Patch Tuesday July: The Microsoft released 117 security patches, including a remote code execution (RCE) vulnerability in Exchange Server found by Pwn2Own contest participants.
The company's latest round of updates from Redmond, usually released on the second Tuesday of every month (Patch Tuesday), includes fixes for 117 vulnerabilities that address RCE, privilege escalation, spoofing, memory corruption, and information disclosure. Thirteen of these are considered critical and nine are 0day – with four of them already live.
The products that should be updated immediately are Microsoft Office, SharePoint, Excel, Microsoft Exchange Server, Windows Defender, Windows Kernel and Windows SMB.
Μερικές από τις πιο ενδιαφέρουσες vulnerabilities που επιλύονται σε αυτήν την ενημέρωση είναι:
- CVE-2021-31206: Microsoft Exchange Server RCE found at duration by Pwn2Own.
- CVE-2021-34448: A vulnerability in scripting engine memory.
- CVE-2021-34494: Windows Vulnerability DNS Server RCE.
- CVE-2021-34458: A Windows Kernel RCE.
The latest round of patches is coming in just over a weekteam after the emergency update from Microsoft that fixed the security gap "PrintNightmare".
In total, four of the vulnerabilities - CVE-2021-34527 (PrintNightmare), CVE-2021-34448, CVE-2021-31979 and CVE-2021-33771 - are reported to be already in the public domain.
Microsoft thanked Google Security researchers, Checkmarx, its Trend Micro Zero Day Initiative and Fortini's FortiGuard Lab, among others for reporting the security vulnerabilities it fixed.