Security News > 2021 > July > Microsoft Patches 3 Under-Attack Windows Zero-Days
Microsoft's embattled security response unit is urging Windows fleet administrators to prioritize fixes for three documented vulns that have already been exploited in live malware attacks.
In all, Microsoft documented 117 vulnerabilities in the Windows ecosystem, some dangerous enough to expose users to remote code execution attacks.
The security fixes cover problems in a range of products, including Microsoft Office, Microsoft Exchange Server, Bing, SharePoint Server, Internet Explorer, Visual Studio and OpenEnclave.
The massive patch bundle comes less than a week after Microsoft released an emergency patch to address the 'PrintNightmare' Windows Print Spooler zero-day.
Security experts have noted problems with Redmond's newest Print Spooler patch but Microsoft insists the fix works as intended.
Separately, Adobe issued multiple security advisories with patches for critical vulnerabilities in a wide range of software products, including the ever-present Adobe Acrobat and Reader application.
News URL
Related news
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks (source)
- Microsoft has finally fixed Date & Time bug in Windows 11 (source)
- Microsoft shares workaround for Windows security update issues (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Windows 10 KB5051974 update force installs new Microsoft Outlook app (source)