Immediately after Microsoft assigned an “important” score to a zero-day getting exploited in the wild as element of this month’s Patch Tuesday, security experts are urging security groups to prioritize updates based mostly on risk somewhat than vendor severity scores.
Microsoft described just 56 vulnerabilities this month, 9 critical and 6 currently publicly disclosed.
But it is the zero-day, CVE-2021-1732, or instead it’s score, that drew notice. To exploit this Windows Earn32k.sys elevation of privilege vulnerability that impacts Windows 10 and Windows Server 2019, Allan Liska, senior security architect at Recorded Future, mentioned, an attacker would have to have accessibility to the concentrate on method then achieve administrative obtain.
Even though Microsoft rated the flaw as “important,” instead than “critical,” Liska reported that due to the fact it is exploited in the wild, security groups need to prioritize this vulnerability for patching.
The zero-working day is a key example of why it is so critical for security groups to do risk-primarily based prioritization, stated Chris Goetll, senior director of product or service management at Ivanti.
“If you foundation your prioritization off of seller severity and focus on only ‘critical’ you could have missed this vulnerability in your prioritization,” Goetll stated. “This vulnerability should put Windows 10 and Server 2016 and later on editions into your priority bucket for remediation this thirty day period.”
Security teams really should also concentrate on CVE-2021-24078, a distant code execution (RCE) vulnerability in Windows DNS Server, Liske mentioned. This critical vulnerability, which Microsoft assigned a CVSS score of 9.8, impacts Windows Server 2008 by means of 2019. As with SIGRed, which was disclosed very last calendar year, attackers can exploit the RCE vulnerability remotely by obtaining a susceptible DNS server to question for a domain it has not viewed just before (e.g., by sending a phishing email with a connection to a new domain or even with illustrations or photos embedded that call out to a new area).
Some areas of this report are sourced from: