[ad_1]
Microsoft Updates were released today to link at least 56 vulnerabilities the Windows Operating systems and other software. One bug has been actively exploited, and six of them were published before today, which could give attackers an advantage in how to exploit the vulnerability.
Nine of 56 vulnerabilities received Microsoft’s ‘most important’ rating, which means malware or criminals can use it to remotely control systems that have not been patched with little or no help. of the user.
A vulnerability already exploited in the wild – CVE-2021-1732 – affects Windows 10 and Server 2016 and later. It receives a less dangerous “ Important ” rating, primarily because it is a security vulnerability that allows the attacker to increase their authority and control over the device, meaning that the attacker must already have access to the target system.
Two other insects detected before this week are critical and live there Microsoft software frameworkOne of the components required by many third-party applications (most Windows users have a version of .NET installed).
Windows 10 users should note that although the operating system installs all monthly patch bundles at the same time, it usually doesn’t include .NET updates that are installed on their own. So, after you’ve backed up your system and installed this month’s fixes, you might want to check Windows Update again to see if there are any .NET updates pending.
Of major concern for businesses is another fatal DNS server bug in Windows Server 2008 to 2019 that can be used to remotely install software of an attacker’s choice. CVE-2021-24078 has a CVSS score of 9.8 which is as risky as it gets.
Future registered He says the vulnerability can be exploited remotely by getting a weak DNS server for a domain request that has not yet been seen (for example, sending a phishing email with a link to a new domain or even with embedded images calling for a new domain). Kevin breen Of Immersive laboratories This indicates that CVE-2021-24078 could allow an attacker to steal a lot of data by changing the destination of your organization’s internet traffic, such as redirecting internal devices or accessing Outlook email on a malicious server.
Windows Server users should also be aware that Microsoft is implementing a second round of security enhancements this month as part of a two-step update to address the issue. CVE-2020-1472 Extreme Vulnerability Q was first used in September 2020.
Weakness, liveزیرولوجون“It’s an insect in the heart.”NetlogonA component of Windows Server hardware. The flaw allows an unverified attacker to gain administrative access to a Windows domain controller and to run any application at will. A domain controller is a server that responds to security authentication requests in a Windows environment, and a compromised domain controller can give attackers domain keys within a corporate network.
Microsoft’s initial amendment to CVE-2020-1472 fixed a bug in Windows Server systems, but did nothing to prevent unsupported devices or third parties from talking to insecure Netlogon connection controllers. Microsoft said it took this two-step approach “to ensure that vendors of incompatible applications can provide customers with updates.” With fixes this month, Microsoft will begin rejecting unsecured network connection attempts from non-Windows devices.
There are some other security updates other than Windows worth noting. Adobe today released updates to fix at least 50 vulnerabilities in a variety of products, including Photoshop and Reader. Acrobat / Reader update fixes a serious zero-day flaw which Adobe says is actively exploited by nature against Windows users, so if installed in Adobe Acrobat or Reader, be sure to update this software.
There is also a downside to zero-day Google Chrome web browser (CVE-2021-21148) which is under active attack. Chrome automatically downloads security updates, but users must always restart their browsers for updates to take full effect. If you are using Chrome and notice a red “update” prompt to the right of the address bar, it’s time to save your work and restart the browser.
Standard reminder: While it is essential to keep Windows patch updates up to date, it is important to make sure you only update after backing up your important data and files. Reliable backup means you’re less likely to tear your hair out when a weird cart repair causes problems with system startup.
So do yourself a favor and back up your files before installing fixes. Windows 10 even has built-in tools to help you do that, either file / folder based or simultaneously creating a full bootable copy of your hard drive.
Keep in mind that Windows 10 will automatically download and install updates in its schedule. If you want to make sure that Windows is configured to pause updating so that you can back up your files and / or your system before the operating system decides to restart and install patches, check out this guide.
And as always, if you encounter any issues or a bug installing any of these fixes this month, consider leaving a comment below; There is even more chance that other readers have tried the same and can contact here for some helpful advice.
Tags: CVE-2020-1472, CVE-2021-1732, CVE-2021-21148, CVE-2021-24078, Immersive Labs, Kevin Brino, Microsoft Patch Tuesday, February 2021, Netlogon, Future Recorder, ZeroLogon
Source link