Microsoft has recognized a new exploit in the wild that is actively being used. It’s been rolling out security updates all week to address 44 total vulnerabilities affecting its software and services, one of which it says is this active zero-day.
Microsoft’s most recent Windows update is their smallest release since December 2019, squashing seven Critical and 37 Important bugs in the Windows system. Among these fixes include those for Azure, Microsoft Graphics Component, Microsoft Office & Scripting Engine as well as remote desktop client. This latest patch includes security flaws that were found in Edge on August 5th.
The CVE-2021-36948 (CVSS score: 7.8) vulnerability for use by an elevation of privilege flaw affecting Windows Update Medic Service — occurring when attacking windows update medic service vulnerable can be abused for running malicious program with escalated privileges – has been detected recently among.
Microsoft’s Threat Intelligence Center has been credited with reporting the flaw, although their reports are vague in light of active exploitation attempts.
The company would not reveal additional information on how widespread those attacks were or any other possible details about them due to ongoing efforts from hackers attempting to exploit this vulnerability before a patch is deployed.
Two of the security vulnerabilities are publicly known at the time of release :-
-CVE-2021-36942 (CVSS score: 9.8) – Windows LSA Spoofing Vulnerability
-CVE-2021-36936 (CVSS score: 8.8) – Windows Print Spooler Remote Code Execution Vulnerability
Microsoft just released two new patches to their Windows Operating System that work together with the aforementioned flaw in order to protect against NTLM relay attacks like PetitPotam. The first patch, CVE-2021-36942, blocks any LSARPC interface which is typically used by attackers as a means of attack while the second one resolves remote code execution flaws within the windows print spooler component and can be installed on systems running versions 1803 or higher.
Microsoft’s recent security update blocks the OpenEncryptedFileRawA and OpenEncryptedFileRawW methods from being called through the LSARPC interface, which could lead to an unauthenticated attacker coercing a domain controller into authenticating with another server using NTLM.
Microsoft patch released this month for three flaws in the service Print Spooler. One of these vulnerabilities is CVE-2021-36936 with CVSS score 8.2, another vulnerability is CVE-2021 – 36947 (CVSS score: 7.8) and lastly there was a privilege elevation flaw that was fixed by Microsoft on.
Microsoft has released security updates to resolve a previously disclosed remote code execution in the Print Spooler service tracked as CVE-2021-34481 (CVSS score: 8.8). This update changes the default behavior of “Point and Print” feature, effectively preventing non-administrator users from installing or updating new and existing printer drivers without first elevating themselves to an administrator.
Microsoft has announced the remediation of two critical flaws as part of Patch Tuesday updates. The first flaw, CVE-2021-26424 (CVSS score: 9.9), is a remote code execution vulnerability in Windows TCP/IP which Microsoft notes “is remotely triggerable by a malicious Hyper-V guest sending an ipv6 ping to the Hyperpoint host.” An attacker could send a specially crafted TCP/IP packet to its host utilizing the TCP/IC Protocol Stack (tcpip.sys) and it would be processed accordingly without any notification whatsoever since this bug also allows for privilege escalation attacks if exploited successfully in conjunction with other vulnerabilities such as those found through exploiting keyboard hardware or driver bugs that allow access into kernel mode memory space on.
To install the latest security updates, Windows users can head to Start > Settings > Update & Security > Windows Update or by selecting Check for Windows updates.