Security News > 2021 > October > Microsoft patches actively exploited Windows zero-day (CVE-2021-40449)
"Although Microsoft lists user interaction required, the Preview Pane is also listed as an attack vector. This creates a much larger attack surface. When combined with a privilege escalation - like the one currently under active attack - this could be used to take over a target system," noted Dustin Childs, with Trend Micro's Zero Day Initiative.
CVE-2021-26427 is a Microsoft Exchange Server RCE vulnerability that has the highest CVSS score this month.
"We don't often highlight information disclosure bugs, but this vulnerability goes beyond just dumping random memory locations. This bug could allow an attacker to recover cleartext passwords from memory, even on Windows 11.".
Finally, Satnam Narang, staff research engineer at Tenable pointed out CVE-2021-36970, a spoofing vulnerability in Microsoft's Windows Print Spooler, as worthy of a quick fix.
Which vulnerabilities should be remediated first? It depends on which Microsoft solutions an organization uses, the severity of the vulnerabilities and the likelihood of a vulnerability getting exploited sooner rather than later.
"We always recommend patching anything that is being actively exploited first. Privilege escalation vulnerabilities always score lower than remote code execution, but are more commonly used by attackers once they have that initial access, so do not let the raw CVSS score be your priority order!".
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/mrzZVQ_EZAg/
Related news
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- Microsoft testing Windows 11 support for third-party passkeys (source)
- Microsoft asks Windows Insiders to try out the controversial Recall feature (source)
- Microsoft blocks Windows 11 24H2 on some PCs with USB scanners (source)
- Security? We've heard of it: How Microsoft plans to better defend Windows (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
- New Windows Server 2012 zero-day gets free, unofficial patches (source)
- Microsoft says premature patch could make Windows Recall forget how to work (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-10-13 | CVE-2021-36970 | Unspecified vulnerability in Microsoft products Windows Print Spooler Spoofing Vulnerability | 0.0 |
2021-10-13 | CVE-2021-26427 | Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 0.0 |