Windows Latest Update Includes Dozens of Security Issues

 Microsoft has been under fire lately for dozens of new zero-day flaws that have come to light under threat assessor scrutiny. Tuesday, Microsoft issued a Windows update that was designed to patch dozens of known security flaws.

What was Addressed?

According to The Hacker News, along with Microsoft’s regularly scheduled update, they patched 55 flaws in the Windows operating system, “Exchange Server, Internet Explorer, Office, Hyper-V, Visual Studio, and Skype for Business.”

Four of these security issues are considered “Critical,” one is labeled “Moderate,” and the rest are “Important.” Three of the four critical issues were publicly disclosed, but the fourth was unknown. None are under active exploitation at this time.

The most critical issue patched is CVE-2021-31166, “a wormable remote code execution vulnerability in the HTTP protocol stack. The issue, which could allow an unauthenticated attacker to send a specially crafted packet to a targeted server, is rated 9.8 out of a maximum of 10 on the CVSS scale,” The Hacker News explains.

“Another vulnerability of note is a remote code execution flaw in Hyper-V ( CVE-2021-28476 ), which  also scores  the highest severity among all flaws patched this month with a CVSS rating of 9.9.”

Another issue involves a guest “VM to force the Hyper-V host’s kernel to read from an arbitrary.” This one could result in a Denial of Service (DoS) attack.

The update also patches the memory corruption flaw (Internet Explorer ( CVE-2021-26419) and four others in Exchange Server. Below are the four critical issues fixed on Tuesday:

• “CVE-2021-31207  (CVSS score: 6.6) - Security Feature Bypass Vulnerability (publicly known).
•  CVE-2021-31195  (CVSS score: 6.5) - Remote Code Execution Vulnerability.
•  CVE-2021-31198  (CVSS score: 7.8) - Remote Code Execution Vulnerability.
•  CVE-2021-31209  (CVSS score: 6.5) - Spoofing Vulnerability.”

The Hacker News explains;

“Elsewhere, the update addresses a slew of privilege escalation bugs in Windows Container Manager Service, an information disclosure vulnerability in Windows Wireless Networking, and several remote code execution flaws in Microsoft Office, Microsoft SharePoint Server, Skype for Business, and Lync, Visual Studio, and Windows Media Foundation Core.”

How Windows Users Can Stay Safe

Windows is the most prominent target for hackers because the operating system is known to be inherently flawed. Even built-in protections aren’t always enough. However, there are things you as a Windows user can do to stay safe:

• Always keep your Windows operating system up to date with the latest security patches.
• Install and keep good antivirus/anti-malware software running on the machine. Run deep scans often. 
• Store your personal information offline on a drive not connected to the internet.
• Setup network monitoring software to keep an eye on your systems and alert you to any intrusions or infections.
• Always use very strong passwords on all devices.
• Change the default password for your network router.
• Keep all apps and other installed software updated regularly.
• Turn on restore points and keep offsite backups to restore your system if anything happens.
• Watch out for phishing emails or other fraudulent tactics.
• Do not download attachments or click links in emails.
• Never download software from untrusted sources (especially freeware).
• Use common sense, and if something appears to be too good to be true, it probably is.
• Don’t click ads on social media or links sent to you via messenger from advertisers. These are often scammers baiting you.

To update your version of Windows to the latest security patches, go to Start > Settings > Update & Security > Windows Update, or by selecting “Check for Windows updates.”