Using Windows? Microsoft Releases 121 Patches for Windows Security Flaws | Ron Benvenisti

As many as 121 new security flaws were patched by Microsoft as part of its Patch Tuesday updates for the month of August, which also includes a fix for a Support Diagnostic Tool vulnerability that the company said is being actively exploited in the wild.

Of the 121 bugs, 17 are rated Critical, 102 are rated Important, one is rated Moderate, and one is rated Low in severity. Two of the issues have been listed as publicly known at the time of the release.

It’s worth noting that the 121 security flaws are in addition to 25 shortcomings the tech giant addressed in its Chromium-based Edge browser late last month and the previous week.

Microsoft said in an advisory, “In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.” Sound familiar?

As I have mentioned in previous articles, an attacker could host a website or leverage an already compromised site that contains a malware infected file to exploit the vulnerability, tricking users into clicking on a link in an email or an instant message to open the document. Remember:

“Don’t Click It and You Won’t Brick It”

“This is not an uncommon vector and malicious documents, and links are still used by attackers to great effect,” Kev Breen, director of cyber threat research at Immersive Labs, said. “It underscores the need for ‘upskilling’ employees to be wary of such attacks.” This is something you have hopefully read about here on the Scoop, numerous times.

Microsoft also resolved three privilege escalation flaws in Exchange Server that could be abused to read targeted email messages and download attachments sent through Microsoft Exchange which could lead to the same impact.

“Administrators should enable Extended Protection in order to fully remediate this vulnerability,” said Greg Wiseman, product manager at Rapid7.

The Patch Tuesday fix is addresses dozens of privilege escalation flaws: 31 in Azure Site Recovery, just a month after Microsoft fixed 30 similar bugs in the business continuity service, five in Storage Spaces Direct, three in Windows Kernel, and two in the Print Spooler module.

For the tech support providers out there, take note that this security update also remediates multiple remote code execution flaws in Windows Point-to-Point Protocol (PPP), Windows Secure Socket Tunneling Protocol (SSTP), Azure RTOS GUIX Studio, Microsoft Office, and Windows Hyper-V. Ouch.

 

This content, and any other content on TLS, may not be republished or reproduced without prior permission from TLS. Copying or reproducing our content is both against the law and against Halacha. To inquire about using our content, including videos or photos, email us at [email protected].

Stay up to date with our news alerts by following us on Twitter, Instagram and Facebook.

**Click here to join over 20,000 receiving our Whatsapp Status updates!**

**Click here to join the official TLS WhatsApp Community!**

Got a news tip? Email us at [email protected], Text 415-857-2667, or WhatsApp 609-661-8668.

1 COMMENT

  1. “Microsoft Releases 121 Patches for Windows Security Flaws.”
    Sounds like Microsoft is deliberately trying to one-up us.
    We say “Ad meah v’esrim”, and Microsoft says, “Ha to you guys! How about ‘Ad meah v’esrim v’echad’?”

Comments are closed.


© Copyright | The Lakewood Scoop. All Rights Reserved