The list of July 2021 Patch Tuesday updates looks endless. 117 patches with no less than 42 CVEs assigned to them that have FAQs, mitigations details or workarounds listed for them. Looking at the urgency levels Microsoft has assigned to them, system administrators have their work cut out for them once again:
You can find the list of CVEs that have FAQs, mitigations, or workarounds on the Microsoft July release notes page.
Six vulnerabilities were previously disclosed and four are being exploited in-the-wild, according to Microsoft. One of those CVE’s is a familiar one, 2021-34527 aka the anyone-can-run-code-as-domain-admin RCE known as PrintNightmare. Microsoft issued out-of-band patches for that vulnerability a week ago, but those were not as comprehensive as one might have hoped.
Since then, the Cybersecurity and Infrastructure Security Agency’s (CISA) has issued Emergency Directive 21-04, “Mitigate Windows Print Spooler Service Vulnerability” because it is aware of active exploitation, by multiple threat actors, of the PrintNightmare vulnerability. These directive list required actions for all Federal Civilian Executive Branch agencies.
Besides the ongoing PrintNightmare, er, nightmare, there are some others that deserve your undivided attention. Vulnerabilities being exploited in the wild, besides PrintNightmare, are:
Other vulnerabilities that are not seen exploited in the wild yet, but are likely candidates to make that list soon:
Another ongoing effort to patch vulnerable systems has to do with Microsoft Exchange Server. Flaws that were actually already patched in April have now been assigned new CVE numbers CVE-2021-34473 (Microsoft Exchange Server Remote Code Execution Vulnerability) and CVE-2021-34523 (Microsoft Exchange Server Elevation of Privilege Vulnerability). As you may remember this combo of elevation of privilege (EOP) and remote code execution (RCE) caused quite the panic when attackers started using the Exchange bugs to access vulnerable servers before establishing web shells to gain persistence and steal information.
If you applied the patches in April, you are already protected. If you didn’t, move them to the top of your to-do-list.
Two other critical vulnerabilities, and one considered important, were found in Microsoft Windows Media Foundation. Microsoft Media Foundation enables the development of applications and components for using digital media on Windows Vista and later. If you do have this multimedia platform installed on your system you are advised to apply the patches, but note that many of them include the Flash Removal Package. So do the patches for CVE-2021-34497 a critical Windows MSHTML Platform RCE vulnerability.
Stay safe, everyone!
The post Four in-the-wild exploits, 13 critical patches headline bumper Patch Tuesday appeared first on Malwarebytes Labs.