Article

Microsoft Critical Patches

Description

Microsoft has released July 2021 security updates to address multiple vulnerabilities in Windows operating system and other Microsoft software including Windows Server, Exchange Server Bing, Dynamics, Office, Scripting Engine, Windows DNS, SharePoint Server, Internet Explorer, Visual Studio Code, etc.
This month, Microsoft fixed 117 security vulnerabilities, including 9 zero-day flaws, 13 rated as critical in severity, 103 rated important, and 1 rated as moderate in severity. Chief among the security flaws actively exploited are:

CVE-2021-34527 - Windows Print Spooler Remote Code Execution Vulnerability (publicly disclosed as "PrintNightmare")
CVE-2021-31979 - Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-33771 - Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-34448 - Scripting Engine Memory Corruption Vulnerability

The other five publicly disclosed, but not exploited, zero-day vulnerabilities are the following: CVE-2021-34473 , CVE-2021-34523 , CVE-2021-33781 , CVE-2021-33779 , CVE-2021-34492 . A remote attacker can exploit these vulnerabilities to take control of an unpatched system.

Recommendations

The National Cyber Security Authority (NCSA) recommends all users and system administrators to:
a. Apply the latest security patches as soon as possible to prevent malware and malicious actors from exploiting and gaining unauthorized control over unpatched systems.
To apply the latest security updates, select the Start button, and then go to Settings → Update & Security →Windows Update or simply click the icon at the taskbar to restart your device and automatically install updates;
b. Remind all users not to visit untrusted websites or follow links provided by unknown or untrusted sources;
c. Upgrade immediately to the latest supported version of installed Microsoft software in order to continue receiving technical support and security patches, if you are still using Microsoft software that have reached end-of-life such as:

Windows XP, Windows 8 and 8.1, Windows 7, Windows 10 version 1909,
Windows Server 2012, 2012 RE, 2008, 2008 RE and earlier versions,
Windows Exchange Server 2013, 2010 and earlier versions.

For further information and support, please contact the National Cyber Security Authority (NCSA) by email to rwcsirt@ncsa.gov.rw or call us on 9009

Reference

https://msrc.microsoft.com/update-guide/vulnerability

https://msrc.microsoft.com/update-guide/releaseNote/2021-Jul

https://thehackernews.com/2021/07/update-your-windows-pcs-to-patch-117.html

https://www.securityweek.com/microsoft-patches-3-under-attack-windows-zero-days

Related Files

Alert_-_Critical_Patches_Issued_for_Microsoft_Products_-_July_2021.pdf 650 KB

15 July 2021

	info@ncsa.gov.rw
	9009 / 0781813310
	‎+250 791 445 224