Microsoft patches four bugs under active attack in Patch Tuesday update

Thirteen bugs fixed this month are rated as 'Critical'

Microsoft has released its July 2021 Patch Tuesday update, addressing a total of 117 security vulnerabilities in Windows and related software.

The latest security update covers a range of Microsoft products and features, including Windows 10; Microsoft Office; Microsoft Exchange Server; Windows Defender; and Windows Hello. It also includes fixes for a variety of bugs: 44 remote code execution (RCE); 32 elevation of privilege; 14 information disclosures; 12 denial of service; eight security feature bypass; and seven spoofing.

Thirteen bugs fixed this month are flagged as 'Critical', meaning that threat actors can exploit them to take remote control over a vulnerable system without any help from users.

Another 103 security flaws are rated as 'important' while one is 'Moderate' in severity.

At least four of the bugs addressed this month are under active attack, Microsoft said.

Among them is the PrintNightmare flaw, which is indexed as CVE-2021-34527. It exists in the Windows Print Spooler service, which provides printing functionality inside local networks.

A cyber security company disclosed the details of this bug by accident last month, after they misunderstood a Microsoft bulletin and thought the issue had been fixed.

The vulnerability could allow attackers to take control of vulnerable systems remotely and run arbitrary code (to install programmes, modify data, and create new accounts) through local privilege escalation (LPE).

After the bug's severity was noticed, Microsoft issued an out-of-band security update last week and urged users to install the patch as early as possible - although some security researchers said the patch it was incomplete, and could be bypassed.

Microsoft insists the patch works, providing certain conditions are met. Dustin Childs, with Trend Micro's Zero Day Initiative, explains:

"There have been reports the patch [for CVE-2021-34527] is ineffective, but Microsoft insists it works - provided certain registry keys have the correct values.

"Enterprises should verify these registry keys are configured as intended and get this patch rolled out. It's also a fine time to disable the Print Spooler service wherever it isn't needed and restrict the installation of printer drivers to just administrators."

The three other vulnerabilities under active attacks, and which Microsoft has now patched, are CVE-2021-34448, CVE-2021-31979, and CVE-2021-33771.

CVE-2021-34448 is probably the worst of them: a scripting engine memory corruption bug that allows a malicious web page to conceal a booby-trapped file. Downloading this file via the web browser allows it to execute code on a Windows machine.

CVE-2021-31979 and 33771 are Windows Kernel Elevation of Privilege bugs, which require local access for exploitation.

In addition, Microsoft has addressed five bugs that were publicly disclosed, but not exploited by cyber actors. They are: CVE-2021-34492, CVE-2021-34523, CVE-2021-34473, CVE-2021-33779 and CVE-2021-33781.

Some other interesting vulnerabilities addressed by Microsoft this month include CVE-2021-31206 (Microsoft Exchange Server RCE bug), CVE-2021-34494 (a Windows DNS Server RCE bug) and CVE-2021-34458 - a Windows Kernel RCE which lets a single root input/output virtualisation device potentially tamper with PCIe associates.