Microsoft has released a series of monthly security updates for its software. During the current correction round, over a hundred vulnerabilities have been fixed, five of which are classified as zero days.
It has a sleeper computer An overview of all vulnerabilities Published on its website. Five of these vulnerabilities are rated zero days, which means knowledge of the vulnerabilities was in the wild before Microsoft had a patch ready for them. A security vulnerability has already been exploited.
Actively abuse on day zero
This vulnerability was the most dangerous CVE-2021-28310. This is a vulnerability that allows attackers to gain high privileges in Windows. According to Kaspersky security researchers The exploit was already used in the wild, and presumably in conjunction with other exploits. The security firm suspects the BITTER APT group is exploiting the leaks.
Vier andere zero days
Also CVE-2021-27091 On CVE-2021-28458 Enable bugfixed privileged in the RPC Endpoint Mapper service ms-rest-nodeauthA library from Azure. Furthermore it CVE-2021-28312 A security vulnerability in NTFS and CVE-2021-28437 Windows Installer problem.
Critical weaknesses in drainage
In addition to zero days, Microsoft is also shutting down four important Exchange Server leaks. These were found by the National Security Agency. The leaks allow attackers to take over the Exchange server remotely. we have Post separate news About these leaks.
In total, Microsoft fixed 114 vulnerabilities. The company criticized 19 of these weaknesses. All patches are available through Windows Update.