Microsoft fixes 117 vulnerabilities and four zero days during Patch Tuesday

Microsoft fixed 117 vulnerabilities in Windows during Patch Tuesday. Four of them were actively attacked, the company says. Thirteen bugs received a critical score, including remote code execution in the OS’s DNS server.

The July patch round will fix a total of 117 vulnerabilities, 13 of which will receive a Critical score and 103 an Important score. One bug gets a Moderate score. Four of the bugs are vulnerabilities that are exploited in practice, according to Microsoft, but as usual, the company does not provide details about the attacks themselves.

Two of the bugs allow local privilege escalation to be performed on all Windows kernels. Another zero day is used for remote code executions. The vulnerabilities that are not actively exploited include CVE-2021-34494, a remote code execution for dns server in Windows.

An important patch is for PrintNightmare, a bug discovered in the Print Spooler Service earlier this month. A patch had already been released for this, but it did not fix all the problems. In this way a local privilege escalation remained possible. The new patch also has to fix those last vulnerabilities.

The actively attacked vulnerabilities:

In addition, five bugs are being patched, the details of which were already made public, but were not actively attacked:

In addition to the standard security update, there is also a Cumulative Update, KB5004237 for Windows 10 1904.1110, 19042.1110, and 19043.1110.