Microsoft tackles 12 critical bugs, element of its July 2021 Patch Tuesday roundup, capping a ‘PrintNightmare’ month of headaches for method admins.
Three bugs less than active exploit were squashed by Microsoft Tuesday, portion of its July security roundup of fixes for Windows, Microsoft Place of work, SharePoint Server and Exchange Server. In all, Microsoft patched 116 bugs. Twelve bugs are rated critical, 103 rated significant and a person labeled as moderate in severity.
Bugs beneath lively attack include things like a critical scripting motor memory corruption (CVE-2021-34448) flaw and two supplemental Windows kernel elevation-of-privilege vulnerabilities (CVE-2021-31979, CVE-2021-33771), both with a severity ranking of crucial.
The hundred-additionally bug fixes include to a tough July for Microsoft, which rolled out an out-of-band deal with for a Windows print spooler distant-code-execution vulnerability (CVE-2021-34527), dubbed PrintNightmare, previously this thirty day period. The nightmare bug, first disclosed in April, was afterwards learned to be far more major than in the beginning believed.
Public, But Not Exploited
Five of the bugs patched by Microsoft (CVE-2021-34473, CVE-2021-33781, CVE-2021-34523, CVE-2021-33779, CVE-2021-34492) were being publicly recognised, albeit not exploited. Only a person of all those bugs (CVE-2021-34473), a Microsoft Trade Server distant code execution (RCE) vulnerability, has a severity rating of critical, with a CVSS score of 9.1. The bug, just one of the best rated in terms of relevance to take care of this thirty day period, was component of Microsoft’s April Patch Tuesday roundup of fixes, in accordance to commentary by Cisco Talos.
“This vulnerability was previously patched in Microsoft’s April security update but was mistakenly not disclosed. Users who presently installed the April 2021 update are now guarded from this vulnerability, even though it is worth noting that this issue was part of a sequence of zero-days in Trade Server utilised in a large-ranging APT attack,” wrote Talos authors Jon Munshaw and Jaeson Schultz.
The most pressing of bugs is a memory corruption vulnerability (CVE-2021-34448) in Windows Server’s scripting motor that is triggered when the person opens a specially crafted file, possibly connected to an email or a compromised website.
“[This bug] is the most serious vulnerability for me. It is elegant in its simplicity, allowing an attacker achieve distant code execution just by having the focus on to check out a area,” wrote Kevin Breen, director of cyber threat research with Immersive Labs, in his Patch Tuesday commentary. “With malicious, however experienced wanting, domains carrying valid TLS certificates a common function at present, seamless compromise would be a trivial make a difference. Victims could even be attacked by sending .js or .hta information in qualified phishing e-mails.”
Cisco Talos advises technique admin to prioritize a patch for a critical bug (CVE-2021-34464) in Microsoft’s free of charge Defender anti-virus computer software. “This issue could allow for an attacker to execute remote code on the sufferer device. However, people do not require to get any actions to resolve this issue, as the update will quickly install. The corporation has stated measures in its advisory consumers can take to make certain the update is correctly mounted,” wrote Munshaw and Schultz.
Researchers have also identified a few SharePoint Server bugs (CVE-2021-34520, CVE-2021-34467, CVE-2021-34468) as precedence patches. Each individual enable an attacker to execute remote code on the victim device. All are rated critical. Having said that, Microsoft experiences that exploitation is “more likely” with these vulnerabilities, Talos claimed.
Zero Working day Initiative’s Dustin Childs endorses tackling (CVE-2021-34458), a Windows kernel vulnerability. “It’s rare to see remote code execution in a kernel bug, but this is that exceptional exception. This bug impacts methods hosting digital machines with single root input/output virtualization (SR-IOV) equipment,” he wrote.
“It’s not distinct how common this configuration is, but taking into consideration this bug costs as a CVSS 9.9, it is not a single to ignore. If you have digital equipment in your ecosystem, examination and patch rapidly,” Childs added.
In similar information, Adobe’s July patch roundup, also produced Tuesday, involves fixes for its ubiquitous and free of charge PDF reader Acrobat 2020 and other software such as Illustrator and Bridge. In all, Adobe patched 20 Acrobat bugs, with nine rated vital.
Examine out our absolutely free forthcoming stay and on-demand from customers webinar situations – exclusive, dynamic discussions with cybersecurity industry experts and the Threatpost neighborhood.
Some areas of this write-up are sourced from: