Microsoft Releases Patch for Actively Exploited Windows Zero-Day Vulnerability

Cyber Security

Products You May Like

A day after Apple and Google rolled out urgent security updates, Microsoft has pushed software fixes as part of its monthly Patch Tuesday release cycle to plug 66 security holes affecting Windows and other components such as Azure, Office, BitLocker, and Visual Studio, including an actively exploited zero-day in its MSHTML Platform that came to light last week.

Of the 66 flaws, three are rated Critical, 62 are rated Important, and one is rated Moderate in severity. This is aside from the 20 vulnerabilities in the Chromium-based Microsoft Edge browser that the company addressed since the start of the month.

The most important of the updates concerns a patch for CVE-2021-40444 (CVSS score: 8.8), an actively exploited remote code execution vulnerability in MSHTML that leverages malware-laced Microsoft Office documents, with EXPMON researchers noting “the exploit uses logical flaws so the exploitation is perfectly reliable.”

Also addressed is a publicly disclosed, but not actively exploited, zero-day flaw in Windows DNS. Designated as CVE-2021-36968, the elevation of privilege vulnerability is rated 7.8 in severity.

Other flaws of note resolved by Microsoft involve a number of remote code execution bugs in Open Management Infrastructure (CVE-2021-38647), Windows WLAN AutoConfig Service (CVE-2021-36965), Office (CVE-2021-38659), Visual Studio (CVE-2021-36952), and Word (CVE-2021-38656) as well as a memory corruption flaw in Windows Scripting Engine (CVE-2021-26435)

What’s more, the Windows maker has rectified three privilege escalation flaws newly uncovered in its Print Spooler service (CVE-2021-38667, CVE-2021-38671, and CVE-2021-40447), while CVE-2021-36975 and CVE-2021-38639 (CVSS scores: 7.8), both of which relate to an elevation of privilege vulnerabilities in Win32k, are listed as ‘exploitation more likely,’ making it imperative that users move quickly to apply the security updates.

Software Patches From Other Vendors

Besides Microsoft, patches have also been released by a number of other vendors to address several vulnerabilities, including –

Products You May Like

Articles You May Like

Sony Bravia XR-55A80K Ultra-HD OLED Android TV Review: Effortlessly Good
Vivo Y73t With 6,000mAh Battery, Dimensity 700 SoC Launched: Price, Specifications
Samsung, Axis Bank Launch Credit Card With Year-Long Cashback Discounts: All Details
Cyber Attacks Against Middle East Governments Hide Malware in Windows logo
Intel 13th Gen ‘Raptor Lake’ Desktop CPUs Launched, Including Core i9-13900K With 24 Cores

Leave a Reply

Your email address will not be published.