Skip to main content

Update Your Windows Computers to Patch 6 New In-the-Wind Zero-Day Bugs.



Microsoft on Tuesday released another round of security updates for Windows operating system and other supported software, squashing 50 vulnerabilities, including six zero-days that are said to be under active attack.
The flaws were identified and resolved in Microsoft Windows, .NET Core and Visual Studio, Microsoft Office, Microsoft Edge (Chromium-based and EdgeHTML), SharePoint Server, Hyper-V, Visual Studio Code - Kubernetes Tools, Windows HTML Platform, and Windows Remote Desktop.
Of these 50 bugs, five are rated Critical, and 45 are rated Important in severity, with three of the issues publicly known at the time of release. The vulnerabilities that being actively exploited are listed below -

CVE-2021-33742 (CVSS score: 7.5) - Windows MSHTML Platform Remote Code Execution Vulnerability

CVE-2021-33739 (CVSS score: 8.4) - Microsoft DWM Core Library Elevation of Privilege Vulnerability

CVE-2021-31199 (CVSS score: 5.2) - Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability

CVE-2021-31201 (CVSS score: 5.2) - Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability

CVE-2021-31955 (CVSS score: 5.5) - Windows Kernel Information Disclosure Vulnerability

CVE-2021-31956 (CVSS score: 7.8) - Windows NTFS Elevation of Privilege Vulnerability

Microsoft didn't disclose the nature of the attacks, how widespread they are, or the identities of the threat actors exploiting them. But the fact that four of the six flaws are privilege escalation vulnerabilities suggests that attackers could be leveraging them as part of an infection chain to gain elevated permissions on the targeted systems to execute malicious code or leak sensitive information.
The Windows maker also noted that both CVE-2021-31201 and CVE-2021-31199 address flaws related to CVE-2021-28550, an arbitrary code execution vulnerability rectified by Adobe last month that it said was being "exploited in the wild in limited attacks targeting Adobe Reader users on Windows."
Google's Threat Analysis Group, which has been acknowledged as having reported CVE-2021-33742 to Microsoft, said "this seem[s] to be a commercial exploit company providing capability for limited nation state Eastern Europe / Middle East targeting."
Russian cybersecurity firm Kaspersky, for its part, detailed that CVE-2021-31955 and CVE-2021-31956 were abused in a Chrome zero-day exploit chain (CVE-2021-21224) in a series of highly targeted attacks against multiple companies on April 14 and 15. The intrusions were attributed to a new threat actor dubbed "PuzzleMaker."
"While we were not able to retrieve the exploit used for remote code execution (RCE) in the Chrome web browser, we were able to find and analyze an elevation of privilege (EoP) exploit that was used to escape the sandbox and obtain system privileges," Kaspersky Lab researchers said.
Elsewhere, Microsoft fixed numerous remote code execution vulnerabilities spanning Paint 3D, Microsoft SharePoint Server, Microsoft Outlook, Microsoft Office Graphics, Microsoft Intune Management Extension, Microsoft Excel, and Microsoft Defender, as well as several privilege escalation flaws in Microsoft Edge, Windows Filter Manager, Windows Kernel, Windows Kernel-Mode Driver, Windows NTLM Elevation, and Windows Print Spooler.
To install the latest security updates, Windows users can head to Start > Settings > Update & Security > Windows Update or by selecting Check for Windows updates.

Software Patches From Other Vendors.

Alongside Microsoft, a number of other vendors have also released a slew of patches on Tuesday.


#THN


#osutayusuf 

Comments

Popular posts from this blog

We Bring You Brief Series of Sanctions Against Uganda Government Officials.

📸: Gen Abel Kandiho. On 9-December-2021, USA slapped sanctions against the then CMI Commander Gen Abel Kandiho. 📸: Gen Kale Kayihura. On 9-December-2022, UK slapped sanctions against former Police Boss Gen Kale Kayihura. 📸: Commissioner General of Prisons, Johnson Byabashaija. Again on this 4-December-2023, the same USA has slapped sanctions against Uganda Prisons Commander Johnson Byabashaija over alleged torture and human rights abuses in Prisons across Uganda. We ask, has USA and UK made December as an LCM to slap sanctions against high ranking government officials in Uganda even when the sanctions just remain on paper without deeper investigations to ascertain logical conclusions or remedy to that effect ?. #iip_updates  #Information_is_Power  #we_inform_the_uninformed

How to Host a Website for Free From Your PC or Laptop.

Why pay for a web hosting service when your old computer can do the same thing? Learn how to self-host your site. If you're planning to launch a website but don't want to pay recurring monthly or annual hosting fees, you can use any old laptop or desktop PC to host a website for free. It's a great way to utilize your old system instead of throwing it away. In this guide, we will install and set up services on our 10-year-old laptop to host a WordPress, Joomla, or custom HTML or PHP-based website with a free SSL certificate. MAKEUSEOF VIDEO OF THE DAY Things You Will Need to Host a Website Following are the pre-requisites to host a website for free from home with just your computer: An old laptop or PC running Ubuntu Server. A registered domain name for your website Ethernet cable to connect the laptop or PC to router for reliable and fast connection Step 1: Update and Upgrade the Packages After  installing Ubuntu Server on your computer , execute the following c...

WHERE IS MINISTER OF SEX SIMON LOKODO?. (He deserves a battle of soda from me! Ministe`r esalanga mabee. He is quick to run after Mrs Dr Stella Nyanzi and other Opposition elements. Government aza aza edo zuu vaa kpere bua). Anyway, below is the article! POLICE OFFICER AKOL ESTHER CHARGED OF BEING A PUBLIC NUISANCE Naughty Officer Officer who embarrassed police after leaking nude photo charged 13.03.2018 She serves in the 'Very Important Persons Protection Unit'  Akol Esther  (Courtesy) A female police officer whose nude photo surfaced on social media has been charged of being a public nuisance. Akol Esther serves in the Very Important Persons Protection Unit (VIPPU) of the police force. Kampala Metropolitan Police spokesperson Luke Owoyesigire says Akol Esther might be demoted or expelled from the police force if found guilty of circulating nude photos. Police court is yet to announce date when Akol Esther is expected to appear for a hearing. This comes at a time when Pornography Control Committee is taking tough measures against persons circulating pornography content. The committee warned and promised to arrest persons who will circulate pornographic content.

POLICE OFFICER AKOL ESTHER CHARGED OF BEING A PUBLIC NUISANCE Naughty Officer Officer who embarrassed police after leaking nude photo charged 13.03.2018 She serves in the 'Very Important Persons Protection Unit' Akol Esther  (Courtesy) A female police officer whose nude photo surfaced on social media has been charged of being a public nuisance. Akol Esther serves in the Very Important Persons Protection Unit (VIPPU) of the police force. Kampala Metropolitan Police spokesperson Luke Owoyesigire says  Akol Esther might be demoted or expelled from the police force if found guilty of circulating nude photos . Police court is yet to announce date when Akol Esther is expected to appear for a hearing. This comes at a time when Pornography Control Committee is taking tough measures against persons circulating pornography content. The committee warned and promised to arrest persons who will circulate pornographic content.