Microsoft has released 44 security fixes for August’s Patch Tuesday, with seven of the vulnerabilities being rated critical. There were three zero days included in the release and 37 were rated as important.
There is a fix for the PrintNightmare vulnerability that could allow a remote code execution through a print server, among other twelve such patches. In the update log, Microsoft has classified seven vulnerabilities as critical while 37 of them are important.
If it is not yet clear, you should immediately download the security update because these vulnerabilities are not good for your machine, your data, and connected devices. The three zero-day exploits that have been patched are:
- CVE-2021-36936 Windows Print Spooler Remote Code Execution Vulnerability
- CVE-2021-36942 Windows LSA Spoofing Vulnerability
- CVE-2021-36948 Windows Update Medic Service Elevation of Privilege Vulnerability.
Microsoft fixes PrintNightmare and PetitPotam attacks
Microsoft has released security updates for two eagerly anticipated zero-day vulnerabilities that were discovered over the past month.
One of the security updates fixes the PrintNightmare vulnerabilities that allow threat actors to gain SYSTEM level privileges simply by connecting to a remote print server under their control.
Microsoft has fixed this vulnerability by requiring users have administrative privileges to install printer drivers using the Point and Print Windows feature.
You can find more detailed information about the PrintNightmare vulnerability and the Point and Print mitigations in a dedicated article published today.
Microsoft also fixed the PetitPotam NTLM relay attack vector that uses the MS-EFSRPC API to force a device to negotiate with a remote relay server under an attacker’s control.
A threat actor with low privileges could use this attack to take over a domain controller and thus the entire Windows domain.