Patch Tuesday July: Microsoft released 117 security patches, including one vulnerabilityς απομακρυσμένης εκτέλεσης κώδικα (RCE) στον Exchange Server που βρέθηκε από τους συμμετέχοντες του διαγωνισμού Pwn2Own.
The company's latest round of updates since Redmond, typically released on the second Tuesday of each month (Patch Tuesday), includes fixes for 117 vulnerabilities that address RCE, privilege escalation, spoofing, memory corruption, and information disclosure. Thirteen of them are considered critical and nine are 0day – with four of them already live.
The productthe ones that should be updated immediately are Microsoft Office, SharePoint, Excel, Microsoft Exchange Server, Windows Defender, Windows Kernel and Windows SMB.
Some of the most interesting vulnerabilities that are addressed in this update are:
- CVE-2021-31206: Microsoft Exchange Server RCE found during Pwn2Own.
- CVE-2021-34448: A vulnerability in scripting engine memory.
- CVE-2021-34494: Windows DNS Server RCE Vulnerability.
- CVE-2021-34458: A Windows Kernel RCE.
The latest round of fixes comes just a week after Microsoft's emergency update fixed the security gap.PrintNightmare".
In total, four of the vulnerabilities - CVE-2021-34527 (PrintNightmare), CVE-2021-34448, CVE-2021-31979 and CVE-2021-33771 - are reported to be already in the public domain.
Microsoft thanked researchers at Google Security, Checkmarx, the Trend Micro Zero Day Initiative, and Fortini's FortiGuard Lab, among others, for reporting the vulnerabilities it fixed.