[ad_1]
A day after Apple and Google rolled out urgent security updates, Microsoft pushed out software fixes as part of its monthly Patch Tuesday release cycle to address 66 security holes affecting Windows and other components such as ‘Azure, Office, BitLocker, and Visual Studio, including an actively operated zero-day in its MSHTML platform that was revealed last week.
Of the 66 vulnerabilities, three are rated Critical, 62 are rated Important, and one is rated Moderate in severity. This is aside from the 20 vulnerabilities of the Chromium-based Microsoft Edge browser that the company has addressed since the start of the month.
The most significant of the updates is a fix for CVE-2021-40444 (CVSS score: 8.8), an actively exploited remote code execution vulnerability in MSHTML that exploits Microsoft Office documents containing malware, EXPMON researchers noting that “the exploit uses logical flaws so the exploitation is perfectly reliable.”
A publicly disclosed, but not actively exploited, zero-day flaw in Windows DNS is also discussed. Designated as CVE-2021-36968, the elevation of privilege vulnerability is rated 7.8 in severity.
Other notable flaws fixed by Microsoft involve a number of remote code execution bugs in Open Management Infrastructure (CVE-2021-38647), Windows WLAN AutoConfig Service (CVE-2021-36965), Office (CVE-2021 -38659), Visual Studio (CVE-2021-36952) and Word (CVE-2021-38656) as well as a memory corruption fault in Windows Script Engine (CVE-2021-26435)
Additionally, the Windows manufacturer fixed three recently discovered privilege escalation flaws in its Print Spooler service (CVE-2021-38667, CVE-2021-38671 and CVE-2021-40447), while CVE-2021-36975 and CVE-2021 -38639 (CVSS scores: 7.8), both of which are related to elevated privilege vulnerabilities in Win32k, are listed as “exploitation more likely,” forcing users to act quickly to enforce the security updates.
Software fixes from other vendors
Besides Microsoft, fixes have also been released by a number of other vendors to address several vulnerabilities, including –
[ad_2]
Source link