Security News > 2021 > July > July 2021 Patch Tuesday: Microsoft fixes 4 actively exploited bugs

Microsoft has fixed 117 CVEs, 4 of which are actively exploited.
"A pair of Windows kernel privilege elevation flaws should also be high on the patch list as they are being actively exploited. These are exactly the type of vulnerabilities in the ransomware attack toolkit, allowing threat actors to boost their user level from user to admin, for greater control over the environment. Admins should keep an eye on existing and new accounts for suspicious activity."
Security researcher Omer Tsarfati says that Microsoft's patch may not fully mitigate the issue.
To mark the July 2021 Patch Tuesday, Adobe has addressed 29 CVEs, most of which are critical.
"Since there are only two updated HotNews Notes and two new High Priority Notes, SAP's July Patch Day can be considered a fairly uneventful patch day," Onapsis researcher Thomas Fritsch commented, but warned that a note's CVSS score does not necessarily take into account the worst case scenario.
Intel has released one security advisory on this July 2021 Patch Tuesday: for an escalation of privilege vulnerability in the customer build time configuration for the Intel BIOS Shared SW Architecture Design for Test feature.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/giOv-WVLn0M/
Related news
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- March 2025 Patch Tuesday forecast: A return to normalcy (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Week in review: Probing activity on Palo Alto Networks GlobalProtect portals, Patch Tuesday forecast (source)
- April's Patch Tuesday leaves unlucky Windows Hello users unable to login (source)