Patrick Domingues

This Tuesday Microsoft Windows Patch Tuesday has deployed a sum of 50 patches which also included critical patches to mitigate 6 vulnerabilities that are being used in the wild to run exploits on systems. Elevation vulnerability’s are no joke because hackers can log into your system as an administrator and push wide spread ransomware. I am glad they have fewer vectors for deployments. 

Vulnerabilities Exploited in the Wild

Although Microsoft fixed a total of seven zero-day vulnerabilities. One was CVE-2021-31968, Windows Remote Desktop Services Denial of Service Vulnerability that was publicly disclosed but hasn’t been seen in attacks. It was issued a CVSS score of 7.5. The following below are the vulnerabilities that were recently patched. 

• CVE-2021-31955 – Windows Kernel Information Disclosure Vulnerability. Rating: Important. CVSS 5.5
• CVE-2021-31956 – Windows NTFS Elevation of Privilege Vulnerability. Rating: Important. CVSS 7.8
• CVE-2021-33739 – Microsoft DWM Core Library Elevation of Privilege Vulnerability. Rating: Important. CVSS 8.4
• CVE-2021-33742 – Windows MSHTML Platform Remote Code Execution Vulnerability. Rating: Critical. CVSS 7.5
• CVE-2021-31199 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability. Rating: Important. CVSS 5.2
• CVE-2021-31201 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability. Rating: Important. CVSS 5.2

What to do?

I suggest everyone go forth and have IT Administrators perform some patching. If you have any questions and need some advice on how to go about patching vulnerable systems feel free to contact me.