Windows Patch Tuesday Covers Vulnerability Used in the Wild

Microsoft has issued another series of security updates, covering 44 issues. Attackers have used, in the wild, at least one of the vulnerabilities the company fixed in this rollout.

Microsoft has made a habit of releasing a new batch of security updates on Tuesday, hence the name Patch Tuesday. Since their updates cover billion of devices worldwide, it’s safe to say that upgrading the OS as soon as possible is recommended.

The patches cover a wide array of components, including .NET Core & Visual Studio, ASP .NET, Azure, Dynamics, Office, SharePoint, Word, Scripting Engine, Windows Codecs Library, Remote Desktop Client, Print Spooler Components, and a few others.

The most interesting of the bunch is the CVE-2021-36948 vulnerability for a lesser known service, the Windows Update Medic. Typically, users don’t come in contact with this service unless something has gone wrong with the Windows Update service. Somehow, the attackers managed to compromise the Medic service, allowing them to escalate privileges and run malicious programs.

The details on this vulnerability are scarce because Microsoft has identified an attack in the wild using it. The how and the methods used are not public, at least not yet.

Windows users will also notice that the Print Spooler is mentioned, and with good reason. Microsoft has fixed three vulnerabilities related to the Print Spooler, one of which was bad enough to get a scary name: PrintNightmare.

The most dangerous of the bunch is CVE-2021-26424, which received a score of 9.9. Aside from the critical score, the only information about it is that it’s “remotely triggerable by a malicious Hyper-V guest sending an ipv6 ping to the Hyper-V host. An attacker could send a specially crafted TCPIP packet to its host utilizing the TCPIP Protocol Stack (tcpip.sys) to process packets.”

Windows users should install the latest security updates as soon as possible to correct all of these vulnerabilities.