In total, Microsoft’s new security patches fix 117 vulnerabilities on all the company’s products that are still supported. Of these 117 failures, 44 are of the remote code execution type, 32 allow gaining privileges within the system, 14 reveal sensitive equipment information, 12 cause denials of service in the system or its programs, 8 evade security measures and the last 7 served as support to exploit other vulnerabilities.
The 9 zero-day bugs fixed in Windows
Zero-day bugs are one of the most serious vulnerabilities that we can find in any system. These types of flaws are generally discovered by hackers before Microsoft itself, and generally (but not always) they begin to make use of them and distribute exploits until the official patch arrives.
The vulnerabilities of this type that have been corrected in these new patches are:
- CVE-2021-34492. Vulnerability to spoof digital certificates. Flaw revealed but not exploited.
- CVE-2021-34523. Elevation of privileges in Microsoft Exchange Server. Flaw revealed but not exploited.
- CVE-2021-34473. Remote code execution on Microsoft Exchange Server. Flaw revealed but not exploited.
- CVE-2021-33779. Bypassing Windows ADFS security measures. Flaw revealed but not exploited.
- CVE-2021-33781. Bypassing security measures in Active Directory. Flaw revealed but not exploited.
- CVE-2021-34527. Controversial flaw in Windows printers that allows remote code to be executed. Glitch revealed and exploited.
- CVE-2021-33771. Elevation of privileges within the Windows Kernel. Undisclosed but exploited bug.
- CVE-2021-34448. Memory corruption in Windows script engine. Undisclosed but exploited bug.
- CVE-2021-31979. Elevation of privileges within the Windows Kernel. Undisclosed but exploited bug.
Of all these security flaws, the most serious and controversial is the failure of the printers. Baptized as PrintNightmare, This vulnerability has been exploited in a massive way on the network for weeks. Microsoft released an emergency patch to temporarily mitigate the bug a week ago (a useless patch), and has now released the full patch. It will be necessary to see if this time, finally, this vulnerability stops being a nightmare.
Update your PC right now
The new security updates are available for all versions of Windows that are still supported. These are:
- Windows 7 (paid extended support): fixes 30 vulnerabilities, 3 of them critical and 27 important.
- Windows 8.1: fixes 39 vulnerabilities, 3 critical and 36 important.
- Windows 10 version 1903 and 1909; they fix 67 vulnerabilities, 5 of them critical and 62 important.
- Windows 10 version 2004, 20H2 and 21H1: fixes 68 vulnerabilities, 4 critical and 64 important.
The corresponding editions of Windows Server have also received their share of patches to protect servers.
We can download and install security updates on the PC through Windows Update, or manually from their corresponding links to the Microsoft Update catalog:
- KB5004289: Cumulative patch for Windows 7.
- KB5004298: Cumulative patch for Windows 8.1
- KB5004245: Patch for Windows 10 version 1909.
- KB5004237: Patch for Windows 10 versions 2004, 20H2 and 21H1.
We remind you that this update also includes the latest quality patches released at the end of last month. But, this time around, there should be no more problems, although we won’t know until the next few days.