Dark Reading -
Microsoft today patched a Windows zero-day vulnerability as a part of its monthly Patch Tuesday rollout, which fixed a relatively low number of Common Vulnerabilities and Exposures (CVEs) but a high number of publicly known bugs.
The 56 vulnerabilities patched today exist in Microsoft Windows, .NET framework, Windows Defender, Azure IoT, Azure Kubernetes Service, Exchange Server, Skype for Business and Lync, Office and Office Services and Web Apps, and Microsoft Edge for Android. Eleven of these flaws are classified as critical in severity, 43 are important, and two are moderate.
Under active attack is CVE-2021-1732, an important local privilege escalation flaw in Windows Win32k. If exploited, this vulnerability would allow a logged-on attacker to execute their code with higher privileges. Microsoft reports this flaw requires low attack complexity, low privileges, and no user interaction to exploit. However, the threat to confidentiality, integrity, and availability is high.
“The exploitation of this vulnerability
The post Microsoft Fixes Windows Zero-Day in Patch Tuesday Rollout first appeared on Dark Reading.