Security News > 2021 > August > Actively Exploited Windows Zero-Day Gets a Patch
Microsoft has patched 51 security vulnerabilities in its scheduled August Patch Tuesday update, including seven critical bugs, two issues that were publicly disclosed but unpatched until now, and one that's listed as a zero-day that has been exploited in the wild.
"Despite its CVSS rating of 9.9, this may prove to be a trivial bug, but it's still fascinating," said Dustin Childs of Trend Micro's Zero Day Initiative in his Tuesday analysis.
The next bug, CVE-2021-26432 in Windows Services, is more likely to be exploited given its low complexity status, according to Microsoft's advisory; it doesn't require privileges or user interaction to exploit, but Microsoft offered no further details.
The bug affects many Windows 10 versions as well as Windows Server 2016 and 2019.
The final critical bug is CVE-2021-36936, a Windows Print Spooler RCE bug that's listed as publicly known.
The actively exploited bug is tracked as CVE-2021-36948 and is rated as important; it could pave the way for RCE via the Windows Update Medic Service in Windows 10 and Server 2019 and newer operating systems.
News URL
https://threatpost.com/exploited-windows-zero-day-patch/168539/
Related news
- New Windows zero-day exposes NTLM credentials, gets unofficial patch (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
- New Windows Server 2012 zero-day gets free, unofficial patches (source)
- Microsoft says premature patch could make Windows Recall forget how to work (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-12 | CVE-2021-36948 | Unspecified vulnerability in Microsoft products Windows Update Medic Service Elevation of Privilege Vulnerability | 0.0 |
| 2021-08-12 | CVE-2021-36936 | Unspecified vulnerability in Microsoft products Windows Print Spooler Remote Code Execution Vulnerability | 0.0 |
| 2021-08-12 | CVE-2021-26432 | Unspecified vulnerability in Microsoft products Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability | 0.0 |