Microsoft Releases Windows Updates to Patch Actively Exploited Vulnerability

0
Windows Updates - Techvivi.com

Microsoft has released security upgrades to address 44 security problems affecting its software and services. The upgrade, the lightest since December 2019, fixes seven Major and 37 Important issues in various different components. These components include Microsoft Windows,.NET Core & Visual Studio, Azure, and many other things. This comes on top of the seven security issues fixed in the Microsoft Edge browser on August 5. CVE-2021-36948  is a critical elevation of privilege bug affecting the Windows Updates Medic Service. Additionally, this might be exploited to run malicious programmes with elevated rights. Windows Update Medic Service is a service that facilitates the rehabilitation and protection of Windows Update components. Microsoft’s Threat Intelligence Center was credited with identifying the weakness. Although, the corporation declined to share any data on how prevalent those attacks were in light of active exploitation attempts.

Windows Updates- 17 Desktop for Mac: In a Parallels universe with Windows 11 on M1 silicon

While CVE-2021-36942 offers remedies to protect computers from NTLM various attacks such as Petit Potam by blocking the LSARPC interface. CVE-2021-36936 fixes yet another remote code execution weakness in the Windows Print Spooler component.

Microsoft Windows Updates- Announcement

Microsoft said during a CVE-2021-36942 advisory – “An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM”. The company adds that the “security update blocks the affected API calls Open Encrypted File Raw -A and Open Encrypted File Raw -W through the LSARPC interface.”

CVE-2021-36936 is also one of three problems in Microsoft’s Print Spooler service. However, this was repaired this month. The other two being CVE-2021-36947 and CVE-2021-34483. The latter is indeed an elevation of privilege vulnerability.

Furthermore, Microsoft has provided software updates to address a previously disclosed remote code vulnerability in the Print Spooler service. This is in the list as CVE-2021-34481. This modifies the “Point and Print” feature’s default setting; essentially preventing non-administrator users from installing or upgrading existing. Additionally, new printer drivers are utilizing drivers from a distant computer or server before even upgrading to an administrator.

Microsoft Windows Updates- Know More

CVE-2021-26424 (CVSS score: 9.9), a remote code execution vulnerability in Windows TCP/IP. This is another major weakness. According to Microsoft “A malicious Hyper-V guest can remotely trigger this by sending an IPv6 ping to the Hyper-V host. Additionally, An intruder might use the TCP/IP Network Protocols (tcpip.sys) to process packets and transmit a specially designed TCP/IP packet to its host”.

To install the latest security updates, Windows users can go ahead with this method:

1 Step : Click on Start

2 Step: Go to Settings

3 Step: Tap on Update & Security

4 Step: Now. select Windows Update or Check for Windows updates.

Final Note

Microsoft released security patches to address 44 security concerns affecting its apps and hardware. In this article, you can understand how to install the latest security updates. I hope this article have provided you all the information on the topic.

Also Read

A sneak peek at the new Microsoft Teams for Windows 10 and Windows 11

How to get Roblox to look like mobile on Windows computer

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here