Microsoft Releases Windows Updates to Patch Actively Exploited Vulnerability
Microsoft on Tuesday rolled out security updates to address a total of 44 security issues affecting its software products and services, one of which it says is an actively exploited zero-day in the wild.
The update, which is the smallest release since December 2019, squashes seven Critical and 37 Important bugs in Windows, .NET Core & Visual Studio, Azure, Microsoft Graphics Component, Microsoft Office, Microsoft Scripting Engine, Microsoft Windows Codecs Library, Remote Desktop Client, among others. This is in addition to seven security flaws it patched in the Microsoft Edge browser on August 5.
Chief among the patched issues is CVE-2021-36948 (CVSS score: 7.8), an elevation of privilege flaw affecting Windows Update Medic Service — a service that enables remediation and protection of Windows Update components — which could be abused to run malicious programs with escalated permissions.
Microsoft's Threat Intelligence Center has been credited with reporting the flaw, although the company refrained from sharing additional specifics or detail on how widespread those attacks were in light of active exploitation attempts.
Two of the security vulnerabilities are publicly known at the time of release:
- CVE-2021-36942 (CVSS score: 9.8) IndustryVulnerability
- CVE-2021-36936 (CVSS score: 8.8) IndustryVulnerability
While CVE-2021-36942 contains fixes to secure systems against NTLM relay attacks like PetitPotam by blocking the LSARPC interface, CVE-2021-36936 resolves yet another remote code execution flaw in the Windows Print Spooler component.
“An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM,” Microsoft said in its advisory for CVE-2021-36942; adding the “security update blocks the affected API calls OpenEncryptedFileRawA and OpenEncryptedFileRawW through LSARPC interface.”
CVE-2021-36936 is also one among the three flaws in the Print Spooler service that Microsoft has fixed this month, with the two other vulnerabilities being CVE-2021-36947 and (CVSS score: 8.2) and CVE-2021-34483 (CVSS score: 7.8), the latter of which concerns an elevation of privilege vulnerability.
In addition, Microsoft has released security updates to resolve a previously disclosed remote code execution in the Print Spooler service tracked as CVE-2021-34481 (CVSS score: 8.8). This changes the default behavior of the “Point and Print” feature, effectively preventing non-administrator users from installing or updating new and existing printer drivers using drivers from a remote computer or server without first elevating themselves to an administrator.
Another critical flaw remediated as part of patch Tuesday updates is CVE-2021-26424 (CVSS score: 9.9), a remote code execution vulnerability in Windows TCP/IP, which Microsoft notes “is remotely triggerable by a malicious Hyper-V guest sending an ipv6 ping to the Hyper-V host. An attacker could send a specially crafted TCP/IP packet to its host utilizing the TCP/IP Protocol Stack (tcpip.sys) to process packets.”
To install the latest security updates, Windows users can head to Start > Settings > Update & Security > Windows Update or by selecting Check for Windows updates.