Security News

Today is Microsoft's July 2021 Patch Tuesday, and with it comes fixes for nine zero-day vulnerabilities and a total of 117 flaws, so Windows admins will be pulling their hair out as they scramble to get devices patched and secured. Microsoft has fixed 117 vulnerabilities with today's update, with 13 classified as Critical, 1 Moderate, and 103 as Important.

SolarWinds has issued a hotfix for a zero-day remote code execution vulnerability already under active, yet limited, attack on some of the company's customers. Though the current threat appears to be from a sole actor and "Involves a limited, targeted set of customers," SolarWinds wanted to remedy the situation before it could escalate, the company said.

SolarWinds has released an emergency patch for CVE-2021-35211, a RCE vulnerability affecting its Serv-U Managed File Transfer and Serv-U Secure FTP that is currently being exploited in the wild. "Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability. SolarWinds is unaware of the identity of the potentially affected customers," the company shared.

Security responders at SolarWinds are scrambling to contain a new zero-day vulnerability being actively exploited in what is being described as "Limited, targeted attacks." In an advisory issued over the weekend, SolarWinds said a single threat actor exploited security flaws in its Serv-U Managed File Transfer and Serv-U Secure FTP products against "a limited, targeted set of customers."

Kaseya made good on its promise to issue patches by July 11. On Saturday, the company behind the Virtual System/Server Administrator platform that got walloped by the REvil ransomware-as-a-service gang in a massive supply-chain attack released urgent updates to address critical zero-day security vulnerabilities in VSA. Kaseya released the VSA 9.5.7a update to fix three zero-day vulnerabilities used in the ransomware attacks.

Microsoft has released the KB5004945 emergency security update to fix the actively exploited PrintNightmare zero-day vulnerability in the Windows Print Spooler service impacting all Windows versions. Windows 7 SP1 and Windows Server 2008 R2 SP1. Windows Server 2008 SP2. Security updates have not yet been released for Windows 10 version 1607, Windows Server 2016, or Windows Server 2012, but they will also be released soon, according to Microsoft.

The worldwide July 2 attacks on the Kaseya Virtual System/Server Administrator platform by the REvil ransomware gang turn out to be the result of exploits for at least one zero-day security vulnerability, and the company is swinging into full mitigation mode, with patches for the on-premise version coming soon, likely Wednesday or Thursday, it said. The attacks on the VSA are now estimated to have led to the encryption of files for around 60 Kaseya customers using the on-premises version of the platform - many of which are managed service providers who use VSA to manage the networks of other businesses.

The zero-day vulnerability used to breach on-premise Kaseya VSA servers was in the process of being fixed, just as the REvil ransomware gang used it to perform a massive Friday attack. The vulnerability had been previously disclosed to Kaseya by security researchers from the Dutch Institute for Vulnerability Disclosure, and Kaseya was validating the patch before they rolled it out to customers.

Free micropatches addressing the actively exploited PrintNightmare zero-day vulnerability in the Windows Print Spooler service are now available through the 0patch platform. The buggy code behind this remote code execution bug is present in all versions of Windows, with Microsoft still investigating if the vulnerability can be exploited exploitable on all of them.

Microsoft has provided mitigation guidance to block attacks on systems vulnerable to exploits targeting the Windows Print Spooler zero-day vulnerability known as PrintNightmare. In a separate threat analytics report for Microsoft 365 Defender customers seen by BleepingComputer, Microsoft says attackers are actively exploiting the PrintNightmare zero-day.