Patch Tuesday July: Microsoft released 117 security patches, including a remote code execution vulnerability (RCE) on Exchange Server found by Pwn2Own contestants.
The company's latest round of updates from Redmond, usually released on the second Tuesday of every month (Patch Tuesday), includes fixes for 117 vulnerabilities that address RCE, privilege escalation, spoofing, destruction μνήμηand disclosure of information. Thirteen of them are considered critical and nine are 0day – with four of them already live.
The products that should be updated immediately are Microsoft Office, SharePoint, Excel, Microsoft Exchange Server, Windows Defender, Windows Kernel and Windows SMB.
Some of the most interesting vulnerabilities that are addressed in this update are:
- CVE-2021-31206: Microsoft Exchange Server RCE found during Pwn2Own.
- CVE-2021-34448: A vulnerability in scripting engine memory.
- CVE-2021-34494: Windows DNS Server RCE Vulnerability.
- CVE-2021-34458: A Windows Kernel RCE.
The latest round of patches is coming in just over a weekteam after the emergency update from Microsoft fixed it security gap "PrintNightmare".
In total, four of the vulnerabilities - CVE-2021-34527 (PrintNightmare), CVE-2021-34448, CVE-2021-31979 and CVE-2021-33771 - are reported to be already in the public domain.
Microsoft thanked Google researchers Security, Checkmarx, the Trend Micro Zero Day Initiative, and Fortini's FortiGuard Lab, among others, for reporting the security vulnerabilities it fixed.