Governance & Risk Management , IT Risk Management , Patch Management
Microsoft Releases Patches for 4 Exploited Zero-Day Flaws13 of 117 Vulnerabilities Revealed on Patch Tuesday Rated Critical
Microsoft on Tuesday released patches for four zero-day vulnerabilities that are being exploited in the wild, including an official patch for a critical remote code vulnerability dubbed "PrintNightmare" for which an out-of-band fix was issued earlier.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
The fixes for the four zero-day flaws were part of Microsoft's Patch Tuesday security update, which disclosed 117 vulnerabilities, 13 rated critical. The flaws affect a wide swath of the company's products, including Windows, Exchange Server, Office, Windows Storage Spaces Controller, Bing, SharePoint Server and Internet Explorer.
The Tuesday update includes the official patch for CVE-2021-34527, the Windows Print Spooler remote code execution vulnerability dubbed PrintNightmare for which an out-of-band fix was issued on July 8. Although there are reports the patch is ineffective, Trend Micro's Zero Day Initiative blog still recommends immediately applying the patch.
TheU.S. Cybersecurity and Infrastructure Security Agency is warning federal agencies to immediately patch the flaw, warning that exploits could lead to full system compromise of agency networks.
Trend Micro says CVE-2021-34448, a scripting engine memory corruption vulnerability, is another now-patched security issue that attackers are exploiting.
"This bug is also listed as under active exploit, but there's no indication of how widespread the attack is. The vulnerability allows an attacker to execute their code on an affected system if a user browses to a specially crafted website," Trend Micro says.
The other two exploited vulnerabilities are the Windows kernel elevation of privilege vulnerabilities CVE-2021-3379 and CVE-2021-31979.
Exchange Server Patches
Satnam Narang, a staff research engineer at Tenable, notes that Microsoft Exchange Server continues to receive security patches for the ProxyLogon vulnerability, despite the company rolling out a steady flow of fixes since April.
"Notable in this release was CVE-2021-34473, a remote code execution flaw, and CVE-2021-34523, an elevation of privilege vulnerability, both of which Microsoft says were addressed as part of its security updates from April 2021. However, these CVEs were somehow omitted from that release. CVE-2021-34473 is more likely to be exploited, according to Microsoft's Exploitability Index," he says.
The other Exchange vulnerabilities listed by Microsoft this month are: CVE-2021-34470, CVE-2021-33796, CVE-2021-33766, CVE-2021-31206 and CVE-2021-33768.
The security firm ESET said in March that at least 10 APT groups began exploiting the unpatched vulnerabilities in Exchange on Jan. 3, two days before Devcore security researcher Cheng-Da Tsai - also known as Orange Tsai - reported the security flaws to Microsoft. A huge rush of additional attacks occurred in March after Microsoft issued its first patches for the four initial vulnerabilities found.
Anand Paturi, principal research analyst with the security firm Qualys, also called out patches for the flaws CVE-2021-34467 and CVE-2021-34468, found in SharePoint Server, for special attention.
"These CVEs have a high likelihood of exploitability and are assigned a CVSSv3 base score of 7.1 by the vendor. Along with these patches, CVE-2021-34520 should be prioritized for patching," he says.
Adobe's July Security Updates
Adobe also had an active Patch Tuesday, issuing 29 security updates for Dimension, Illustrator, FrameMaker, Acrobat and Reader, and Adobe Bridge. Nineteen of the flaws are rated as critical.
Adobe says none of the vulnerabilities appear to have been exploited in the wild.
Adobe Acrobat and Reader contained a total of 19 flaws, and several of them could lead to code execution if an attacker can convince a user to open a malicious PDF with an affected version, Trend Micro says.
Adobe Bridge has five flaws that, if exploited, could lead to arbitrary code execution in the context of the user.