Breaking

Sep 15, 2021 2 mins, 55 secs
Microsoft today pushed software updates to plug dozens of security holes in Windows and related products, including a vulnerability that is already being exploited in active attacks.

Finally, Adobe has released critical security updates for Acrobat, Reader and a slew of other software.

In a security advisory last week, Microsoft warned attackers already are exploiting the flaw through Microsoft Office applications as well as IE.

The critical bug CVE-2021-36965 is interesting, as it involves a remote code execution flaw in “WLAN AutoConfig,” the component in Windows 10 and many Server versions that handles auto-connections to Wi-Fi networks.

“CVE-2021-28316 was a security bypass vulnerability, not remote code execution, and it has never been reported as publicly exploited,” Liska said.

Another critical weakness that enterprises using Azure should prioritize is CVE-2021-38647, which is a remote code execution bug in Azure Open Management Infrastructure (OMI) that has a CVSS Score of 9.8 (10 is the worst).

“CVE-2021-38639 and CVE-2021-36975 have also been listed as ‘exploitation more likely’ and together cover the full range of supported Windows versions,” Breem wrote.

They typically have a lower CVSS score than something like Remote Code Execution, but these local exploits can be the linchpin in the post-exploitation phases of an experienced attacker.

If we assume a determined attacker will be able to infect a victim’s device through social engineering or other techniques, I would argue that patching these is even more important than patching some other Remote Code execution vulnerabilities.”.

Apple on Monday pushed out an urgent security update to fix a “zero-click” iOS vulnerability (CVE-2021-30860) reported by researchers at Citizen Lab that allows commands to be run when files are opened on certain Apple devices.

Google also released a new version of its Chrome browser on Monday to fix nine vulnerabilities, including two that are under active attack.

If it’s been a while since you closed the browser, you might see the Update button turn from green to orange and then red.

Green means an update has been available for two days; orange means four days have elapsed, and red means your browser is a week or more behind on important updates.

Completely close and restart the browser to install any pending updates.

As it usually does on Patch Tuesday, Adobe also released new versions of Reader, Acrobat and a large number of other products.

Adobe says it is not aware of any exploits in the wild for any of the issues addressed in its updates today.

For a complete rundown of all patches released today and indexed by severity, check out the always-useful Patch Tuesday roundup from the SANS Internet Storm Center.

And it’s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: AskWoody.com usually has the lowdown on any patches that are causing problems for Windows users.

It’s not uncommon for a Windows update package to hose one’s system or prevent it from booting properly, and some updates have been known to erase or corrupt files.

And if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, see this guide.

Everything requires an account, everything’s “in the cloud,” and everything adheres to either Redmond’s, Cupertino’s, or Mountain View’s investment in prioritizing these patches and updates

Beware Social Security Fraud

RECENT NEWS

SUBSCRIBE

Get monthly updates and free resources.

CONNECT WITH US

© Copyright 2024 365NEWSX - All RIGHTS RESERVED