Microsoft has released 44 security fixes for August's Patch Tuesday, with seven of the vulnerabilities being rated critical. there have been three zero days included within the release and 37 were rated as important.
Thirteen of the patches involved a foreign code execution vulnerability while another eight revolved around information disclosure.
The affected tools included .NET Core & Visual Studio, ASP.NET Core & Visual Studio, Azure, Windows Update, Windows Print Spooler Components, Windows Media, Windows Defender, Remote Desktop Client, Microsoft Dynamics, Microsoft Edge (Chromium-based), Microsoft Office, Microsoft Office Word, Microsoft Office SharePoint and more.
One of the foremost prominent patches released within the latest batch covers the Windows Print Spooler Remote Code Execution vulnerability, which has been a serious topic of dialogue since it had been discovered in June. Microsoft also faced backlash from the safety community for bungling the discharge of patches meant to deal with the difficulty.
The fixed zero day bugs include:
- CVE-2021-36948 Windows Update Medic Service Elevation of Privilege Vulnerability
- CVE-2021-36942 Windows LSA Spoofing Vulnerability
- CVE-2021-36936 Windows Print Spooler Remote Code Execution Vulnerability
The Windows Update Medic Service Elevation of Privilege vulnerability is that the just one that has been exploited within the wild, consistent with Microsoft's report, but they are doing not explain how, where, or by whom.
Security expert Allan Liska said CVE-2021-36948 stood bent him due to its similarities to CVE-2020-17070, which was published in November 2020.
"Obviously, it's bad that it's being exploited within the wild, but we saw almost the precise same vulnerability in November of 2020 but i can not find any evidence that that was exploited within the wild," Liska said. "So, i'm wondering if this is often a replacement focus for threat actors."
Liska added that CVE-2021-26424 may be a vulnerability to stay and eye on because its a Windows TCP/IP Remote Code Execution vulnerability impacting Windows 7 through 10 and Windows Server 2008 through 2019.
"While this vulnerability isn't listed as publicly disclosed or exploited within the wild, Microsoft did label this as 'Exploitation More Likely' meaning that exploitation is comparatively trivial. Vulnerabilities within the TCP/IP stack are often tricky. There was tons of concern earlier this year around CVE-2021-24074, an identical vulnerability, but that has not been exploited within the wild," Liska explained.
"On the opposite hand, last year's CVE-2020-16898, another similar vulnerability, has been exploited within the wild."
The LSA spoofing vulnerability is said to an advisory Microsoft sent out late last month about the way to protect Windows domain controllers and other Windows servers from the NTLM Relay Attack referred to as PetitPotam.
Discovered in July by French researcher Gilles Lionel, the PetitPotam combat the NTLM Relay attack can "coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw function." it had been never found to possess been exploited.
The Zero Day Initiative noted that Adobe also released two patches addressing 29 CVEs in Adobe Connect and Magento. ZDI said it submitted eight of the bugs within the recent Microsoft report and explained that this is often the littlest number of patches released by Microsoft since December 2019. They attributed the decline to resource constraints considering Microsoft devoted extensive time in July responding to events like PrintNightmare and PetitPotam.
"Looking at the remaining Critical-rated updates, most are of the browse-and-own variety, meaning an attacker would wish to convince a user to browse to a specially crafted website with an affected system," ZDI said.
"One exception would be CVE-2021-26432, which may be a patch for the Windows Services for NFS ONCRPC XDR Driver. Microsoft provides no information on how the CVSS 9.8 rated vulnerability might be exploited, but it does note that it needs neither privileges or user interaction to be exploited."
No comments:
Post a Comment
Note: only a member of this blog may post a comment.