Microsoft released a package of security fixes in XL format for its products for Patch Tuesday this month, and other vendors are close behind in releasing updates.
The July stack of Windows Goliath contains 117 patches, 13 for allegedly critical bugs, 103 important, and one moderate. We typically recommend that you install these updates and, if necessary, test them before deploying them before rogues develop exploits on them. However, four of these holes are already exploited in the wild, according to Microsoft, so it’s best to put on your ice skates.
Here is an overview of these four:
- CVE-2021-34527: Also known as Print Nightmare, this is the remote code execution hole in the Windows print spooler that exploit code is floating and used for on the web, Redmond said. Some Infosec bods claimed they could bypass the patch, although Microsoft said it couldn’t, provided your registry keys have certain values. Microsoft said that a system with this patch installed would not be vulnerable to Printnightmare by default, even though it was recommended there is a many ways to make a box vulnerable. Check your registry keys, install the patch, and only allow administrators to install printer drivers. To be absolutely sure, completely disable the print spooler service.
- CVE-2021-34448: A maliciously crafted web page can get remote code execution through Microsoft’s scripting engine. Exploitation in the wild has been discovered and that’s all Microsoft has said on the subject. Exploit code should not be public. The find was attributed to researchers from the Chinese company Qihoo 360 ATA.
- CVE-2021-31979 and CVE-2021-33771: Privilege escalation errors in the Windows kernel that can and apparently are exploited by malware and / or malicious users to gain administrator access. Exploit code should not be public.
Exploit code is now said to have been developed for CVE-2021-34473 (Exchange server RCE), CVE-2021-33781 (Bypassing the Active Directory security function), CVE-2021-34523 (Exchange Server authorization extension), CVE-2021-33779 (Windows ADFS security bypass) and CVE-2021-34492 (Windows Certificate Spoofing), although no one has yet been discovered abusing them in the wild.
Trend Micro’s zero-day initiative provides an excellent summary of the patches Here. It called CVE-2021-34494, an RCE in Windows DNS Server, is particularly bad and needs to be patched before being exploited, and CVE-2021-34458 This is a Windows kernel RCE that affects virtualization host servers depending on how it is configured.
There are also critical bugs in Windows Defender, Dynamics Business Central, Windows Media Foundation, Hyper-V, and the Windows MSHTML platform. There are then notable patches for HEVC Video Extensions, Microsoft Excel and SharePoint Server, Word, Power BI … the list is huge.
“This volume of fixes is more than the last two months combined and corresponds to the monthly totals for 2020,” said Dustin Childs of the Zero Day Initiative. “Perhaps the lower rate in the previous months was a deviation.”
Other providers are driving the patch Tuesday train with Microsoft. Adobe has its. released usual pile of security updates this month addressing 29 CVE-listed bugs for Acrobat and Reader (19 fixes of the total and 10 of them critical) as well as Dimension, Illustrator, Framemaker and Adobe Bridge.
In the meantime, Intel has warned us after one Firmware update by system manufacturers to fix a local privilege escalation bug on machines that are mainly powered by its Xeon processors. VMware has released a couple of patches – one that suppresses an authentication bypass error with ESXi and the other Fixed a DLL hijacking vulnerability in ThinApp. SAP has addressed a “critical authentication-based vulnerability in the LM Configuration Wizard of SAP NetWeaver AS Java.”
And who could forget that July edition Android security updates. Check your systems large and small for updates and apply as soon as possible. ®