Security News
Ransomware operators have added PrintNightmare exploits to their arsenal and are targeting Windows servers to deploy Magniber ransomware payloads. PrintNightmare is a class of security vulnerabilities impacting the Windows Print Spooler service, Windows print drivers, and the Windows Point and Print feature.
A day after releasing Patch Tuesday updates, Microsoft acknowledged yet another remote code execution vulnerability in the Windows Print Spooler component, adding that it's working to remediate the issue in an upcoming security update. Tracked as CVE-2021-36958, the unpatched flaw is the latest to join a list of bugs collectively known as PrintNightmare that have plagued the printer service and come to light in recent months.
A day after releasing Patch Tuesday updates, Microsoft acknowledged yet another remote code execution vulnerability in the Windows Print Spooler component, adding that it's working to remediate the issue in an upcoming security update. "A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations," the company said in its out-of-band bulletin, echoing the vulnerability details for CVE-2021-34481.
Microsoft has issued an advisory for another zero-day Windows print spooler vulnerability tracked as CVE-2021-36958 that allows local attackers to gain SYSTEM privileges on a computer. This vulnerability is part of a class of bugs known as 'PrintNightmare,' which abuses configuration settings for the Windows print spooler, print drivers, and the Windows Point and Print feature.
Microsoft on Tuesday rolled out security updates to address a total of 44 security issues affecting its software products and services, one of which it says is an actively exploited zero-day in the wild. Chief among the patched issues is CVE-2021-36948, an elevation of privilege flaw affecting Windows Update Medic Service - a service that enables remediation and protection of Windows Update components - which could be abused to run malicious programs with escalated permissions.
Microsoft on Tuesday rolled out security updates to address a total of 44 security issues affecting its software products and services, one of which it says is an actively exploited zero-day in the wild. Chief among the patched issues is CVE-2021-36948, an elevation of privilege flaw affecting Windows Update Medic Service - a service that enables remediation and protection of Windows Update components - which could be abused to run malicious programs with escalated permissions.
Microsoft has patched 51 security vulnerabilities in its scheduled August Patch Tuesday update, including seven critical bugs, two issues that were publicly disclosed but unpatched until now, and one that's listed as a zero-day that has been exploited in the wild. "Despite its CVSS rating of 9.9, this may prove to be a trivial bug, but it's still fascinating," said Dustin Childs of Trend Micro's Zero Day Initiative in his Tuesday analysis.
Microsoft has released security updates that block the PetitPotam NTLM relay attack that allows a threat actor to take over a Windows domain. This NTLM relay attack allows the threat actor to take over the domain controller, and thus the Windows domain.
The zero-day attacks against Microsoft's software products continue to pile up with a new warning from Redmond about a zero-day attack hitting a security defect in the Windows Update Medic Service. The Windows Update Medic Service is used to repair Windows Update components from damage so that Windows machines can continue to receive software updates.
The August 2021 Patch Tuesday is out and Microsoft has published several new cumulative updates for recent versions of Windows 10. Today's cumulative updates include security fixes for PCs with May 2021 Update, October 2020 Update, and May 2020 Update.