This month’s relatively humble bundle of security updates fixes 56 vulnerabilities, including a zero-day bug and 11 flaws rated as critical
Yesterday was the second Tuesday of the month, which means that Microsoft is rolling out patches for security vulnerabilities found in Windows and its other products. This year’s second batch of security updates brings fixes for 56 vulnerabilities, including a zero-day flaw that is being actively exploited in the wild.
The elevation of privilege flaw vulnerability, tracked as CVE-2021-1732 and ranked as “important” on the Common Vulnerability Scoring System (CVSS) scale, resides in Windows’ Win32k kernel component. According to the SANS Technology Institute, it is a local vulnerability and “an attacker would have to have local access to the machine (console or SSH for example) or rely on user interaction, like a user opening a malicious document.”
The security loophole a prompted a response from the Cybersecurity and Infrastructure Security Agency (CISA) which issued a security advisory: “CISA encourages users and administrators to review Microsoft Advisory for CVE-2021-1732 and apply the necessary patch to Windows 10 and Windows 2019 servers.”
Beyond the zero-day bug, the latest round of updates also includes fixes for 11 security flaws that received the highest ranking of “critical”, while 6 security holes are listed as publicly known at the time of the release. The vast majority of the rest were ranked as “impor ..
Support the originator by clicking the read the rest link below.
