Microsoft Patch Tuesday July Addresses 117 Flaws Including 9 Zero-Days

This week, Microsoft has released the scheduled Patch Tuesday updates for July 2021. With this update bundle, the tech giant has fixed over a hundred different vulnerabilities. These also include 9 zero-day bugs, of which 4 were under exploit.

Microsoft Addressed 9 Zero-Days; 4 Under Exploit

Updating systems with the July Patch Tuesday updates is essential, considering that it addresses multiple zero-day vulnerabilities. That also includes 4 bugs that went under attack, of which 3 remained hidden from public disclosure.

These four serious vulnerabilities include,

  • CVE-2021-34527 – publicly known remote code execution vulnerability in Windows Print Spooler, the infamous “PrintNightmare,” created chaos globally. Microsoft has deemed it a critical security bug that received a CVSS score of 8.8.
  • CVE-2021-34448 – a critical-severity memory corruption vulnerability in scripting engine that leads to remote code execution. While the bug received a CVSS score of 6.8, its active exploitation labeled it a critical bug.
  • CVE-2021-31979 – an important severity privilege escalation bug in Windows Kernel.
  • CVE-2021-33771 – another privilege escalation flaw in Windows Kernel that received an important severity rating with a CVSS score of 7.8.

Besides, the patches also addressed 5 other publicly known bugs that fortunately escaped exploitation. These include,

  • CVE-2021-34473 – critical severity remote code execution bug in Microsoft Exchange Server
  • CVE-2021-33781 – important severity security feature bypass in Active Directory
  • CVE-2021-34523 – important severity privilege escalation flaw in Microsoft Exchange Server
  • CVE-2021-33779 – important severity security feature bypass in Windows ADFS
  • CVE-2021-34492 – important severity Windows Certificate spoofing vulnerability

Other Important July Patch Tuesday Updates

Alongside the zero-day flaws, Microsoft patched 108 other vulnerabilities as well. These include 10 critical severity vulnerabilities in Microsoft Defender, Windows Media Foundation, DNS Server, Hyper-V, and more. All of these bugs could allow remote code execution upon exploitation.

It also includes a single moderate severity information disclosure flaw in Microsoft SharePoint Server (CVE-2021-34519).

Besides, all other vulnerabilities have received an important severity rating. These bugs affected different components and could result in remote code execution, spoofing, the elevation of privilege, and denial of service.

All Microsoft users must ensure updating their systems at the earliest to receive the patches.

Source link