Last week Microsoft released software updates to plug at least 44 security vulnerabilities in its Windows operating systems and related products. The software giant warned that attackers are already pouncing on one of the flaws. Ironically enough involves an easy-to-exploit bug in the software component responsible for patching Windows 10 PCs and Windows Server 2019 machines.
Microsoft said attackers have seized upon CVE-2021-36948, which is a weakness in the Windows Update Medic service. Update Medic is a new service that lets users repair Windows Update components from a damaged state so that the device can continue to receive updates.
Redmond says while CVE-2021-36948 is being actively exploited, it is not aware of exploit code publicly available. The flaw is an “elevation of privilege” vulnerability that affects Windows 10 and Windows Server 2019, meaning it can be leveraged in combination with another vulnerability to let attackers run code of their choice as administrators on a vulnerable system.
“CVE-2021-36948 is a privilege escalation vulnerability – the cornerstone of modern intrusions as they allow attackers the level of access to do things like hide their tracks and create user accounts,” said Kevin Breen of Immersive Labs. “In the case of ransomware attacks, they have also been used to ensure maximum damage.”
According to Microsoft, critical flaws can be exploited remotely by malware or malcontents to take complete control over a vulnerable Windows computer — and with little to no help from users. Top of the heap again this month: Microsoft also took another stab at fixing a broad class of weaknesses in its printing software.
Last month, the company rushed out an emergency update to patch “PrintNightmare” — a critical hole in its Windows Print Spooler software being attacked in the wild. Since then, several researchers have discovered holes in that patch, allowing them to circumvent its protection.
Today’s patch Tuesday fixes another critical Print Spooler flaw (CVE-2021-36936). Still, it’s not clear if this bug is a variant of PrintNightmare or a unique vulnerability all on its own, said Dustin Childs at Trend Micro’s Zero Day Initiative.
“Microsoft does state low privileges are required, so that should put this in the non-wormable category, but you should still prioritize testing and deployment of this Critical-rated bug,” Childs said.
Microsoft said the Print Spooler patch it is pushing today should address all publicly documented security problems with the service.
“Today we are addressing this risk by changing the default Point and Print driver installation and update behavior to require administrator privileges,” Microsoft said in a blog post. “This change may impact Windows print clients in scenarios where non-elevated users were previously able to add or update printers. However, we strongly believe that the security risk justifies the change. This change will take effect with the installation of the security updates released on August 10, 2021 for all versions of Windows, and is documented as CVE-2021-34481.”
August brings yet another critical patch (CVE-2021-34535) for the Windows Remote Desktop service. This time, the flaw is in the Remote Desktop client instead of the server.
CVE-2021-26424 — a scary, critical bug in the Windows TCP/IP component — earned a CVSS score of 9.9 (10 is the worst) and is present in Windows 7 through Windows 10, and Windows Server 2008 through 2019 (Windows 7 is no longer being supported with security updates).
Microsoft said it was not aware of anyone exploiting this bug yet. However, the company labelled “exploitation more likely,” meaning it may not be difficult for attackers to figure out. CVE-2021-26424 could be exploited by sending a single malicious data packet to a vulnerable system.
Check out the always-useful patch Tuesday roundup from the SANS Internet Storm Centre for a complete rundown of all patches released today and indexed by severity.
And it’s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: AskWoody.com usually has the lowdown on any patches that are causing problems for Windows users.
On that note, before you update, please make sure you have backed up your system and/or essential files. It’s not uncommon for a Windows update package to hose one’s system or prevent it from booting correctly, and some updates have been known to erase or corrupt files.
So do yourself a favour and backup before installing any patches. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.
And if you wish to ensure Windows has been set to pause updating, so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, see this guide.
All Equates managed IT customers do not have to worry about patching. We take care of all that, including testing the patch in advance and backing up and the actual patching.