Security News

Microsoft today released software updates to plug at least 44 security vulnerabilities in its Windows operating systems and related products. Microsoft said attackers have seized upon CVE-2021-36948, which is a weakness in the Windows Update Medic service.

Now is the winter of our discontent made glorious summer by the fact that it's August and Patch Tuesday brings word of only 44 vulnerabilities in Microsoft's software. There's a bit of selective counting here however, given that Microsoft has been patching Edge's Chromium bugs separately.

The zero-day attacks against Microsoft's software products continue to pile up with a new warning from Redmond about a zero-day attack hitting a security defect in the Windows Update Medic Service. The Windows Update Medic Service is used to repair Windows Update components from damage so that Windows machines can continue to receive software updates.

Today is Microsoft's August 2021 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities and a total of 44 flaws, so please be nice to your Windows admins as they scramble to installed patches. Microsoft has fixed 44 vulnerabilities with today's update, with seven classified as Critical and 37 as Important.

Patch bypass flaw in Pulse Secure VPNs can lead to total compromiseThe patch for a vulnerability in Pulse Connect Secure VPN devices that attackers have been exploiting in the wild can be bypassed, security researcher Rich Warren has found. Vulnerable TCP/IP stack is used by almost 200 device vendorsResearchers have discovered 14 new vulnerabilities affecting the proprietary NicheStack TCP/IP stack, used in OT devices such as the extremely popular Siemens S7 PLCs. A look at the 2021 CWE Top 25 most dangerous software weaknessesThe 2021 Common Weakness Enumeration Top 25 Most Dangerous Software Weaknesses is a demonstrative list of the most common issues experienced over the previous two calendar years.

Threat actors are now actively scanning for the Microsoft Exchange ProxyShell remote code execution vulnerabilities after technical details were released at the Black Hat conference. ProxyShell is the name for three vulnerabilities that perform unauthenticated, remote code execution on Microsoft Exchange servers when chained together.

A free unofficial patch is now available to block attackers from taking over domain controllers and compromising entire Windows domains via PetitPotam NTLM relay attacks. The PetitPotam attack vector that forces Windows machines to authenticate against threat actors' malicious NTLM relay servers using the Microsoft Encrypting File System Remote Protocol was disclosed last month by security researcher Gilles Lionel.

In a Thursday security advisory update, Cisco revealed that a remote code execution vulnerability in the Adaptive Security Device Manager Launcher disclosed last month is a zero-day bug that has yet to receive a security update. Cisco ADSM is a firewall appliance manager that provides a web interface for managing Cisco Adaptive Security Appliance firewalls and AnyConnect Secure Mobility clients.

The patch for a vulnerability in Pulse Connect Secure VPN devices that attackers have been exploiting in the wild can be bypassed, security researcher Rich Warren has found. This new patch bypass vulnerability that could lead to remote code execution has been assigned a separate identification number and has been fixed by Ivanti Pulse Secure on Monday.

If you use Microsoft's security only updates each month, be sure to include the security only out-of-band updates for your operating systems, because they must be installed for the PrintNightmare fix; they were not included in the Patch Tuesday set of security only updates. The release of zero-day updates, particularly one of this magnitude, provides an excellent opportunity to validate your emergency patching policies and procedures.