The patch can be bypassed for those devices that still have this registry setting enabled to achieve remote code execution and local privilege escalation. Microsoft's OOB patch only resolves the vulnerability if the Point and Print policy is disabled. Last month, a proof-of-concept exploit was released by accident for the zero-day PrintNightmare vulnerability that allows remote code execution and local privilege escalation.ĭue to the severity of the attacks, Microsoft released an out-of-band KB5004945 security update that was supposed to fix the PrintNightmare vulnerability tracked as CVE-2021-34527. CVE-2021-31979 - Windows Kernel Elevation of Privilege Vulnerability.CVE-2021-34448 - Scripting Engine Memory Corruption Vulnerability.CVE-2021-33771 - Windows Kernel Elevation of Privilege Vulnerability.CVE-2021-34527 - Windows Print Spooler Remote Code Execution Vulnerabilityįinally, there are three actively exploited Windows vulnerabilities that were not publicly disclosed.There was one publicly disclosed and actively exploited vulnerability known as PrintNightmare. CVE-2021-33781 - Active Directory Security Feature Bypass Vulnerability.CVE-2021-33779 - Windows ADFS Security Feature Bypass Vulnerability.CVE-2021-34473 - Microsoft Exchange Server Remote Code Execution Vulnerability.CVE-2021-34523 - Microsoft Exchange Server Elevation of Privilege Vulnerability.CVE-2021-34492 - Windows Certificate Spoofing Vulnerability.The five publicly disclosed, but not exploited, zero-day vulnerabilities are:
Microsoft classifies a zero-day vulnerability as publicly disclosed or actively exploited with no official security updates or released.
July's Patch Tuesday includes nine zero-day vulnerabilities, with four actively exploited in the wild. Nine zero-days fixed, with four actively exploited Of the 117 vulnerabilities, 44 are remote code execution, 32 are for elevation of privilege, 14 are information disclosure, 12 are Denial of Service, 8 are security feature bypass, and seven are spoofing vulnerabilities.įor information about the non-security Windows updates, you can read about today's Windows 10 KB5004237 & KB5004245 cumulative updates. Microsoft has fixed 117 vulnerabilities with today's update, with 13 classified as Critical, 1 Moderate, and 103 as Important. Today is Microsoft's July 2021 Patch Tuesday, and with it comes fixes for nine zero-day vulnerabilities and a total of 117 flaws, so Windows admins will be pulling their hair out as they scramble to get devices patched and secured.
0 kommentar(er)
