Microsoft rolled out Patch Tuesday updates for the month of July with fixes for a total of 117 vulnerabilities, including nine zero-day bugs, four of which are intended to be actively attacked in the wild, allowing an adversary to take control of affected systems.
Of the 117 problems, 13 are rated as critical, 103 as important and one as moderate, with six of these errors being publicly known at the time of publication.
The updates span several Microsoft products including Windows, Bing, Dynamics, Exchange Server, Office, Scripting Engine, Windows DNS and Visual Studio Code. July also marked a dramatic increase in the number of vulnerabilities, surpassing the number that Microsoft has collectively fixed as part of its updates Can (55) and June (50).
The main vulnerabilities that are actively exploited are the following:
- CVE-2021-34527 (CVSS score: 8.8) – Remote Code Execution Vulnerability in Windows Print Spooler (public as “Print Nightmare“)
- CVE-2021-31979 (CVSS Score: 7.8) – Windows Kernel Elevation of Privilege Vulnerability
- CVE-2021-33771 (CVSS Score: 7.8) – Windows Kernel Elevation of Privilege Vulnerability
- CVE-2021-34448 (CVSS score: 6.8) – Scripting engine memory corruption vulnerability
Microsoft also emphasized the high attack complexity of CVE-2021-34448, specifically stating that the attacks depend on the ability to trick an unsuspecting user into clicking a link leading to a malicious website hosted by the adversary and a specially crafted file contains contains that was developed to trigger the vulnerability.
The other five publicly disclosed but unexploited zero-day vulnerabilities are listed below:
- CVE-2021-34473 (CVSS score: 9.1) – Remote Code Execution Vulnerability in Microsoft Exchange Server
- CVE-2021-34523 (CVSS score: 9.0) – Elevation of Privilege Vulnerability in Microsoft Exchange Server
- CVE-2021-33781 (CVSS score: 8.1) – Bypass Active Directory Security Feature Vulnerability
- CVE-2021-33779 (CVSS score: 8.1) – Windows ADFS security bypass vulnerability
- CVE-2021-34492 (CVSS score: 8.1) – Windows Certificate Spoofing Vulnerability
“This Patch Tuesday comes just days after out-of-band updates were released to address PrintNightmare – the critical bug in the Windows print spooler service found in all versions of Windows,” said Bharat Jogi, senior Vulnerability and threat research manager at Qualys, told The Hacker News.
“Although MSFT has released updates to address the vulnerability, users still need to ensure that the required configurations are set up correctly. Systems with misconfigurations will continue to be exploited even after the latest patch has been installed. PrintNightmare was an extremely serious problem that underscores the importance of combining detection and remedial action, “added Jogi.
The PrintNightmare vulnerability also prompted the US Cybersecurity and Infrastructure Security Agency (CISA) to release an emergency directive, urging federal departments and agencies to apply the latest security updates immediately and to disable the print spooler service on servers running Microsoft Active Directory domain controllers.
Additionally, Microsoft has addressed a security bypass vulnerability in the Windows Hello biometric authentication solution (CVE-2021-34466, CVSS Score: 5.7), which could allow an opponent to fake a target’s face and bypass the login screen.
Other critical bugs addressed by Microsoft include remote code execution vulnerabilities affecting Windows DNS Server (CVE-2021-34494, CVSS score 8.8) and Windows Kernel (CVE-2021-34458), the latter is rated 9.9 on the CVSS Severity Scale.
“This issue allows a single root input / output virtualization device (SR-IOV) assigned to a guest to potentially interfere with its Peripheral Component Interface Express (PCIe) siblings that are connected to other guests or the root” , noted Microsoft in its recommendation for CVE-2021-34458, adding Windows instances hosting virtual machines is prone to this bug.
To install the latest security updates, Windows users can go to Start> Settings> Update & Security> Windows Update or select Check for Windows Updates.
Third-party software patches
In addition to Microsoft, a number of other vendors have also released patches to fix several vulnerabilities, including –