Microsoft fixed over 60 CVEs in this month’s Patch Tuesday update round, including a zero-day being actively exploited in the wild.
First made public last week, CVE-2021-40444 is a remote code execution vulnerability in Microsoft’s MSHTML engine.
A second zero-day, which was publicly disclosed but not actively exploited, is CVE-2021-36968, an elevation of privilege vulnerability in Windows DNS. It is labeled “important” by Microsoft and only impacts Windows 7 and Windows Server 2008.
However, these vulnerable legacy systems could appeal to threat actors as targets, according to Ivanti VP of product management, Chris Goettl.
“In this case, they could find the fact that this only affects legacy OSs as attractive, banking on the fact that companies are still running these systems but not continuing with extended security updates (ESU) from Microsoft,” he explained.
“If you fall into this group, there is yet more reason to either subscribe to Microsoft’s ESU for Windows 7 and Server 2008/2008 R2 or migrate off of these platforms, as the risk of running these end-of-life systems continues to grow.”
Elsewhere there was also an updated patch for one of the print spooler bugs known as PrintNightmare, to fix new issues discovered by researchers beyond the original fix. With exploit code available for this CVE, it’s also a matter of urgency to patch, said Goettl.
Other noteworthy CVEs that got the patch treatment this month were CVE-2021-38647, CVE-2021-38648, CVE-2021-38645, and CVE-2021-38649 — affecting Microsoft’s Open Management Infrastructure (OMI) agent.
Dubbed “OMIGOD” by researchers at Wiz.io, the bugs could enable a remote attacker to gain root access to Linux virtual machines running on Azure.
“We conservatively estimate that thousands of Azure customers and millions of endpoints are affected. In a small sample of Azure tenants we analyzed, over 65% were unknowingly at risk,” the firm warned.