Security News

Industrial giants Siemens and Schneider Electric on Tuesday released a total of two dozen advisories covering roughly 100 vulnerabilities affecting their products. The 18 new advisories prepared by Siemens for the July 2021 Patch Tuesday cover nearly 80 vulnerabilities impacting the company's products.

Microsoft released an XL-sized bundle of security fixes for its products for this month's Patch Tuesday, and other vendors are close behind in issuing updates. The Windows goliath's batch for July has 117 patches, 13 for what's said to be critical bugs, 103 important, and one moderate.

Microsoft today released updates to patch at least 116 security holes in its Windows operating systems and related software. Another 103 of the security holes patched this month were flagged as "Important," which Microsoft assigns to vulnerabilities "Whose exploitation could result in compromise of the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources."

Microsoft has fixed 117 CVEs, 4 of which are actively exploited. "A pair of Windows kernel privilege elevation flaws should also be high on the patch list as they are being actively exploited. These are exactly the type of vulnerabilities in the ransomware attack toolkit, allowing threat actors to boost their user level from user to admin, for greater control over the environment. Admins should keep an eye on existing and new accounts for suspicious activity."

Today is Microsoft's July 2021 Patch Tuesday, and with it comes fixes for nine zero-day vulnerabilities and a total of 117 flaws, so Windows admins will be pulling their hair out as they scramble to get devices patched and secured. Microsoft has fixed 117 vulnerabilities with today's update, with 13 classified as Critical, 1 Moderate, and 103 as Important.

A new emergency directive issued by the Cybersecurity and Infrastructure Security Agency orders federal agencies to mitigate the actively exploited Window Print Spooler vulnerability on their networks. CISA issued the Emergency Directive 21-04 after Microsoft released security updates on Friday to address the vulnerability dubbed PrintNightmare in all supported Windows versions.

SolarWinds has issued an emergency patch after a critical security hole in its Serv-U Managed File Transfer and Serv-U Secure FTP was spotted being exploited in the wild. The vulnerability, discovered by Microsoft's Threat Intelligence Center and Offensive Security Research teams, can be exploited by an attacker to achieve remote code execution, and is present in Serv-U version 15.2.3 HF1 and all prior builds.

How to improve your organization's Active Directory security postureActive Directory, a directory service developed by Microsoft for Windows domain networks, is most organizations' primary store for employee authentication and identity management, and controls which assets / applications / systems a user has access to. This makes Active Directory a valuable target for attackers and spur organizations to improve its security.

Just days after shipping an emergency Windows update to cover a dangerous code execution flaw in the Print Spooler service, Microsoft is investigating a new set of claims that its so-called 'PrintNightmare' patch has not properly fixed the underlying vulnerability. The company followed up with a blog post late Thursday insisting the emergency patch is "Working as designed" and "Effective against the known print spooling exploits."

Updates are available for Windows 7 and Server 2008/2008 R2 if you have an Extended Security Update subscription. Windows 10 21H1, released on May 18 now bundles the servicing stack updates and the latest cumulative updates into a single package.