Patch Tuesday July: Microsoft released 117 security patches, including a remote code execution vulnerability (RCE) on Exchange Server found by Pwn2Own contestants.
The latest round of company updates from Redmond, usually released on the second Tuesday of each month (Patch Tuesday), includes fixes for 117 vulnerabilities facing RCE, scaling privileges, forgery, memory corruption and information disclosure. Thirteen of them are considered critical and nine are 0day - with four of them already in circulation.
The products that should be updated immediately are Microsoft Office, SharePoint, Excel, Microsoft Exchange Server, Windows Defender, Windows Kernel and Windows SMB.
Some of the most interesting vulnerabilities that are addressed in this update are:
- CVE-2021-31206: Microsoft Exchange Server RCE found during Pwn2Own.
- CVE-2021-34448: A vulnerability in scripting engine memory.
- CVE-2021-34494: Windows DNS Server RCE Vulnerability.
- CVE-2021-34458: A Windows Kernel RCE.
The latest round of fixes comes just a week after Microsoft's emergency update fixed the security gap.PrintNightmare".
In total, four of the vulnerabilities - CVE-2021-34527 (PrintNightmare), CVE-2021-34448, CVE-2021-31979 and CVE-2021-33771 - are reported to be already in the public domain.
Microsoft thanked researchers at Google Security, Checkmarx, the Trend Micro Zero Day Initiative and Fortini's FortiGuard Lab, among others, for reporting security vulnerabilities.