RV_ Posted July 14, 2021 Report Share Posted July 14, 2021 Today's updates were significant. Excerpt: "Products impacted by Microsoft's latest security update, issued on July 13, include Microsoft Office, SharePoint, Excel, Microsoft Exchange Server, Windows Defender, Windows Kernel, and Windows SMB. Read on: Microsoft acquires cybersecurity company RiskIQ The best parts of Windows 11 are already in Windows 10. You just have to enable them Some of the most interesting vulnerabilities resolved in this update are: CVE-2021-31206: A Microsoft Exchange Server RCE found during Pwn2Own. CVE-2021-34448: An actively exploited scripting engine memory corruption vulnerability, requiring a victim to actively visit a malicious website or to click a malicious link. CVE-2021-34494: A Windows DNS Server RCE, albeit restricted to DNS servers only. CVE-2021-34458: A Windows Kernel RCE which permits a single root input/output virtualization (SR-IOV) device, assigned to a guest, to potentially tamper with PCIe associates. The latest round of patches comes just a week after an emergency fix was issued by Microsoft to rectify a security flaw nicknamed "PrintNightmare." Tracked under CVE-2021-1675 and CVE-2021-34527, the combination of RCE and a local privilege escalation flaw is already impacting some printers, and exploit code has been released. In total, four of the vulnerabilities -- CVE-2021-34527 (PrintNightmare), CVE-2021-34448, CVE-2021-31979, and CVE-2021-33771 -- are listed as exploited in the wild. Microsoft thanked researchers from Google Security, Checkmarx, the Trend Micro Zero Day Initiative, and Fortinet's FortiGuard Lab, among other organizations, for reporting the now-patched security flaws, A number of vulnerabilities were also reported by Microsoft Threat Intelligence Center (MSTIC). According to the Zero Day Initiative (ZDI), which reported 17 of the bugs, this month's volume of fixes "is more than the last two months combined and on par with the monthly totals from 2020." Last month, Microsoft resolved 50 vulnerabilities in the June batch of security fixes. These included seven zero-day bugs, six of which were reported by the Redmond giant as being actively exploited. A month prior, the tech giant tackled 55 security flaws during May Patch Tuesday. Four of which were deemed critical, and three were zero-days." Source: https://www.zdnet.com/article/microsoft-july-2021-patch-tuesday-117-vulnerabilities-pwn2own-exchange-server-bug-fixed/?ftag=TREc64629f&bhid={%24external_id}&mid={%24MESSAGE_ID}&cid={%24contact_id}&eh={%24CF_emailHash} Quote RV/Derekhttp://www.rvroadie.com Email on the bottom of my website page.Retired AF 1971-1998 When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius “Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.