Security News > 2021 > October > Microsoft patches actively exploited Windows zero-day (CVE-2021-40449)

"Although Microsoft lists user interaction required, the Preview Pane is also listed as an attack vector. This creates a much larger attack surface. When combined with a privilege escalation - like the one currently under active attack - this could be used to take over a target system," noted Dustin Childs, with Trend Micro's Zero Day Initiative.

CVE-2021-26427 is a Microsoft Exchange Server RCE vulnerability that has the highest CVSS score this month.

"We don't often highlight information disclosure bugs, but this vulnerability goes beyond just dumping random memory locations. This bug could allow an attacker to recover cleartext passwords from memory, even on Windows 11.".

Finally, Satnam Narang, staff research engineer at Tenable pointed out CVE-2021-36970, a spoofing vulnerability in Microsoft's Windows Print Spooler, as worthy of a quick fix.

Which vulnerabilities should be remediated first? It depends on which Microsoft solutions an organization uses, the severity of the vulnerabilities and the likelihood of a vulnerability getting exploited sooner rather than later.

"We always recommend patching anything that is being actively exploited first. Privilege escalation vulnerabilities always score lower than remote code execution, but are more commonly used by attackers once they have that initial access, so do not let the raw CVSS score be your priority order!".

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/mrzZVQ_EZAg/