article thumbnail

Microsoft Patch Tuesday, July 2021 Edition

Krebs on Security

.” Among the critical bugs is of course the official fix for the PrintNightmare print spooler flaw in most versions of Windows ( CVE-2021-34527 ) that prompted Microsoft to rush out a patch for a week ago in response to exploit code for the flaw that got accidentally published online. out of a possible 10.

DNS 344
article thumbnail

Microsoft Patch Tuesday, December 2021 Edition

Krebs on Security

.” Part of the difficulty in patching against the Log4Shell attack is identifying all of the vulnerable web applications, said Johannes Ullrich , an incident handler and blogger for the SANS Internet Storm Center. Microsoft also patched CVE-2021-43883 , an elevation of privilege vulnerability in Windows Installer.

Internet 359
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Microsoft Patch Tuesday, August 2021 Edition

Krebs on Security

Microsoft said attackers have seized upon CVE-2021-36948 , which is a weakness in the Windows Update Medic service. Redmond says while CVE-2021-36948 is being actively exploited, it is not aware of exploit code publicly available. 10, 2021 for all versions of Windows, and is documented as CVE-2021-34481.

Software 324
article thumbnail

Patch Tuesday, October 2021 Edition

Krebs on Security

to fix a zero-day vulnerability (CVE-2021-30883) that is being leveraged in active attacks targeting iPhone and iPad users. CVE-2021-38672 affects Windows 11 and Windows Server 2022; CVE-2021-40461 impacts both Windows 11 and Windows 10 systems, as well as Server versions. Firstly, Apple has released iOS 15.0.2

article thumbnail

Microsoft Patch Tuesday, September 2021 Edition

Krebs on Security

Top of the critical heap is CVE-2021-40444 , which affects the “MSHTML” component of Internet Explorer (IE) on Windows 10 and many Windows Server versions. Allan Liska , senior security architect at Recorded Future , said a similar vulnerability — CVE-2021-28316 — was announced in April.

Spyware 64
article thumbnail

Microsoft Patch Tuesday, March 2021 Edition

Krebs on Security

Top of the heap this month (apart from the ongoing, global Exchange Server mass-compromise ) is a patch for an Internet Explorer bug that is seeing active exploitation. “We strongly encourage all organizations that rely on Internet Explorer and Microsoft Edge (EdgeHTML-Based) to apply these patches as soon as possible.”

DNS 353
article thumbnail

Microsoft Patch Tuesday, November 2021 Edition

Krebs on Security

The other critical flaw patched today that’s already being exploited in the wild is CVE-2021-42321 , yet another zero-day in Microsoft Exchange Server. As Exchange zero-days go, CVE-2021-42321 appears somewhat mild by comparison. Microsoft has published a blog post/FAQ about the Exchange zero-day here.

Backups 316