Update Youí Windows PCs to Patch 117 New Ïlaws, Including 9 Zeío-Days

July 15, 2021
|In Security
|By Security Team

Microsoft rolled out Patch Tuesday Updates for the month of July which fixes for a total of 117 security vulnerabilities, including nine zero-day flaws, of which four are said to be under active attacks in the wild, potentially enabling an adversary to take control of affected systems.

From 117 issues:-

  • 13 are rated Critical
  • 103 are rated Important
  • 1 is rated as Moderate in severity

The following Microsoft’s products are vulnerable:-

  • including Windows
  • Bing
  • Dynamics
  • Exchange Server
  • Office
  • Scripting Engine
  • Windows DNS
  • Visual Studio Code

July also marks a dramatic jump in the volume of vulnerabilities, surpassing the number Microsoft collectively addressed as part of its updates in May (55) and June (50).

The 9 zero-day bugs fixed in windows:-

 Zero-day bugs are one of the most serious vulnerabilities that we can find in any system. These types of flaws are generally discovered by hackers before Microsoft itself, and generally (but not always) they begin to make use of them and distribute exploits until the official patch arrives.

The security flaws actively exploited are as follows:-

  1. CVE-2021-34527 (CVSS score: 8.8) – Windows Print Spooler Remote Code Execution Vulnerability (publicly disclosed as “PrintNightmare”)
  2. CVE-2021-31979 (CVSS score: 8) – Windows Kernel Elevation of Privilege Vulnerability
  3. CVE-2021-33771 (CVSS score: 8) – Windows Kernel Elevation of Privilege Vulnerability
  4. CVE-2021-34448 (CVSS score: 8) – Scripting Engine Memory Corruption Vulnerability

The other five publicly disclosed, but not exploited:-

  1. CVE-2021-34473 (CVSS score: 9.1) – Microsoft Exchange Server Remote Code Execution Vulnerability
  2. CVE-2021-34523 (CVSS score: 9.0) – Microsoft Exchange Server Elevation of Privilege Vulnerability
  3. CVE-2021-33781 (CVSS score: 1) – Active Directory Security Feature Bypass Vulnerability
  4. CVE-2021-33779 (CVSS score: 1) – Windows ADFS Security Feature Bypass Vulnerability
  5. CVE-2021-34492 (CVSS score: 1) – Windows Certificate Spoofing Vulnerability

Recommendations:

  • To install the latest security updates, Windows users can head to Start > Settings > Update & Security > Windows Update or by selecting Check for Windows updates.
  • Microsoft has strongly recommended all its users to put in all of the security updates straight away to protect the windows machines and avoid such security risks.
  • Microsoft strongly endorsed installing these protection updates for all the windows customers to keep away from the security risk and protect the windows systems.
  • To get more detail knowledge about these issue please visit: https://msrc.microsoft.com/update-guide/en- us