Microsoft Releases Patch for Actively Exploited Home windows Zero-Day Vulnerability


A day after Apple and Google rolled out pressing safety updates, Microsoft has pushed software fixes as a part of its month-to-month Patch Tuesday launch cycle to plug 66 safety holes affecting Home windows and different parts akin to Azure, Workplace, BitLocker, and Visible Studio, together with an actively exploited zero-day in its MSHTML Platform that got here to gentle final week.

Of the 66 flaws, three are rated Vital, 62 are rated Essential, and one is rated Average in severity. That is other than the 20 vulnerabilities within the Chromium-based Microsoft Edge browser that the corporate addressed for the reason that begin of the month.

Crucial of the updates issues a patch for CVE-2021-40444 (CVSS rating: 8.8), an actively exploited distant code execution vulnerability in MSHTML that leverages malware-laced Microsoft Workplace paperwork, with EXPMON researchers noting “the exploit makes use of logical flaws so the exploitation is completely dependable.”

Additionally addressed is a publicly disclosed, however not actively exploited, zero-day flaw in Home windows DNS. Designated as CVE-2021-36968, the elevation of privilege vulnerability is rated 7.8 in severity.

Different flaws of word resolved by Microsoft contain various distant code execution bugs in Open Administration Infrastructure (CVE-2021-38647), Home windows WLAN AutoConfig Service (CVE-2021-36965), Workplace (CVE-2021-38659), Visible Studio (CVE-2021-36952), and Phrase (CVE-2021-38656) in addition to a reminiscence corruption flaw in Home windows Scripting Engine (CVE-2021-26435)

What’s extra, the Home windows maker has rectified three privilege escalation flaws newly uncovered in its Print Spooler service (CVE-2021-38667, CVE-2021-38671, and CVE-2021-40447), whereas CVE-2021-36975 and CVE-2021-38639 (CVSS scores: 7.8), each of which relate to an elevation of privilege vulnerabilities in Win32k, are listed as ‘exploitation extra possible,’ making it crucial that customers transfer shortly to use the safety updates.

Software program Patches From Different Distributors

Apart from Microsoft, patches have additionally been launched by various different distributors to handle a number of vulnerabilities, together with –





Source link