Story image

Microsoft’s Patch Tuesday announcement 'alarming'

By Shannon Williams, 15 Sep 2021

Following Microsoft’s Patch Tuesday announcement yesterday, cybersecurity company Virsec says vulnerabilities disclosed by the tech giant are alarming. 

Microsoft today pushed software updates to plug security gaps in its Windows software and related products, including a vulnerability that is already being exploited in active attacks. 

The company released more than 60 security fixes and updates resolving issues including a remote code execution (RCE) flaw in MSHTML and other critical bugs.

“Looking at this month’s Patch Tuesday updates, CVE-2021-36965 (Windows WLAN AutoConfig Service Remote Code Execution Vulnerability) -- given its combination of severity, lack of privilege escalation/user interaction, and affected Windows versions -- is especially alarming," says Danny Kim, Principal Architect at Virsec.

"As recent trends have shown, remote code execution-based attacks are the most critical vulnerabilities that can lead to the largest negative impact on an enterprise as we have seen in the Solarwinds and PrintNightmare attacks," he says.

"Although the exploit code maturity is currently unproven, this vulnerability has been confirmed to exist, which leaves an opening for attackers," says Kim.

"It specifically relies on the attacker being located in the same network so it would not be surprising to see this vulnerability used in combination with another CVE/attack to achieve an attacker’s end goal," he explains.

"Remote code execution attacks can lead to unverified processes running on the server workload, only highlighting the need for constant, deterministic runtime monitoring. Without this protection in place, RCE attacks can lead to a total loss of confidentiality and integrity of an enterprise’s data.”

Microsoft's latest round of patches, usually released on the second Tuesday of each month in what is known as Patch Tuesday, landed on 14 September.

Last month, Microsoft resolved 44 vulnerabilities in the August batch of security fixes. In total, three were categorized as zero-day flaws, and 13 allowed attackers to perform RCE attacks. Included in the patch release was a fix for a well-publicized Windows Print Spooler vulnerability which could be weaponized for the purposes of local privilege escalation.

The company tackled 117 bugs during the July Patch Tuesday.

Products impacted by September's security update include Azure Open Management Infrastructure, Azure Sphere, Office Excel, PowerPoint, Word, and Access; the kernel, Visual Studio, Microsoft Windows DNS, and BitLocker, among other software.  

"Some Azure products, such as Configuration Management, expose an HTTP/S port for interacting with OMI (port 5986 also known as WinRMport)," says Microsoft. 

"This configuration where the HTTP/S listener is enabled could allow remote code execution. It is important to mention that most Azure services that use OMI deploy it without exposing the HTTP/S port."

Recent stories
More stories