During the latest Patch Tuesday, Microsoft closed a total of 71 vulnerabilities. The most dangerous of them is CVE-2021-40449, a use-after-free vulnerability in the Win32k driver that cybercriminals are already exploiting.
In addition to that, Microsoft closed three serious vulnerabilities already known to the public. For now, Microsoft experts consider their probability of exploitation as “less likely.” However, security experts are actively discussing those vulnerabilities, and proofs-of-concept are available on the Internet — and therefore, someone may try to use one.
Microsoft Windows kernel vulnerability
CVE-2021-41335, the most dangerous of those three vulnerabilities, rates a 7.8 on the CVSS scale. Contained in the Microsoft Windows kernel, it allows for the privilege escalation of a potentially malicious process.
Bypassing Windows AppContainer
The second vulnerability, CVE-2021-41338, involves bypassing the restrictions of the Windows AppContainer environment, which protects applications and processes. If certain conditions are met, an unauthorized person can exploit it thanks to default Windows Filtering Platform rules. As a result, it can lead to privilege escalation.
Members of Google Project Zero discovered the vulnerability in July and reported it to Microsoft, giving the company a 90-day deadline to fix it and ultimately publishing proof of concept in the public domain. The vulnerability has a CVSS rating of 5.5.
Windows DNS Server vulnerability
Vulnerability CVE-2021-40469 applies only to Microsoft Windows machines running as DNS servers. However, all current server versions of the operating system, starting with Server 2008 and up to the recently released Server 2022, are vulnerable. CVE-2021-40469 allows remote code execution on the server and has a rating of 7.2 on the CVSS scale.
How to protect your company
The results of our Incident Response Analyst Report 2021, which our Incident Response colleagues produced, indicate that vulnerabilities remain popular initial attack vectors. Moreover, the vulnerabilities aren’t necessarily the most recent — the main threat here is not zero-day vulnerabilities, but delays in the installation of updates in general. Therefore, we always recommend installing updates on all connected devices as soon as possible. Updating is especially important for critical applications such as operating systems, browsers, and security solutions.
To protect your company from attacks using yet-unknown vulnerabilities, use security solutions with proactive protection technologies that can detect zero-day exploits.