Microsoft announces patch for Actively Exploited Windows Zero-Day Vulnerability
By MYBRANDBOOK
Microsoft has pushed software fixes as part of its monthly Patch Tuesday release cycle to plug 66 security holes affecting Windows and other components such as Azure, Office, BitLocker, and Visual Studio, including an actively exploited zero-day in its MSHTML Platform that came to light last week.
Of the 66 flaws, three are rated Critical, 62 are rated Important, and one is rated Moderate in severity. This is aside from the 20 vulnerabilities in the Chromium-based Microsoft Edge browser that the company addressed since the start of the month.
The most important of the updates concerns a patch for CVE-2021-40444 (CVSS score: 8.8), an actively exploited remote code execution vulnerability in MSHTML that leverages malware-laced Microsoft Office documents, with EXPMON researchers noting "the exploit uses logical flaws so the exploitation is perfectly reliable."
Also addressed is a publicly disclosed, but not actively exploited, zero-day flaw in Windows DNS. Designated as CVE-2021-36968, the elevation of privilege vulnerability is rated 7.8 in severity.
Other flaws of note resolved by Microsoft involve a number of remote code execution bugs in Open Management Infrastructure (CVE-2021-38647), Windows WLAN AutoConfig Service (CVE-2021-36965), Office (CVE-2021-38659), Visual Studio (CVE-2021-36952), and Word (CVE-2021-38656) as well as a memory corruption flaw in Windows Scripting Engine (CVE-2021-26435).
The Windows maker has rectified three privilege escalation flaws newly uncovered in its Print Spooler service (CVE-2021-38667, CVE-2021-38671, and CVE-2021-40447), while CVE-2021-36975 and CVE-2021-38639 (CVSS scores: 7.8), both of which relate to an elevation of privilege vulnerabilities in Win32k, are listed as 'exploitation more likely,' making it imperative that users move quickly to apply the security updates.
TAC Security becomes Cyber Security Assessor for the App Defen
The cybersecurity company, TAC Security has been selected as a key Cyber ...
InterGlobe’s Rahul Bhatia and C.P. Gurnani together announce
In a move that is set to transform the AI landscape, Rahul Bhatia, Group M...
Download masked Aadhaar to improve privacy
Download a masked Aadhaar from UIDAI to improve privacy. Select masking w...
Sterlite Technologies' Rs 145 crore claim against BSNL rejecte
An arbitrator has rejected broadband technology company Sterlite Technolog...
VVDN TECHNOLOGIES
TEJAS NETWORKS INDIA PVT. LTD.
SAMSUNG INDIA ELECTRONICS PVT. LTD.
JUVAS SOLUTIONS PVT. LTD.
Technology Icons Of India 2023: Dilip Asbe
Dilip Asbe is the MD & CEO of National Payments Corporation of India (...
Technology Icons Of India 2023: Natarajan Chandrasekaran
Natarajan Chandrasekaran is the Chairman of the Board of Tata Sons, th...
Technology Icons Of India 2023: Hari Om Rai
Hari Om Rai is the Co-founder, Chairman & Managing Director of Lava In...
GSTN aims to integrate indirect tax ecosystem on a shared IT infrastructure
Goods and Services Tax Network (GSTN) has built Indirect Taxation plat...
PGCIL transforming India with its wide power transmission network
Engaged in power transmission, POWERGRID or PGCIL is a stated owned In...
C-DAC keeps India ahead in IT & Electronics R&D space
Centre for Development of Advanced Computing (C-DAC) is the premier R&...
B D SOFTWARE
BD Software is the distributor of IT security solutions in India. The ...
WPG C&C COMPUTERS & PERIPHERALS PVT. LTD.
WPG C&C Computers & Peripherals (India) was incorporated in 2008 and ...
INGRAM MICRO INDIA PVT. LTD.
Ingram Micro India, a large national distributor offers a comprehensiv...