For yet another month, Microsoft has released its new security updates for Windows, and the rest of its products, on a new “Patch Tuesday.” We always recommend installing these security patches as soon as possible, as soon as we have the opportunity, to be able to be sure from the first moment. But, on this occasion, it is essential to install the new Windows security updates since they not only correct 44 security breaches in total (it is not the month that has corrected the most bugs) but they focus on correcting two serious vulnerabilities, PrintNightmare and PetitPotam , which are endangering millions of PCs around the world.
In total, the security bugs fixed by Microsoft in its operating system in this new patch Tuesday have been 44, of which seven have been classified as “critical”, and 37 have been considered as “important”. And, of these 44 security flaws , 13 have been of the RCE type (remote code execution), 8 of the information disclosure type, 2 of denial of service and 4 of the spoofing type.
In total, the new security patches fix 3 zero-day vulnerabilities, one of which is actively exploited by hackers. We are going to see the most serious failures in detail.
Security bugs fixed in these new security patches
Of course, the most serious flaw that this new security patch fixes is PrintNightmare, also known as CVE-2021-34527 . This security flaw is spooled on Windows systems and allows a local attacker to gain SYSTEM privileges (the highest level of permissions) on the operating system. To do this, it takes advantage of a feature known as “Point and Print” to install a malicious driver on the system, which is used to carry out the computer attack.
And we can’t forget PetitPotam either , registered as CVE-2021-36942 . This flaw is used to force any domain controller to communicate with any system, which can be used to execute functions and commands through the MS-EFSRPC API without the need to authenticate. This failure also affects all versions of Windows, from 7 to the latest version of Windows 10.
Finally, we cannot forget about the zero-day vulnerability that has an exploit and is being exploited by hackers: CVE-2021-36948 . This latest flaw is found in the Windows Update Medic Service component, and allows attackers to gain privileges within the system affected by it.
Update Windows Now
These new updates are now available to all users, completely free of charge, through Windows Update . Unless we have made changes to the Windows update tool, these new patches will be downloaded and installed automatically as soon as they are available. And, with a simple reboot, we will finish updating the PC and bringing it up to date.
We remind you that these cumulative security patches also include the quality patches released at the end of July as “optional”. These patches focus on correcting quality (non-security) issues in the operating system. And, in addition, this time they focus on improving the performance and stability of the operating system when playing.
If you don’t want to, or can’t, use Windows Update, you can download these new security patches by hand, and install them on Windows 10 2004, 20H2, and 21H1 from here .
