Microsoft Releases Patch for Actively Exploited Windows Zero-Day Vulnerability

A working day right after Apple and Google rolled out urgent safety updates, Microsoft has pushed computer software fixes as portion of its month-to-month Patch Tuesday launch cycle to plug 66 stability holes influencing Home windows and other elements these as Azure, Business office, BitLocker, and Visible Studio, together with an actively exploited zero-working day in its MSHTML Platform that arrived to mild very last 7 days.

Of the 66 flaws, three are rated Crucial, 62 are rated Critical, and a person is rated Moderate in severity. This is apart from the 20 vulnerabilities in the Chromium-primarily based Microsoft Edge browser that the company dealt with given that the start off of the month.

The most significant of the updates concerns a patch for CVE-2021-40444 (CVSS rating: 8.8), an actively exploited remote code execution vulnerability in MSHTML that leverages malware-laced Microsoft Business files, with EXPMON scientists noting “the exploit employs rational flaws so the exploitation is properly dependable.”

Also addressed is a publicly disclosed, but not actively exploited, zero-day flaw in Home windows DNS. Specified as CVE-2021-36968, the elevation of privilege vulnerability is rated 7.8 in severity.

Other flaws of be aware resolved by Microsoft include a range of remote code execution bugs in Open up Management Infrastructure (CVE-2021-38647), Windows WLAN AutoConfig Provider (CVE-2021-36965), Office (CVE-2021-38659), Visible Studio (CVE-2021-36952), and Term (CVE-2021-38656) as perfectly as a memory corruption flaw in Windows Scripting Engine (CVE-2021-26435)

What’s extra, the Windows maker has rectified three privilege escalation flaws freshly uncovered in its Print Spooler services (CVE-2021-38667, CVE-2021-38671, and CVE-2021-40447), though CVE-2021-36975 and CVE-2021-38639 (CVSS scores: 7.8), both equally of which relate to an elevation of privilege vulnerabilities in Gain32k, are outlined as ‘exploitation much more likely,’ producing it vital that people move immediately to apply the safety updates.

Software package Patches From Other Distributors

Other than Microsoft, patches have also been released by a variety of other distributors to address a number of vulnerabilities, including –

Fibo Quantum