page = krebs on security – in-depth security news and …
url = https://krebsonsecurity.com
Microsoft today released updates to patch at least 116 security holes in its Windows operating systems and related software. At least four of the vulnerabilities addressed today are under active attack, according to Microsoft.
Thirteen of the security bugs quashed in this month’s release earned Microsoft’s most-dire “critical” rating, meaning they can be exploited by malware or miscreants to seize remote control over a vulnerable system without any help from users.
Another 103 of the security holes patched this month were flagged as “important,” which Microsoft assigns to vulnerabilities “whose exploitation could result in compromise of the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources.”
Among the critical bugs is of course the official fix for the PrintNightmare print spooler flaw in most versions of Windows ( CVE-2021-34527 ) that prompted Microsoft to rush out a patch for a week ago in response to exploit code for the flaw that got accidentally published online. That patch seems to have caused a number of problems for Windows users. Here’s hoping the updated fix resolves some of those issues for readers who’ve been holding out.
CVE-2021-34448 is a critical remote code execution vulnerability in the scripting engine built into every supported version of Windows — including server versions. Microsoft says this flaw is being exploited in the wild.
Both CVE-2021-33771 and CVE-2021-31979 are elevation of privilege flaws in the Windows kernel. Both are seeing active exploitation, according to Microsoft. Continue reading →