Microsoft Fixes Seven Zero-Days This Patch Tuesday
Phil Muncaster UK / EMEA News Reporter , Infosecurity Magazine
Microsoft announced patches for a half-century of CVEs this month, including seven zero-day vulnerabilities, six of which are being actively exploited in the wild.
The six vulnerabilities in question start with CVE-2021-31955, an information disclosure bug in Windows kernel, and remote code execution flaw CVE-2021-33742.
The rest are elevation of privilege bugs in Windows NTFS (CVE-2021-31956), the Microsoft Enhanced Cryptographic Provider (CVE-2021-31199 and CVE-2021-31201) and the Microsoft DWM Core Library (CVE-2021-33739).
In addition, CVE-2021-31968 is a denial of service vulnerability in Windows Remote Desktop Services, which has been publicly disclosed but not yet seen in attacks.