If you haven't already, go ahead and install the latest Patch Tuesday update. Then come back and read about the significance of this issue - At least 87 vulnerabilities have been fixed in many Microsoft products. This includes the infamous PrintNightmare bug and Office Zero Day vulnerabilities that are actively exploited in nature.
Tuesday Update This month may seem light, but don't let that fool you. Microsoft has included fixes for at least 67 vulnerabilities - 87 if you count the many Chromium-based Microsoft Edge bug fixes. These bugs affect many Microsoft products, including Windows, Windows DNS, Windows Subsystem for Linux, Visual Studio, Office, SharePoint Server, Edge, and Azure.
Most importantly, the office update does not cancel any day. The flaw (CVE-2021-40444) that hackers are actively using. The news first surfaced a week ago, but Microsoft was unable to release an out-of-the-box patch at that time. This is an attack method that uses malicious Office files and it is very easy and 100% reliable. By opening a file, Office takes users to a webpage via Internet Explorer, which automatically downloads malware to your computer.
This abuse is possible due to errors in the Microsoft Office MSHTML component. Send browser pages inside a Word file. Windows 7, Windows 10, and Windows Server 2008 and later versions are all affected.
There are also security updates for CVEs that affect the common Windows-CVE-2021 file system driver. -36955, CVE-2021-36963, and CVE-2021-38633. These are vulnerabilities that could allow an attacker (such as a ransomware operator) to make changes to your computer and affect all versions of Windows. Fortunately, there is no evidence that they are abused in nature.
In addition, Microsoft has fixed four recently discovered bug fixes in the Print Spooler service in Windows 10. These instances are logged under CVE. -2021-38667, CVE-2021-36958, CVE-2021-38671, and CVE-2021-40447.
Companies running Windows 7, Windows Server 2008, and Windows Server 2008 R2 should also install this patch, as this troubleshooting includes CVE-2021-36968 - a special vulnerability in the easy-to-use Windows DNS It operates and does not require user intervention.
Other companies have also released security updates that users should install as soon as possible. Apple has updates that address major non-zero-button vulnerabilities across all operating systems. Adobe has several security updates that affect its Creative Cloud products. Google has fixed important bugs in Android. Security teams should review the latest security updates from Cisco, SAP, Citrix, Siemens, Schneider Electric, Oracle Linux, SUSE, and Red Hat.
Patch Tuesday Microsoft is fixing more than 80 vulnerabilities in Windows, Office, Edge, and more