Microsoft fixes six zero-day flaws in Windows 10 — update right now

1. Home
2. News
3. Security

Microsoft fixes half-dozen goose egg-day flaws in Windows 10 — update right now

(Prototype credit: Wachiwit/Shutterstock)

You'd amend implement the software patches that Microsoft released yesterday (June viii) if you lot're running whatsoever contempo version of Windows, because this month's Patch Tuesday updates include fixes for half dozen dissimilar "nix-mean solar day" flaws that are already being exploited by attackers in the wild.

The worst of the bunch (assigned the catalogue number CVE-2021-33742) lets malicious web pages hack into PCs via Net Explorer and other Microsoft programs. Microsoft Edge is besides affected when information technology is in "Cyberspace Explorer mode," according to the Microsoft description of the flaw, which labels it "Critical."

• iOS 15 digital ID can replace your driver's license — is this a skilful thought?
• The best Windows 10 antivirus software
• Plus: Xbox Series X restock update: Track on Twitter, Walmart and more

Google's Threat Analysis Group discovered that flaw but last week. Yesterday (June 8) Google'south Shane Huntley tweeted that the attacks using the flaw seem to accept been developed by a commercial hacking group for a nation-state in the Middle Due east or Eastern Europe.

Another actively exploited vulnerability discovered in the wild by TAG (@_clem1). Great work by @msftsecresponse in patching within seven days.https://t.co/Z2VXqn5kqKJune 8, 2021

Run across more

Speaking of Google, two of the other nada-day flaws (CVE-2021-31955 and 31956) were used in conjunction with Chrome flaws as part of "a wave of highly targeted attacks against multiple companies" in Apr, according to Kaspersky researchers. The Chrome flaws were fixed in a flurry of security updates to that browser later in that month.

A Kaspersky press release said the company had "yet to find whatsoever connection between these attacks and any known threat actors." Kaspersky is calling the previously unknown grouping "Puzzle Maker."

Two more of the patched zero-days (CVE-2021-31199 and 31201) seem to have been used in conjunction with an Adobe Reader flaw that was fixed concluding month. As with the Chrome attacks, the Reader flaw got the attacker onto the system, and the Microsoft flaws so permitted the attacker to "elevate privileges" to fully have control.

The 6th zero-twenty-four hour period (CVE-2021-33739) is besides an elevation-of-privileges flaw. Microsoft'southward notes don't provide many details, only say the flaw could be used once an aggressor has gained a foothold on a machine via a phishing assault or other means.

You tin can tell Microsoft takes these zero-day flaws very seriously because information technology's patching Windows 7 as well as Windows 8.i and Windows 10, where applicative.

Windows vii officially reached the end of support in January 2020 and wasn't supposed to become any more patches after that. But Microsoft has been quietly fixing the worst flaws in Windows 7 in several recent Patch Tuesday updates.

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, lawmaking monkey and video editor. He'due south been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random Boob tube news spots and even moderated a panel word at the CEDIA home-engineering conference. You can follow his rants on Twitter at @snd_wagenseil.

Source: https://www.tomsguide.com/news/microsoft-patch-tuesday-june-21

Posted by: kelleyolleefors.blogspot.com

Share this post