Microsoft Patches 3 Zero-Day Vulnerabilities
Application Security
,
Cybercrime
,
Fraud Management & Cybercrime
Intel, Adobe Roll Out Security Fixes
Microsoft’s Patch Tuesday rollout addressed two additional security issues within Windows Print Spooler, including one zero day, .
See Also: Automating Security Operations
Microsoft’s August security update covers 44 vulnerabilities, with seven rated critical. In July, the company’s update included patches for 117 vulnerabilities.
Windows Print Spooler Flaws
The new Windows Print Spooler flaws are CVE-2021-36947 and the zero-day CVE-2021-36936. They are related to the family of vulnerabilities collectively known as PrintNightmare, which were first made public in early July.
Microsoft rates the first two vulnerabilities as “exploitation more likely,” and the third vulnerability as having been publicly disclosed, says Satnam Narang, staff research engineer at Tenable.
“Because of the ubiquitous nature of the Windows Print Spooler within networks, organizations should prioritize patching these flaws as soon as possible,” Narang says.
PrintNightmare Guidance
Microsoft’s Security Response Center also published guidance on the group of flaws known as PrintNightmare, noting its investigation into the problems found the default behavior of Point and Print does not provide customers with the level of security required to protect against potential attacks.
“Today, we are addressing this risk by changing the default Point and Print driver installation and update behavior to require administrator privileges. The installation of this update with default settings will mitigate the publicly documented vulnerabilities in the Windows Print Spooler service,” Microsoft says.
Zero-Days
This month, the top priority is the Windows operating system update, says Chris Goettl, senior director of product management with the security firm Ivanti, due to the zero-day vulnerabilities found in the OS.
In addition to the Print Spooler zero-day, CVE-2021-36936, Microsoft fixed the LSA spoofing zero-day that can result in remote code execution CVE-2021-36942 and CVE-2021-36948 , an elevation of privilege issue in Windows Update Medic Service that is reportedly being exploited in the wild, Narang says.
Critical Vulnerabilities
Microsoft also covered several other critical vulnerabilities with the August Patch Tuesday rollout. None of the vulnerabilities are being exploited, but Microsoft says each has a low attack complexity, making exploitation more likely to occur.
These include:
- CVE-2021-26424 – A TCP/IP remote code execution vulnerability;
- CVE-2021-26432 – An XDR driver remote code execution vulnerability;
- CVE-2021-34480 – A scripting engine memory corruption vulnerability;
- CVE-2021-3453 – A flaw in Windows Graphics Component remote code execution vulnerability;
- CVE-2021-34534 – A Windows MSHTML Platform remote code execution vulnerability;
- CVE-2021-34535 – A Remote Desktop client remote code execution vulnerability.
Intel’s Patches
Meanwhile, chipmaker Intel issued four security advisory patches for six vulnerabilities:
- The Intel NUC 9 Extreme Laptop Kits received a fix for CVE-2021-0196, an escalation of privilege vulnerability with a high severity rating;
- The Intel NUC Pro Chassis Element Driver was patched for CVE-2021-0160, an escalation of privilege with a medium severity rating;
- The Intel Ethernet Linux Driver had three security issues CVE-2021-0084, CVE-2021-0002 and CVE-2021-0003, all with high severity ratings.
- The Intel Optane PMem received a fix for CVE-2021-0083 that could result in a denial of service situation if exploited.
Adobe Patches
Adobe‘s August Patch Tuesday contained patches for 29 security issues – 20 rated as critical – within the company’s Connect and Magento product lines.
All 20 of the critical issues are associated with the Magento e-commerce platform. The most important problems listed were improper authorization, improper input validation, server-side request forgery and an XML injection that can lead to arbitrary code execution, privilege escalation and application denial of service if exploited, Adobe says.