Vulnerability fixes are the name of the game.
What you need to know
- Patch Tuesday has arrived.
- The July 13 wave of updates includes a lot of security updates.
July 13, 2021's Patch Tuesday updates are here, and they're packing a laundry list of security updates for just about every Microsoft product under the sun.
Cumulative updates KB5004245 and KB5004237 have arrived to quash bugs and provide a few performance enhancements. Highlights of KB5004237 include:
- Updates for verifying usernames and passwords.
- Updates to improve security when Windows performs basic operations.
- Updates an issue that might make printing to certain printers difficult. This issue affects various brands and models, but primarily receipt or label printers that connect using a USB port.
Printer-related troubles are also mentioned in the list of security updates, specifically under CVE-2021-34527, which addresses the recent PrintNightmare situation revolving around an actively exploited threat that is in the wild.
CVE-2021-33771, CVE-2021-34448, and CVE-2021-31979 are also listed as actively exploited.
Other vulnerabilities are addressed in the update, including resolutions for CVE-2021-31206 and CVE-2021-34448. The former was a Microsoft Exchange Server remote code execution vulnerability, and the latter was a memory corruption vulnerability.
In total, there are nine zero-day vulnerabilities listed in the recent round of patch notes. Of the four being actively exploited, PrintNightmare remains the pack leader in notoriety due to the stories surrounding it, including sporting patches that didn't effectively do their job of patching up vulnerabilities as well as causing certain printers not to work. Third parties stepped up to provide their own patches for the PrintNightmare situation. However, given that it's typically advisable to rely on Microsoft to deliver Windows-related fixes, many waited on Redmond to produce an official patch that didn't introduce more issues than solutions.
No comments: