Once again we have reached the second Tuesday of the month . As usual, Microsoft (and other companies) have taken the opportunity to launch a series of security patches for their products with which to correct all the vulnerabilities and security flaws detected in recent weeks. Normally it is advisable to install these patches as soon as possible to be protected, but on this occasion, the installation of the new patches is urgent, since they cover a total of 9 vulnerabilities of the 0-day type , known security flaws and exploited by pir-tes through from Internet.
In total, Microsoft’s new security patches address 117 vulnerabilities in all of the company’s products that are still supported. Of these 117 failures, 44 are of the remote code execution type, 32 allow gaining privileges within the system, 14 reveal sensitive equipment information, 12 cause denials of service in the system or its programs, 8 evade security measures and the last 7 served as support to exploit other vulnerabilities.
The 9 zero-day bugs fixed in Windows
Zero-day failures are one of the most serious vulnerabilities that we can find in any system. These types of flaws are generally discovered by hackers before Microsoft itself, and generally (but not always) they begin to make use of them and distribute exploits until the official patch arrives.
The vulnerabilities of this type that have been corrected in these new patches are:
- CVE-2021-34492 . Vulnerability to spoof digital certificates. Flaw revealed but not exploited.
- CVE-2021-34523 . Elevation of privileges in Microsoft Exchange Server. Flaw revealed but not exploited.
- CVE-2021-34473 . Remote code execution on Microsoft Exchange Server. Flaw revealed but not exploited.
- CVE-2021-33779 . Bypassing Windows ADFS security measures. Flaw revealed but not exploited.
- CVE-2021-33781 . Bypassing security measures in Active Directory. Flaw revealed but not exploited.
- CVE-2021-34527 . Controversial flaw in Windows printers that allows remote code to be executed. Bug revealed and exploited.
- CVE-2021-33771 . Elevation of privileges within the Windows Kernel. Undisclosed but exploited bug.
- CVE-2021-34448 . Memory corruption in Windows script engine. Undisclosed but exploited bug.
- CVE-2021-31979 . Elevation of privileges within the Windows Kernel. Undisclosed but exploited bug.
Of all these security flaws, the most serious and controversial is the failure of the printers. Christened PrintNightmare , this vulnerability has been exploited on a massive scale for weeks. Microsoft released an emergency patch to temporarily mitigate the bug a week ago (a useless patch), and has now released the full patch. It will be necessary to see if this time, finally, this vulnerability stops being a nightmare.
Update your PC right now
The new security updates are available for all versions of Windows that are still supported. These are:
- Windows 7 (paid extended support): fixes 30 vulnerabilities, 3 of them critical and 27 important.
- Windows 8.1 : fixes 39 vulnerabilities, 3 critical and 36 important.
- Windows 10 version 1903 and 1909; they fix 67 vulnerabilities, 5 of them critical and 62 important.
- Windows 10 version 2004, 20H2 and 21H1: fixes 68 vulnerabilities, 4 critical and 64 important.
Corresponding editions of Windows Server have also received their share of patches to protect servers.
Security updates can be downloaded and installed on the PC through Windows Update, or manually from their corresponding links to the Microsoft Update catalog:
- KB5004289 : Cumulative patch for Windows 7.
- KB5004298 : Cumulative patch for Windows 8.1
- KB5004245 : Patch for Windows 10 version 1909.
- KB5004237 : Patch for Windows 10 versions 2004, 20H2 and 21H1.
We remind you that this update also includes the latest quality patches released at the end of last month. But this time, there should be no more problems, although we won’t know until the next few days.