A day afterand rolled out pressing safety updates, Microsoft has as a part of its month-to-month Patch Tuesday launch cycle to plug 66 safety holes affecting Home windows and different parts akin to Azure, Workplace, BitLocker, and Visible Studio, together with an in its MSHTML Platform that got here to gentle final week.
Of the 66 flaws, three are rated Vital, 62 are rated Essential, and one is rated Average in severity. That is other than thewithin the Chromium-based Microsoft Edge browser that the corporate addressed for the reason that begin of the month.
Crucial of the updates issues a patch for(CVSS rating: 8.8), an actively exploited distant code execution vulnerability in MSHTML that leverages malware-laced Microsoft Workplace paperwork, with EXPMON researchers noting “the exploit makes use of logical flaws so the exploitation is completely dependable.”
Additionally addressed is a publicly disclosed, however not actively exploited, zero-day flaw in Home windows DNS. Designated as, the elevation of privilege vulnerability is rated 7.8 in severity.
Different flaws of word resolved by Microsoft contain various distant code execution bugs in Open Administration Infrastructure (), Home windows WLAN AutoConfig Service ( ), Workplace ( ), Visible Studio ( ), and Phrase ( ) in addition to a reminiscence corruption flaw in Home windows Scripting Engine ( )
What’s extra, the Home windows maker has rectified three privilege escalation flaws newly uncovered in its Print Spooler service (, , and ), whereas and (CVSS scores: 7.8), each of which relate to an elevation of privilege vulnerabilities in Win32k, are listed as ‘exploitation extra possible,’ making it crucial that customers transfer shortly to use the safety updates.
Software program Patches From Different Distributors
Apart from Microsoft, patches have additionally been launched by various different distributors to handle a number of vulnerabilities, together with –