Microsoft December 2021 Patch Tuesday: Zero-day exploited to spread Emotet malware | ZDNet

Microsoft December 2021 Patch Tuesday: Zero-day exploited to spread Emotet malware | ZDNet

Microsoft has released 67 security fixes for software including seven critical issues and a zero-day flaw being actively exploited by cybercriminals. 

In the Redmond giant’s latest round of patches, usually released on the second Tuesday of each month in what is known as Patch Tuesday, Microsoft has fixed problems in software including Remote Code Execution (RCE) vulnerabilities, privilege escalation security flaws, spoofing bugs, and denial-of-service issues.

Products impacted by Microsoft’s December security update include Microsoft Office, Microsoft PowerShell, the Chromium-based Edge browser, the Windows Kernel, Print Spooler, and Remote Desktop Client. 

Some of the most severe vulnerabilities resolved in this update are a total of six zero-days, although only one is known to be actively exploited in the wild: 

An additional 16 CVEs in the Chromium-based Edge browser were patched earlier this month.  

According to the Zero Day Initiative (ZDI), 887 CVE-assigned vulnerabilities have been patched by Microsoft this year. While this figure may seem high, the team notes this is a 29% decrease from 2020 (not including Chromium-based Edge). 

Last month, Microsoft resolved 55 bugs in the November batch of security fixes. In total, six were assigned critical ratings and 15 were remote code execution issues. Zero-day vulnerabilities, too, were resolved by the tech giant.

A month prior, the tech giant tackled 71 vulnerabilities during the October Patch Tuesday. This included four zero-day flaws, one of which was being actively exploited in the wild. 

In other Microsoft security news, the company recently warned that a patched Exchange Server post-authentication flaw, tracked as CVE-2021-42321, is being weaponized in new attacks — adding to the last year’s woes surrounding four zero-days in the server platform. 

The company also recently published research on Iranian threat actors and their ranking in the cybercriminal space. Microsoft says that there has been a massive surge in Iran state-sponsored attacks this year against IT services, despite being close to non-existent in 2020. 

Alongside Microsoft’s Patch Tuesday round, other vendors, too, have published security updates which can be accessed below.

This content was originally published here.

Laat een reactie achter

Het e-mailadres wordt niet gepubliceerd.