This month’s Microsoft Patch Tuesday addresses 56 vulnerabilities, of which 11 are rated as Critical. Adobe released patches today for Reader, Acrobat, Magento, Photoshop, Animate, Illustrator, and Dreamweaver.
Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074 and CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086). While there is no evidence that these vulnerabilities are exploited in wild, these vulnerabilities should be prioritized given their impact.
Microsoft released patches to fix a remote code execution vulnerability in Windows Fax Service (CVE-2021-24077). This vulnerability has a CVSSv3 base score of 9.8 and should be prioritized for patching.
Microsoft released patches to fix a remote code execution vulnerability in Windows DNS Server (CVE-2021-24078). This vulnerability has a CVSSv3 base score of 9.8 and should be prioritized for patching.
Microsoft released updates to fix a local privilege escalation vulnerability in Win32K (CVE-2021-1732). This vulnerability is reportedly exploited in the wild and should be prioritized for patching.
Microsoft Office vulnerabilities should be prioritized for workstation-type devices.
Adobe issued patches today covering multiple vulnerabilities in Adobe Reader, Acrobat, Magento, Photoshop, Animate, Illustrator, and Dreamweaver. Patching Adobe Acrobat and Reader should be prioritized as Adobe has received reports of CVE-2021-21017 exploited in wild targeting Adobe Reader users on Windows.
Patch Tuesday QIDs are published at Security Alerts, typically late in the evening of Patch Tuesday, followed shortly after by PT dashboards.