Microsoft will fix 117 vulnerabilities and four zero days during Patch Tuesday

Spread the love

Microsoft patched 117 vulnerabilities in Windows during Patch Tuesday. Four of them were actively attacked, the company says. Thirteen bugs received a critical score, including a remote code execution in the OS’s DNS server.

The July patch round fixes a total of 117 vulnerabilities, with thirteen receiving a Critical score and 103 an Important score. One bug gets a Moderate score. Four of the bugs, according to Microsoft, are vulnerabilities that are being exploited in the field, but as usual, the company does not provide details about the attacks themselves.

Two of the bugs allow local privilege escalation to be performed on all Windows kernels. Another zero day is used for remote code executions. Among the vulnerabilities that are not actively exploited are, among others CVE-2021-34494 op, a remote code execution for dns server in Windows.

An important patch is for PrintNightmare, a bug discovered earlier this month in the Print Spooler Service. A patch was previously released for this, but it did not close all problems. This way a local privilege escalation remained possible. The new patch also has to fix those last vulnerabilities.

The actively attacked vulnerabilities:

CVE-2021-34527 Remote code execution in Windows Print Spooler
CVE-2021-33771 Windows kernel privilege escalation
CVE-2021-34448 Memory corruption in Windows Scripting Engine
CVE-2021-31979 Windows kernel privilege escalation

In addition, five bugs are being patched, the details of which were already made public, but were not actively attacked:

CVE-2021-34492 Windows Certificate Spoofing Vulnerability
CVE-2021-34523 Privilege Elevation in Microsoft Exchange Server
CVE-2021-34473 Remote code execution in Microsoft Exchange Server
CVE-2021-33779 ADFS security bypass
CVE-2021-33781 Active Directory security bypass

In addition to the standard security update, there is also a Cumulative Update, KB5004237 for Windows 10 1904.1110, 19042.1110, and 19043.1110.

You might also like