In total, the security bugs fixed by Microsoft in its operating system in this new Tuesday of patches have been 44, of which seven have been classified as “critical”, and 37 have been considered as “important”. And, of these 44 security flaws, 13 were of the RCE type (remote code execution), 8 of the information disclosure type, 2 of denial of service and 4 of the spoofing type.
In total, the new security patches fix 3 zero-day vulnerabilities, one of which is actively exploited by hackers. We are going to see the most serious failures in detail.
Security bugs fixed in these new security patches
Of course, the most serious flaw that this new security patch solves is PrintNightmare, also know as CVE-2021-34527. This security flaw is spooled on Windows systems and allows a local attacker to gain SYSTEM privileges (the highest level of permissions) on the operating system. To do this, it takes advantage of a feature known as “Point and Print” to install a malicious driver on the system, which is used to carry out the computer attack.
And we can’t forget about PetitPotam, registered as CVE-2021-36942. This flaw is used to force any domain controller to communicate with any system, which can be used to execute functions and commands through the MS-EFSRPC API without the need to authenticate. This failure also affects all versions of Windows, from 7 to the latest version of Windows 10.
Finally, we cannot forget about the zero-day vulnerability that has an exploit and is being exploited by hackers: CVE-2021-36948. This last fault is found in the component Windows Update Medic Service, and allows attackers to gain privileges within the system affected by it.
Update Windows Now
These new updates are now available to all users, completely free of charge, via Windows Update. Unless we have made changes to the Windows update tool, these new patches will be downloaded and installed automatically as soon as they are available. And, with a simple reboot, we will finish updating the PC and bringing it up to date.
We remind you that these cumulative security patches also include the quality patches released at the end of July as “optional”. These patches focus on correcting quality (non-security) issues in the operating system. And, in addition, this time they focus on improving the performance and stability of the operating system when playing games.
If you don’t want to, or can’t, use Windows Update, you can download these new security patches by hand, and install them on Windows 10 2004, 20H2, and 21H1 from here.