Microsoft has published 67 software security fixes, including seven critical issues and a zero-day glitch that is actively being exploited by cybercriminals. In its latest Patch Tuesday, released Tuesday night, Microsoft fixes software issues including remote code execution (RCE) vulnerabilities, privilege escalation security flaws, spoofing errors, and denial of service issues. .
Products affected by Microsoft’s December security update include Microsoft Office, Microsoft PowerShell, Chromium-based Edge browser, the Windows Kernel, Print Spooler and Remote Desktop Client.
This update can be downloaded by all those who have any of the compatible versions of Windows 10, specifically for Windows 10 May 2020 Update (2004), Windows 10 October 2020 Update (20H2), Windows 10 May 2021 Update (21H1) and Windows 10 November 2021 Update (21H2).
‘Sgroogled.com’: When MICROSOFT Launched ANTI-GOOGLE Ads
Vulnerabilities now finding a solution
Among the most serious vulnerabilities resolved in this update there are six that contained zero-days exploits and one of them has been known to be actively exploited.
CVE-2021-43890 is a Windows AppX Installer Spoofing zero-day vulnerability. Microsoft has said that it is “aware that there are attacks that attempt to exploit this vulnerability through the use of specially crafted packages” and that the flaw is being used as a weapon to spread the Emotet / Trickbot / Bazaloader malware families.
According to the Zero Day Initiative (ZDI), this year Microsoft has patched 887 vulnerabilities with CVE mapping. Although this figure may seem high, the team notes that this is a 29% decrease from 2020 (not including Chromium-based Edge).
The company has also recently published research on the Iranian threat actors and their classification in the cybercriminal space. Microsoft claims that this year there was a massive increase in Iranian state sponsored attacks against computer services, while in 2020 they were almost non-existent, according to the same company.
Edge browser problems
In addition, as they remember from Engadget Windows, different flaws are still present in this operating system and in Microsoft’s tools. One of them is a problem related to the Edge browser or problems with new installations. Devices with Windows installations created from custom offline media or a custom ISO image may have Microsoft Edge Legacy removed with this update, but not automatically replaced by the new Microsoft Edge.
On the other hand, after installing the June 21, 2021 update (KB5003690), some devices can’t install new updates, such as July 6, 2021 (KB5004945) or later updates. They get the error message “PSFX_E_MATCHING_BINARY_MISSING”.