Microsoft has patched a host of vulnerabilities, including three rated “critical” and one actively being exploited by nation state threat actors.
Microsoft came out swinging this month with a loaded Patch Tuesday, patching 74 vulnerabilities across 43 products and technologies.
This includes three critical vulnerabilities, a slew of Remote Code Execution (RCE) vulnerabilities, and some under active exploit.
– CVE-2021-40449 – A use-after-free zero-day in the Win32 kernel driver. Kaspersky researchers identified nation-state threat actors utilizing this vulnerability as a privilege escalation method in their Remote Access Trojan (RAT).
– A critical Remote Code Execution vulnerability impacting Exchange servers.
– Two HyperV Remote Code Execution Vulnerabilities (CVE-2021-40461 and CVE-2021-38672), which ThreatPost reports can also allow for the VM guest to escape restrictions preventing it from tampering with the host.
– A fix for PrintNightmare (CVE-2021-36970), whose previous patch did not resolve the issue.
– Other notable Remote Code Execution Vulnerabilities:
- Word/Office/Sharepoint (CVE-2021-40486),
- SharePoint Server (CVE-2021-40487) and
- DNS Servers (CVE-2021-40469).
An extensive writeup has been provided by ThreatPost.
The extensive list of impacted products is listed on the Microsoft Patch Tuesday Notes.
It is urgent that affected systems be updated as soon as possible.
Microsoft’s Patch Tuesday Notes
CISA Patch Tuesday Advisory
ThreatPost Patch Tuesday Writeup
Kaspersky Documenting MysterySnail RAT