Patch Tuesday has came and went which means its time to run Windows Update again.
Microsoft has released another volley of critical and security fixes in Windows Update to address issues on all Windows operating systems. Microsoft is also releasing cumulative updates for supported Windows 10 versions 2004, 20H2, and 21H1. It comes in the form of KB5006670. Cumulative updates do generally not add new features, but they include some highlights and a changelog with fixes. This update increments your builds to 19041.1288, 19042.1288, and 19043.1288, respectively. Here’s a look at what you can expect from this latest update.
- One vulnerability has already been seen exploited: CVE-2021-40449 is an elevation of privilege vulnerability in all supported versions of Windows, including the newly released Windows 11. Rated as Important, this is likely being used in addition to Remote Code Execution (RCE) and social engineering attacks to gain complete control of targeted systems.
- Microsoft is issuing fixes for over 70 CVEs this month, affecting most of their product lines. From Windows, Edge, and Office to Exchange, SharePoint, and Dynamics, patching will be plentiful for workstation and server administrators alike.
- Three CVEs were publicly disclosed before Tuesday but haven’t yet been observed in active exploitation.
- CVE-2021-40469is an RCE vulnerability affecting Microsoft DNS servers.
- CVE-2021-41335 is another privilege escalation vulnerability in the Windows Kernel.
- CVE-2021-41338 is a flaw in Windows AppContainer, allowing attackers to bypass firewall rules.
- Another notable vulnerability is CVE-2021-26427, the latest in Exchange Server RCEs. The severity is mitigated by the fact that attacks are limited to a “logically adjacent topology,” meaning that they cannot be exploited directly over the public Internet. Three additional vulnerabilities related to Exchange Server were also patched:
- CVE-2021-41350, a Spoofing vulnerability.
- CVE-2021-41348, allowing elevation of privilege.
- CVE-2021-34453, which is a Denial of Service vulnerability.
- Many attackers will likely be paying attention to the latest Windows Print Spooler vulnerability CVE-2021-36970 is a Spoofing vulnerability with a CVSSv3 score of 8.8 that we don’t yet have much information about. Also noteworthy is CVE-2021-40486, an RCE affecting Microsoft Word, OWA, as well as SharePoint Server, which can be exploited via the Preview Pane. CVE-2021-40487 is another RCE affecting SharePoint Server that Microsoft expects to be exploited before too long.
- Additionally, virtualization administrators should be aware of two RCEs affecting Windows Hyper-V: CVE-2021-40461 and CVE-2021-38672. Both affect relatively new versions of Windows and are considered Critical, allowing a virtual machine to escape from guest to host by triggering a memory allocation error, allowing it to read kernel memory in the host.
What you need to do to protect your business.
Suppose you are an IT managed services customer of ours, or you are using our automated maintenance and monitoring service. In that case, these updates will be installed automatically so long as your machines are powered on. This does include remote home users as well that have our agent installed to help keep the office networks secure. The remote machines need to be updated as well to limit vulnerability, so we do this at no additional charge. IF you are not a customer of Cepheus Solutions, feel free to contact us
If you do not have an maintenance contract you may want to ensure your updates have installed. You can do so in Windows 10 and on your servers too by clicking on the start button, then selecting settings. Once the settings window opens you will see “Updates & Security” (usually listed last) select that to continue.
The Windows Update screen will now appear like so:
Now all you need to do is click on the “Check for Updates” button and wait for it to install the updates and prompt for reboot. If after clicking the “Check for Updates” button Windows Update reports that you are up to date your done and your workstation or server is fully patched and does not require any further attention. Your workstation or server will most likely require a reboot and the servers should be updated outside of production hours as at times the update process stops services make network resources such as Exchange unavailable during the update process.
Thanks for taking the time to read this post as we strive to educate our customers and other technology users as much as possible. Please feel free to share this post with others and as always, if you have a question or comment feel free to leave it below.