attackers a head-get started in crafting exploits for them.
These are CVE-2021-41338, a security characteristic bypass vulnerability in Windows AppContainer Firewall Windows kernel elevation of privilege bug CVE-2021-41335 and Windows DNS remote code execution vulnerability CVE-2021-40469.
There was also an updated take care of for CVE-2021-33781, a security aspect bypass flaw in Azure Advert. This vulnerability was initially fixed in the July Patch Tuesday but has been up-to-date to deal with Windows 10 v1607, Server 2016 and Windows 11.
Elsewhere, Adobe updated Acrobat, Reader, Link, Reader Cellular, Commerce, Campaign Regular and ops-cli.
“The updates for Adobe Link (APSB21-91) and ops-cli (APSB21-88) include things like critical CVEs with a CVSS base score of 9.8 out of 10,” described Goettl.
“Adobe Acrobat and Reader (APSB21-104) resolves the most CVEs out of the line-up. A full of 4 CVEs, two of which are rated as Critical with CVSS scores of 7.8 had been settled in this update.”
Some sections of this write-up are sourced from: