Posted on Wednesday, Jul 14 2021 @ 10:09 CEST by Thomas De Maesschalck
This month's dose of Microsoft's Patch Tuesday packs a whopping 117 patches. A total of 13 are rated as updates for critical security issues, one is ranked moderate and the remainder is flagged as important. Users are recommended to install the updates as soon as possible, not in the least because four of the vulnerabilities are already being exploited by cybercriminals.
Four zero-day vulnerabilities
The Register has a nice writeup
of the bugs that received a patch. Here is an overview of the four zero-day vulnerabilities. One of them is the Printnightmare bug
that made headlines last week.
CVE-2021-34527: Also known as Printnightmare, this is the remote-code execution hole in the Windows Print Spooler for which exploit code is floating around the web and is being used, Redmond said. Some infosec bods claimed they can bypass the patch, though Microsoft said that isn't possible provided your Registry keys are certain values. Microsoft said a system with this patch installed is, by default, not vulnerable to Printnightmare though it's been suggested there are a number of ways to make a box vulnerable. Review your Registry keys, install the patch, and only allow administrators to install printer drivers. To be totally safe, disable the print spooler service entirely.
CVE-2021-34448: A maliciously crafted webpage can achieve remote code execution via Microsoft's Scripting Engine. Exploitation in the wild was detected and that's about all Microsoft has said on the matter. Exploit code isn't said to be public. Researchers at Chinese outfit Qihoo 360 ATA were credited with the find.
CVE-2021-31979 and CVE-2021-33771: Privilege escalation flaws in the Windows kernel, which can be, and apparently are being, exploited by malware and/or malicious users to gain admin access. Exploit code isn't said to be public.