As you know, our standard advice for Patch Tuesday boils down to four words, “Patch early, pack often.”
56 newly reported vulnerabilities have been fixed in patches this month by Microsoft, four of which allow attackers to find remote code implementation (RCE) taking advantage.
It is a remote code execution where seemingly innocuous data sent from outside your network can trigger a bug and take over your computer.
Cybercriminals are desperately looking for bugs that make it possible for booby-trapped data blocks to force your computer to execute unreliable code, as they usually allow crooks install and install malware…
… Not waking up to “are you sure” alerts, not needing niceties like username and password, and sometimes not even leaving any obvious traces in your system logs.
With all that in mind, the statistic “56 configurations including 4 RCE”Identifying more than enough risk alone to prioritize quickly.
In the desert
In addition to the four RCE holes that may be mentioned above, there is also a piece for a beast called CVE-2021-1732 that is already misused in the desert by carriers .
Canar a. To the situation where there is an attack before a patch comes out zero-day bug: the crooks got there first, so there were zero days you could have been ahead of them.
Fortunately, this zero day bug is not an RCE hole, so crooks can’t use it to get to your network in the first place.
Unfortunately, it is a increase welfare (EoP) is a bug in the Windows kernel itself, which means that crooks who have hacked into your computer can almost certainly abuse it to give themselves all-powerful powers.
Crooks within your network are bad enough, but if their network privileges are equal to a regular user, the damage they can do is often limited. (That’s why your own systems certainly don’t allow you to run with more similar Administrative rights than they used to be back in the 2000s.)
Ransomware criminals, for example, typically spend time at the beginning of their attack looking for an unrelated EoP beast that they can exploit to motivate themselves to have the same power and authority as the your own sysadmins.
If they can seize the rights of a land administrator, they will suddenly be on an equal footing with your own IT department, so they can do pretty much anything they want.
Attackers who have access to an EoP message may be able to: get to and from your map; change your security settings; install or uninstall any software of their choice on any computer; copy or modify any file they wish; tamper with your system logs; find and destroy your online backup; and even to create secret “backdoor” accounts that they can use to break back if you find them this time and send them out.
But that’s not it
If you are still not sure how to patch early, fold frequently, you may want to read Microsoft’s special security magazine with the title Multiple security updates affecting TCP / IP.
The three vulnerabilities listed in this issue are the CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086.
The lice they represent, however, are very interesting indeed.
Even though Microsoft acknowledges that two of them could, in theory, be used for remote code execution purposes (so they make up 2 of the 4 RCE bugs mentioned above) , that’s not what Microsoft is really worried about at the moment:
Both RCE sensitivities are complex which makes it difficult to create action tasks, so they are not vulnerable [to be abused] in the short term. We believe that attackers can create DoS deposits much faster and we anticipate that all three cases can be attacked by a DoS attack shortly after their release. Therefore, we recommend that customers move quickly to implement Windows security updates this month.
The DoS advantages for these CVEs would allow a remote attacker to cause a stop error. Customers may experience a blue screen on any Windows system that is directly exposed to the Internet with minimal network traffic.
DoS is, of course, short for refusal of service – a type of vulnerability that is often seen as the “last resort of equals” compared to security holes such as RCE and EoP.
Denial of service means just what has been said: crooks cannot take over a service, a software program or a vulnerable system, but they can stop working completely.
Unfortunately, the three DoSsable holes ae a low-level bug just down the Windows kernel driver trpip.sys, and the faults can, in theory, tick and bounce just with your computer receiving incoming network packets.
In other words, just going through the packages to decide whether to accept or trust them in the first place could be enough for the targeted computer – to could, of course, be an emergency server on the internet.
What do you do?
Microsoft itself warns you to prioritize these patches if you want to do your updates once, and has even created scripting techniques for those who are still afraid of the principle ” early childhood ”:
It is critical that customers install Windows updates to address these vulnerabilities as soon as possible. If it is not practical to implement the update quickly, procedures are described in the CVEs that do not require a server to restart.
Despite the standards of work, we are here with Microsoft, and we strongly agree with the words essential and as soon as.
Don’t delay. Do it today!
BHIDIO JARGONBUSTER: BUGS, VULNS, EXPLOITS AND 0-DAYS IN PLAIN ENGLISH
Watch directly on YouTube if the video does not play here.
Click on the Settings whisper to speed up replay or display subtitles.