image
Microsoft jumped on 50 vulnerabilities in this month’s Patch Tuesday update, issuing fixes for CVEs in Microsoft Windows, .NET Core and Visual Studio, Microsoft Office, Microsoft Edge (Chromium-based and EdgeHTML), SharePoint Server, Hyper-V, Visual Studio Code – Kubernetes Tools, Windows HTML Platform, and Windows Remote Desktop. Five of the CVEs are rated Critical and 45 are rated Important in severity. Microsoft reported that six of the bugs are currently under active attack, while three are publicly known at the time of release. The number might seem light – it represents six fewer patches than Microsoft released in May – but the number of critical vulnerabilities ticked up to five month-over-month. Those actively exploited vulnerabilities can enable an attacker to hijack a system. They have no workarounds, so some security experts are recommending that they be patched as the highest priority. The six CVEs under active attack in the wild include four elevation of privilege vulnerabilities, one information disclosure vulnerability and one remote code execution (RCE) vulnerability. Critical Bugs of Note CVE-2021-31985 is a critical RCE vulnerability in Microsoft’s Defender antimalware software that should grab attention. A similar, critical bug in Defender was patched in January. The most serious of the year’s first Patch Tuesday, that earlier Defender bug was an RCE vulnerability that came under active exploit. Another critical flaw is CVE-2021-31963, a Microsoft…

Source