Microsoft has begun distributing the next security patch as part of the Patch Tuesday program. This time, the developers have fixed 117 vulnerabilities in various products, four of which are actively used by cybercriminals to carry out attacks. The patch fixes problems in Windows, Exchange Server, Microsoft Office, Internet Explorer, Bing, and others. At the same time, 13 vulnerabilities are critical, 103 were classified as dangerous, and one more is of low danger.
The July patch includes several important fixes. One of them is a fix for a vulnerability in Windows Print Manager CVE-2021-34527 (PrintNightmare), which was available separately at the beginning of the month. Exploitation of this vulnerability allows remote code execution with system privileges, which is a serious problem, especially considering that cybercriminals are actively using it at the present time. The July patch also includes a fix for CVE-2021-1675, another Windows Print Manager vulnerability that was previously available separately.
Microsoft patches 117 vulnerabilities across its products including Windows
Microsoft has patched CVE-2021-34448, another critical vulnerability that was actively exploited by cybercriminals. Its exploitation leads to memory corruption of the Windows Script Host and allows remote code execution. While attacking this vulnerability is challenging, Microsoft notes that hackers are actively exploiting it. Also fixed two privilege escalation vulnerabilities affecting the Windows kernel. We are talking about CVE-2021-31979 and CVE-2021-33771 used by hackers; the exploitation of which does not require interaction with the victim.
In addition to the vulnerabilities exploited by cybercriminals, the patch fixes several well-known problems. These include Microsoft Exchange Server Remote Code Execution Critical Vulnerability CVE-2021-34473, Active Directory Security Bypass Vulnerability CVE-2021-33781, Exchange Server Privilege Elevation Vulnerability CVE-2021-34523, Active Directory Security Bypass Vulnerability Federation Services (ADFS) CVE-2021-33779 and Windows Certificate Spoofing Vulnerability CVE-2021-34492.
Microsoft’s July patch fixes a large number of vulnerabilities that allow remote code execution. Some of them are actively in use by hackers, while others have not yet been publicly announced. This means that users shouldn’t hesitate to install patches in order to protect their device from potential attackers.
Some of the most interesting vulnerabilities resolved in this update are:
- CVE-2021-31206: A Microsoft Exchange Server RCE found during Pwn2Own.
- CVE-2021-34448: An actively exploited scripting engine memory corruption vulnerability, requiring a victim to actively visit a malicious website or to click a malicious link.
- CVE-2021-34494: A Windows DNS Server RCE, albeit restricted to DNS servers only.
- CVE-2021-34458: A Windows Kernel RCE which permits a single root input/output virtualization (SR-IOV) device, assigned to a guest, to potentially tamper with PCIe associates.