.jpg)
.jpg)
.jpg)
Microsoft has rolled out Patch Tuesday updates to address multiple security vulnerabilities in Windows and other software, including one actively exploited flaw that’s being abused to deliver Emotet, TrickBot, or Bazaloader malware payloads.
The latest monthly release for December fixes a total of 67 flaws, bringing the total number of bugs patched by the company this year to 887, according to the Zero Day Initiative. Seven of the 67 flaws are rated Critical and 60 are rated as Important in severity, with five of the issues publicly known at the time of release. It’s worth noting that this is in addition to the 21 flaws resolved in the Chromium-based Microsoft Edge browser.
The most critical of the lot is CVE-2021-43890 (CVSS score: 7.1), a Windows AppX installer spoofing vulnerability that Microsoft said could be exploited to achieve arbitrary code execution. The lower severity rating is indicative of the fact that code execution hinges on the logged-on user level, meaning “users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
The Redmond-based tech giant noted that an adversary could leverage the flaw by crafting a malicious attachment that’s then used as part of a phishing campaign to trick the recipients into opening the email attachment. Sophos security researchers Andrew Brandt as well as Rick Cole and Nick Carr of the Microsoft Threat Intelligence Center (MSTIC), have been credited with reporting the vulnerability.
“Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/ Trickbot/ Bazaloader,” the company further added. The development comes as Emotet malware campaigns are witnessing a surge in activity after more than a 10-month-long hiatus following a coordinated law enforcement effort to disrupt the botnet’s reach.
Other flaws that are publicly known are below —
- CVE-2021-43240 (CVSS score: 7.8) – NTFS Set Short Name Elevation of Privilege Vulnerability
- CVE-2021-43883 (CVSS score: 7.8) – Windows Installer Elevation of Privilege Vulnerability
- CVE-2021-41333 (CVSS score: 7.8) – Windows Print Spooler Elevation of Privilege Vulnerability
- CVE-2021-43893 (CVSS score: 7.5) – Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability
- CVE-2021-43880 (CVSS score: 5.5) – Windows Mobile Device Management Elevation of Privilege Vulnerability
The December patch also comes with remediations for 10 remote code execution flaws in Defender for IoT, in addition to critical bugs affecting iSNS Server (CVE-2021-43215), 4K Wireless Display Adapter (CVE-2021-43899), Visual Studio Code WSL Extension (CVE-2021-43907), Office app (CVE-2021-43905), Windows Encrypting File System (CVE-2021-43217), Remote Desktop Client (CVE-2021-43233), and SharePoint Server (CVE-2021-42309).
Software Patches From Other Vendors
Besides Microsoft, security updates have also been released by other vendors to rectify several vulnerabilities, including —
Furthermore, numerous security advisories have been released by dozens of companies for the actively exploited Log4j remote code execution vulnerability that could allow the complete takeover of affected systems.
Unique Visitors
According to my study, after a foreclosed home is available at an auction, it is common to the borrower in order to still have any remaining unpaid debt on the mortgage loan. There are many loan providers who seek to have all rates and liens paid by the following buyer. Even so, depending on specified programs, polices, and state laws there may be some loans that are not easily solved through the exchange of lending products. Therefore, the obligation still falls on the client that has obtained his or her property in foreclosure. Thanks for sharing your thinking on this website.
Hi there would you mind sharing which blog platform you’re working with? I’m looking to start my own blog soon but I’m having a difficult time selecting between BlogEngine/Wordpress/B2evolution and Drupal. The reason I ask is because your layout seems different then most blogs and I’m looking for something completely unique. P.S Sorry for getting off-topic but I had to ask!
What I have usually told individuals is that while searching for a good online electronics retail store, there are a few issues that you have to think about. First and foremost, you should make sure to find a reputable and also reliable shop that has picked up great critiques and classification from other shoppers and market sector advisors. This will ensure that you are handling a well-known store that provides good assistance and help to its patrons. Many thanks for sharing your opinions on this web site.
It抯 actually a great and useful piece of information. I抦 happy that you shared this useful info with us. Please stay us up to date like this. Thank you for sharing.
One more thing I would like to convey is that in lieu of trying to accommodate all your online degree classes on times that you end work (as most people are worn out when they get home), try to get most of your classes on the week-ends and only a couple of courses in weekdays, even if it means taking some time away from your weekend. This pays off because on the saturdays and sundays, you will be extra rested along with concentrated in school work. Thanks a bunch for the different guidelines I have acquired from your website.
Normally I don’t read article on blogs, but I wish to say that this write-up very forced me to try and do so! Your writing style has been amazed me. Thanks, very nice post.
Howdy! Do you use Twitter? I’d like to follow you if that would be okay. I’m absolutely enjoying your blog and look forward to new updates.
Hey, I think your site might be having browser compatibility issues. When I look at your blog in Safari, it looks fine but when opening in Internet Explorer, it has some overlapping. I just wanted to give you a quick heads up! Other then that, fantastic blog!
Wonderful blog! I found it while searching on Yahoo News. Do you have any tips on how to get listed in Yahoo News? I’ve been trying for a while but I never seem to get there! Cheers