A day after Apple and Google released urgent security updates, Microsoft has introduced software fixes as part of Patch Tuesday’s monthly release cycle to connect 66 security holes affecting Windows and other components such as Azure, Office, BitLocker and Visual Studio, including one actively exploded on day zero on its MSHTML platform that came to light last week.
Of the 66 defects, three have a critical rating, 62 are significant and one is moderate in severity. This apart from the 20 vulnerabilities in the Microsoft Edge browser based on Chromium that the company addressed since the beginning of the month.
The most important of the updates refers to a patch for CVE-2021-40444 (CVSS score: 8.8), a remote code execution vulnerability actively exploited in MSHTML that takes advantage of Microsoft Office documents linked to malicious programs , with EXPMON researchers that “the operation uses logical defects so that the operation is perfectly reliable.”
It also addresses a publicly disclosed, but not actively exploited, zero-day flaw in Windows DNS. Designated as CVE-2021-36968, the privilege elevation vulnerability has a severity of 7.8.
Other note defects resolved by Microsoft include a number of remote code execution errors in Open Management Infrastructure (CVE-2021-38647), Windows WLAN Automatic Configuration Service (CVE-2021-36965), Office (CVE- 2021-38659), Visual Studio (CVE-2021-36952) and Word (CVE-2021-38656), as well as a memory corruption error in the Windows Scripting Engine (CVE-2021-26435)
In addition, the Windows manufacturer has fixed three privilege escalation flaws recently discovered in the Print Spooler service (CVE-2021-38667, CVE-2021-38671, and CVE-2021-40447), while CVE-2021-36975 and CVE-2021-3839 (CVSS scores: 7.8), which are associated with a high privilege vulnerability in Win32k, appear as “exploit probability”, making it essential for users to move quickly to apply updates of security.
Software patches from other vendors
In addition to Microsoft, several vendors have also released patches to fix various vulnerabilities, including –