Microsoft Corporation released updates to fix at least 55 security bugs in its Windows operating systems and other software. Two patches deal with vulnerabilities used in active online attacks and four flaws were publicly disclosed giving cybercriminals a head start on attempts at exploitation. CVE-2021-42292, a “security feature bypass” zero-day bug in Microsoft Excel versions 2013-2021, could allow attackers to install malicious code by tricking someone into opening a concealed Excel file. The Mac versions of Office are also affected, but multiple sources explain that these security updates aren’t available yet.
Microsoft’s updated and condensed security advisories did not disclose what is being bypassed in Excel with this flaw. According to a report from the Zero Day Initiative, it is believed that the vulnerability is due to a loading code that should be limited by a user prompt, such as a warning about external content or scripts; however, the prompt does not appear and bypasses the security features. CVE-2021-42321, another zero-day in Microsoft Exchange Server, is the other critical flaw patched, but still being exploited. Many of the world’s organizations using Microsoft Exchange Servers were hit with four zero-day attacks, which allowed attackers to install backdoors and steal email. CVE-2021-42321, unlike the four zero-days involved in the massive breach of Exchange Server systems, requires threat actors to be authenticated by the target’s system.
CVE-2021-38631 and CVE-2021-41371 are two vulnerabilities that involve the weaknesses in Microsoft’s Remote Desktop Protocol (RDP, Windows’ built-in remote administration tool) running on Windows 7- 11 systems and on Windows Server 2008-2019 systems. The weaknesses allow hackers to view the RDP password for the vulnerable system. A security researcher explains that with cybercriminals and ransomware initial access brokers interested in RDP, it’s likely to be exploited. An additional flaw is CVE-2021-38666, a Remote Code Execution vulnerability in the Windows RDP Client, which affects Windows 7 – 11 and Windows Server 2008 – 2019.
Applying security updates might not be a big deal for most Windows home users; however, it’s always a good idea to update security patches monthly to avoid security risks. Always backup your important files before patching. Windows 10 is equipped with built-in tools that can help with the process either on a per-file/folder basis or making a complete, bootable copy of the hard drive.
The most critical vulnerabilities from Patch Tuesday are CVE-2021042279 (Chakra Scripting Engine Memory Corruption Vulnerability), CVE-2021-42298 (Microsoft Defender Remote Code Execution Vulnerability), CVE-2021-42316 (Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability), CVE-2021-26443 (Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability), CVE-2021-3711 (OpenSSL: CVE-20210-3711 SM2 Decryption Buffer Overflow), and CVE-2021-38666 (Remote Desktop Client Remote Code Execution Vulnerability). Despite the patches, some CVE are still susceptible to exploitation without proper end-user updates.
At SpearTip, our data breach investigation services allow our certified engineers to analyze data and make sure any potential malware is contained and neutralized. Our IT remediation process allows our engineers to implement useful resources and actions to back up your business and recover crucial assets.
If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.