Windows Latest Update Includes Dozens of Security Issues

Posted on by Dawna M. Roberts in News May 27, 2021
https://content.infopay.net/storage/thumbnails/PfCm5Cd1HCrFO4Qo4Gqr3tHm2zLE9IshT4H2G74U.jpg

 Microsoft has been under fire lately for dozens of new zero-day flaws that have come to light under threat assessor scrutiny. Tuesday, Microsoft issued a Windows update that was designed to patch dozens of known security flaws.

What was Addressed?

According to The Hacker News, along with Microsoft’s regularly scheduled update, they patched 55 flaws in the Windows operating system, “Exchange Server, Internet Explorer, Office, Hyper-V, Visual Studio, and Skype for Business.”

Four of these security issues are considered “Critical,” one is labeled “Moderate,” and the rest are “Important.” Three of the four critical issues were publicly disclosed, but the fourth was unknown. None are under active exploitation at this time.

The most critical issue patched is CVE-2021-31166, “a wormable remote code execution vulnerability in the HTTP protocol stack. The issue, which could allow an unauthenticated attacker to send a specially crafted packet to a targeted server, is rated 9.8 out of a maximum of 10 on the CVSS scale,” The Hacker News explains.

“Another vulnerability of note is a remote code execution flaw in Hyper-V ( CVE-2021-28476 ), which  also scores  the highest severity among all flaws patched this month with a CVSS rating of 9.9.”

Another issue involves a guest “VM to force the Hyper-V host’s kernel to read from an arbitrary.” This one could result in a Denial of Service (DoS) attack.

The update also patches the memory corruption flaw (Internet Explorer ( CVE-2021-26419) and four others in Exchange Server. Below are the four critical issues fixed on Tuesday:

  • CVE-2021-31207  (CVSS score: 6.6) - Security Feature Bypass Vulnerability (publicly known).
  •  CVE-2021-31195  (CVSS score: 6.5) - Remote Code Execution Vulnerability.
  •  CVE-2021-31198  (CVSS score: 7.8) - Remote Code Execution Vulnerability.
  •  CVE-2021-31209  (CVSS score: 6.5) - Spoofing Vulnerability.”

The Hacker News explains;

“Elsewhere, the update addresses a slew of privilege escalation bugs in Windows Container Manager Service, an information disclosure vulnerability in Windows Wireless Networking, and several remote code execution flaws in Microsoft Office, Microsoft SharePoint Server, Skype for Business, and Lync, Visual Studio, and Windows Media Foundation Core.”

How Windows Users Can Stay Safe

Windows is the most prominent target for hackers because the operating system is known to be inherently flawed. Even built-in protections aren’t always enough. However, there are things you as a Windows user can do to stay safe:

  • Always keep your Windows operating system up to date with the latest security patches.
  • Install and keep good antivirus/anti-malware software running on the machine. Run deep scans often. 
  • Store your personal information offline on a drive not connected to the internet.
  • Setup network monitoring software to keep an eye on your systems and alert you to any intrusions or infections.
  • Always use very strong passwords on all devices.
  • Change the default password for your network router.
  • Keep all apps and other installed software updated regularly.
  • Turn on restore points and keep offsite backups to restore your system if anything happens.
  • Watch out for phishing emails or other fraudulent tactics.
  • Do not download attachments or click links in emails.
  • Never download software from untrusted sources (especially freeware).
  • Use common sense, and if something appears to be too good to be true, it probably is.
  • Don’t click ads on social media or links sent to you via messenger from advertisers. These are often scammers baiting you.

To update your version of Windows to the latest security patches, go to Start > Settings > Update & Security > Windows Update, or by selecting “Check for Windows updates.”


About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagram’s c... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “Alien” is ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the country, ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% of the... Read More

FREE IDENTITY THREAT SCAN
Scan Your Records for Breaches, Leaks & Exposures!