Microsoft has fixed a total of 60 vulnerabilities this month, including two publicly disclosed 0-days. Fortunately there are only a few issues rated critical this month with the vast majority of the remainder being rated important. Here’s three big things you can go patch right now.
MSHTML Remote Code Execution 0-day (CVE-2021-40444)
The hot topic this month is the most recent remote code execution 0-day vulnerability in MSHTML. When it was first discovered it was only being used in a limited number of attacks, however this quickly changed once instructions for exploiting the vulnerability were published online. This vulnerability was severe enough to warrant publishing patches for older operating systems including Windows 7, Windows Server 2008 R2, and Windows Server 2008. Now that updates have been published for this vulnerability they should be applied as soon as possible.
Windows DNS Local Elevation of Privilege (CVE-2021-36968)
This is the second publicly disclosed vulnerability updated this month. While the details surrounding this CVE are sparse, we do know that Microsoft has not detected exploitation in the wild.
Updates to PrintNightmare (CVE-2021-1678)
Microsoft has made additional patches available for older operating systems. If you were previously unable to patch against this vulnerability you may want to review this new information.
Summary Graphs
Summary Tables
Azure Vulnerabilities
CVE
Title
Exploited
Disclosed
CVSS3
FAQ
CVE-2021-38647
Open Management Infrastructure Remote Code Execution Vulnerability
No
No ..
Support the originator by clicking the read the rest link below.
