![\"\"](\"\/wp-content\/uploads\/2015\/11\/patch-watch-1-2.png\")
\nMicrosoft Patches: Overview<\/strong><\/h2>\n
This July, Microsoft patched 117 vulnerabilities discovered earlier in 2021, including six publicly disclosed bugs.<\/p>\n
Of these 117, Microsoft has fixed key vulnerabilities, including the following:<\/p>\n
- \n
- \n
43 CVEs classified as RCE bugs<\/p>\n<\/li>\n
- \n
32 CVEs with privilege escalation capabilities<\/p>\n<\/li>\n
- \n
12 CVEs linked to denial of service (DoS)<\/p>\n<\/li>\n
- \n
14 CVEs with information disclosure issues<\/p>\n<\/li>\n
- \n
8 CVEs associated with a security feature bypass<\/p>\n<\/li>\n
- \n
7 CVEs with spoofing flaws<\/p>\n<\/li>\n<\/ul>\n
Zero-Day Vulnerabilities<\/strong><\/h2>\n
Microsoft had released patches for nine zero-day vulnerabilities this month (CVE-2021-34492, CVE-2021-34523, CVE-2021-34473, CVE-2021-33779, CVE-2021-33781, CVE-2021-34527, CVE-2021-33771, CVE-2021-34448, CVE-2021-31979). Currently, six of these CVEs have publicly known exploits, and four are under active attack and must be prioritized for patching.<\/p>\n
RCE\/PE Vulnerabilities<\/strong><\/h2>\n
The most notable update is Microsoft’s patch for the “PrintNightmare” vulnerability<\/a>\u201d (CVE-2021-34527<\/a>) in its print spooler function, which may allow an attacker to execute remote malware. CISA had also issued<\/a> an alert to this vulnerability. Microsoft attempted to patch this flaw with an out-of-band version earlier this month, but the flaw is still considered to be exploitable.<\/p>\n
Read more: How to detect CVE-2021-34527?<\/a><\/p>\n
In addition, Microsoft stated seven vulnerabilities ( CVE-2021-34520<\/a>, CVE-2021-34467<\/a>, CVE-2021-34468<\/a>, CVE-2021-34449<\/a>, CVE-2021-33780<\/a>, CVE-2021-33771<\/a>, and CVE-2021-31979<\/a>) are more likely to be exploited. Of these seven, four CVEs are RCE bugs and three with privilege escalation capabilities.<\/p>\n
Microsoft has patched six serious vulnerabilities in Exchange Server where CVE-2021-34473 and CVE-2021-34523 had previously been addressed in Microsoft’s April security update<\/a> and discovered by National Security Agency (NSA). Considering back-to-back updates for the past months, these two vulnerabilities should be monitored closely and fixed immediately.<\/p>\n
Severity Scores<\/strong><\/h2>\n
Notably, 13 vulnerabilities have been marked critical that are classified as RCE bugs.<\/p>\n
![\"\"](\"\/wp-content\/uploads\/2015\/11\/patch-watch-2-2.png\")
<\/p>\nProduct Analysis<\/strong><\/h2>\n
In this round-up, patches were issued for 16 products. Windows\u2019 Server accounted for 71 vulnerabilities, of which 19 were categorized with privilege escalation and 21 with RCE capabilities.<\/p>\n
![\"\"](\"\/wp-content\/uploads\/2015\/11\/patch-watch-3-1.png\")
\n