14 DAY TRIAL // Software giant Microsoft issued a series of 44 security updates yesterday, with one of them actively exploited in the wild, according to The Hacker News.
Microsoft announced that the 7 most critical and 37 most significant flaws in Microsoft Office, Visual Studio, Azure, Windows, .NET Core, the Microsoft Windows Codecs Library, the Microsoft Graphics Component, the Microsoft Scripting Engine, and several other Microsoft products have been fixed. Also on August 5, Microsoft patched 7 security vulnerabilities for Edge.
The highest of the fixed vulnerabilities is CVE-2021-36948 (CVSS score: 7.8), a vulnerability in Windows Update Medic Service that allows malicious programs to run with elevated privileges if exploited. Microsoft has fixed two more vulnerabilities this month, CVE-2021-36947 (CVSS 8.2) and CVE-2021-34483 (CVSS 7.8), also concerning an elevation of privilege issue.
The other security vulnerabilities are known as CVE-2021-36942 - Windows LSA Spoofing Flaw, with a CVSS score of 9.8, and CVE-2021-36936 - Windows Print Spooler Remote Code Execution Flaw with a CVSS score of 8.8.
Microsoft wants to fixe the problems before informing customers
Due to active exploitation attempts, the company decided to withhold further information about the spread of the attacks. According to Microsoft's advisory, "An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM," adding that "security update blocks the affected API calls OpenEncryptedFileRawA and OpenEncryptedFileRawW through LSARPC interface."
CVE-2021-36942 protects systems from NTLM relay attacks like PetitPotam by disabling the LSARPC interface, whereas CVE-2021-36936 patches a remote code execution vulnerability in Windows Print Spooler. A patch was also released to fix a remote code execution vulnerability (CVE-2021-34481) in the Print Spooler service (CVSS score: 8.8). A Microsoft security update named Patch Tuesday repaired a remote code execution vulnerability known as CVE-2021-26424 in Windows TCP/IP (CVSS score: 9.9). The latter enables an attacker to compromise a computer by sending a specially engineered TCP/IP packet to its host via the TCP/IP Protocol Stack (tcpip.sys).
If you are using Windows, you can get the latest security updates by going to Settings > Update & Security > Windows Update or clicking the Check for updates link in the Start menu.