Application Security , Cybercrime , Fraud Management & Cybercrime

Microsoft Patches 3 Zero-Day Vulnerabilities

Intel, Adobe Roll Out Security Fixes
Microsoft Patches 3 Zero-Day Vulnerabilities

Microsoft's Patch Tuesday rollout addressed two additional security issues within Windows Print Spooler, including one zero day, .

See Also: The State of Organizations' Security Posture as of Q1 2018

Microsoft's August security update covers 44 vulnerabilities, with seven rated critical. In July, the company's update included patches for 117 vulnerabilities.

Windows Print Spooler Flaws

The new Windows Print Spooler flaws are CVE-2021-36947 and the zero-day CVE-2021-36936. They are related to the family of vulnerabilities collectively known as PrintNightmare, which were first made public in early July.

Microsoft rates the first two vulnerabilities as "exploitation more likely," and the third vulnerability as having been publicly disclosed, says Satnam Narang, staff research engineer at Tenable.

"Because of the ubiquitous nature of the Windows Print Spooler within networks, organizations should prioritize patching these flaws as soon as possible," Narang says.

PrintNightmare Guidance

Microsoft's Security Response Center also published guidance on the group of flaws known as PrintNightmare, noting its investigation into the problems found the default behavior of Point and Print does not provide customers with the level of security required to protect against potential attacks.

"Today, we are addressing this risk by changing the default Point and Print driver installation and update behavior to require administrator privileges. The installation of this update with default settings will mitigate the publicly documented vulnerabilities in the Windows Print Spooler service," Microsoft says.

Zero-Days

This month, the top priority is the Windows operating system update, says Chris Goettl, senior director of product management with the security firm Ivanti, due to the zero-day vulnerabilities found in the OS.

In addition to the Print Spooler zero-day, CVE-2021-36936, Microsoft fixed the LSA spoofing zero-day that can result in remote code execution CVE-2021-36942 and CVE-2021-36948 , an elevation of privilege issue in Windows Update Medic Service that is reportedly being exploited in the wild, Narang says.

Critical Vulnerabilities

Microsoft also covered several other critical vulnerabilities with the August Patch Tuesday rollout. None of the vulnerabilities are being exploited, but Microsoft says each has a low attack complexity, making exploitation more likely to occur.

These include:

  • CVE-2021-26424 - A TCP/IP remote code execution vulnerability;
  • CVE-2021-26432 - An XDR driver remote code execution vulnerability;
  • CVE-2021-34480 - A scripting engine memory corruption vulnerability;
  • CVE-2021-3453 - A flaw in Windows Graphics Component remote code execution vulnerability;
  • CVE-2021-34534 - A Windows MSHTML Platform remote code execution vulnerability;
  • CVE-2021-34535 - A Remote Desktop client remote code execution vulnerability.

Intel's Patches

Meanwhile, chipmaker Intel issued four security advisory patches for six vulnerabilities:

  • The Intel NUC 9 Extreme Laptop Kits received a fix for CVE-2021-0196, an escalation of privilege vulnerability with a high severity rating;
  • The Intel NUC Pro Chassis Element Driver was patched for CVE-2021-0160, an escalation of privilege with a medium severity rating;
  • The Intel Ethernet Linux Driver had three security issues CVE-2021-0084, CVE-2021-0002 and CVE-2021-0003, all with high severity ratings.
  • The Intel Optane PMem received a fix for CVE-2021-0083 that could result in a denial of service situation if exploited.

Adobe Patches

Adobe's August Patch Tuesday contained patches for 29 security issues - 20 rated as critical - within the company's Connect and Magento product lines.

All 20 of the critical issues are associated with the Magento e-commerce platform. The most important problems listed were improper authorization, improper input validation, server-side request forgery and an XML injection that can lead to arbitrary code execution, privilege escalation and application denial of service if exploited, Adobe says.


About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to Forbes.com, TheStreet and Mainstreet.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.