9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Traditionally the second Tuesday of the month is Microsoft’s “patch Tuesday”. This is the day when they roll out all the available patches for their software, and their operating systems in particular.
Since there were no less than 56 patches in this month’s issue we will focus on the most important ones. Not that 56 is an awful lot. There were more than 80 in January.
Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). The most notable CVE’s in this update were:
If you are all about prioritizing your updates, these are the ones that we recommend doing first. Everyone else is advised to install the updates at their earliest convenience.
One other notable thing is the default enabling of the Domain Controller enforcement mode. This was done to counter the effects of the ZeroLogon vulnerability which is being exploited in the wild. We already covered the full story of ZeroLogon where this change was announced.
And while you are about to start your update cycles, you may want to have a look at this one from Adobe. Because this one is already actively being exploited as well. Where Adobe was notoriously famous for the bugs in their Flash Player, which has now reached end-of-life, occasionally a vulnerability in their Reader attracts some attention.
CVE-2021-21017 is a critical heap-based buffer overflow flaw. Heap is the name for a region of a process’ memory which is used to store dynamic variables. A buffer overflow is a type of software vulnerability that exists when an area of memory within a software application reaches its address boundary and writes into an adjacent memory region. In software exploit code, two common areas that are targeted for overflows are the stack and the heap.
So, by creating a specially crafted input, attackers could use this vulnerability to write code into a memory location where they normally wouldn’t have access. In their advisory Adobe states that it has received a report that CVE-2021-21017 has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows.
Both Adobe Acrobat and Adobe Reader will automatically detect if a new version of the software is available. The program will check for a new version when you launch either Acrobat or Reader as an application and will prompt you to install a new version when it's available. IT administrators can control the update settings by using the Adobe Customization Wizard.
Stay safe, everyone!
The post Big Patch Tuesday: Microsoft and Adobe fix in-the-wild exploits appeared first on Malwarebytes Labs.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P