Microsoft fixes six zero-day flaws in Windows 10 — update right now

1. Home
2. News
3. Security

Microsoft fixes vi nix-day flaws in Windows 10 — update right at present

(Epitome credit: Wachiwit/Shutterstock)

Yous'd better implement the software patches that Microsoft released yesterday (June viii) if y'all're running whatever recent version of Windows, because this month's Patch Tuesday updates include fixes for six different "naught-day" flaws that are already beingness exploited by attackers in the wild.

The worst of the bunch (assigned the catalogue number CVE-2021-33742) lets malicious web pages hack into PCs via Internet Explorer and other Microsoft programs. Microsoft Edge is too affected when information technology is in "Cyberspace Explorer mode," according to the Microsoft description of the flaw, which labels it "Critical."

• iOS 15 digital ID can replace your driver's license — is this a good thought?
• The best Windows 10 antivirus software
• Plus: Xbox Serial X restock update: Track on Twitter, Walmart and more

Google's Threat Assay Grouping discovered that flaw just last week. Yesterday (June eight) Google's Shane Huntley tweeted that the attacks using the flaw seem to have been developed by a commercial hacking group for a nation-state in the Middle East or Eastern Europe.

Another actively exploited vulnerability discovered in the wild by TAG (@_clem1). Great work past @msftsecresponse in patching within seven days.https://t.co/Z2VXqn5kqKJune 8, 2021

See more

Speaking of Google, two of the other zero-24-hour interval flaws (CVE-2021-31955 and 31956) were used in conjunction with Chrome flaws as part of "a wave of highly targeted attacks confronting multiple companies" in April, co-ordinate to Kaspersky researchers. The Chrome flaws were fixed in a flurry of security updates to that browser later in that month.

A Kaspersky press release said the company had "yet to discover any connectedness between these attacks and any known threat actors." Kaspersky is calling the previously unknown group "Puzzle Maker."

Two more of the patched zero-days (CVE-2021-31199 and 31201) seem to have been used in conjunction with an Adobe Reader flaw that was fixed last month. As with the Chrome attacks, the Reader flaw got the assaulter onto the system, and the Microsoft flaws and then permitted the attacker to "elevate privileges" to fully take control.

The sixth cypher-day (CVE-2021-33739) is also an elevation-of-privileges flaw. Microsoft's notes don't provide many details, simply say the flaw could be used once an attacker has gained a foothold on a machine via a phishing attack or other means.

You lot can tell Microsoft takes these zero-mean solar day flaws very seriously considering it's patching Windows 7 as well as Windows 8.ane and Windows ten, where applicative.

Windows 7 officially reached the end of support in January 2020 and wasn't supposed to get any more patches later that. But Microsoft has been quietly fixing the worst flaws in Windows 7 in several contempo Patch Tuesday updates.

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry melt, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown upwardly in random TV news spots and even moderated a console word at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Source: https://www.tomsguide.com/news/microsoft-patch-tuesday-june-21

Posted by: smithtegaves.blogspot.com

Share this post