Microsoft has fixed 117 vulnerabilities in different products

Microsoft has begun distributing the next security patch as part of the Patch Tuesday program. This time, the developers have fixed 117 vulnerabilities in various products, four of which are actively used by cybercriminals to carry out attacks. The patch fixes problems in Windows, Exchange Server, Microsoft Office, Internet Explorer, Bing, and others. At the same time, 13 vulnerabilities are critical, 103 were classified as dangerous, and one more is of low danger.

The July patch includes several important fixes. One of them is a fix for a vulnerability in Windows Print Manager CVE-2021-34527 (PrintNightmare), which was released separately at the beginning of the month. Exploitation of this vulnerability allows remote code execution with system privileges, which is a serious problem, especially considering that cybercriminals are actively using it at the present time. The July patch also includes a fix for CVE-2021-1675, another Windows Print Manager vulnerability that was previously released separately.

Microsoft has patched CVE-2021-34448, another critical vulnerability that was actively exploited by cybercriminals. Its exploitation leads to memory corruption of the Windows Script Host and allows remote code execution. While attacking this vulnerability is challenging, Microsoft notes that hackers are actively exploiting it. Also fixed two privilege escalation vulnerabilities affecting the Windows kernel. We are talking about used by hackers CVE-2021-31979 and CVE-2021-33771, the exploitation of which does not require interaction with the victim.

In addition to the vulnerabilities exploited by cybercriminals, the patch fixes several well-known problems. These include Microsoft Exchange Server Remote Code Execution Critical Vulnerability CVE-2021-34473, Active Directory Security Bypass Vulnerability CVE-2021-33781, Exchange Server Privilege Elevation Vulnerability CVE-2021-34523, Active Directory Security Bypass Vulnerability Federation Services (ADFS) CVE-2021-33779 and Windows Certificate Spoofing Vulnerability CVE-2021-34492.

Microsoft’s July patch fixes a large number of vulnerabilities that allow remote code execution. Some of them are actively used by hackers, while others have not yet been publicly announced. This means that users shouldn’t hesitate to install patches in order to protect their device from potential attackers.

If you have found a spelling error, please, notify us by selecting that text and pressing Ctrl+Enter.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Alexandr Ivanov earned his Licentiate Engineer in Systems and Computer Engineering from the Free International University of Moldova. Since 2013, Alexandr has been working as a freelance web programmer.
Function: Web Developer and Editor
Alexandr Ivanov

Spelling error report

The following text will be sent to our editors: