Microsoft's Patch Tuesday for this month has brought a deluge of bug fixes, with a total of 165 vulnerabilities addressed. This includes a critical vulnerability that is currently under active attack, as well as a bug that was already disclosed by a frustrated security researcher. The sheer volume and severity of the issues patched highlight the ongoing challenge faced by tech companies in keeping their software secure.
Active Attack on CVE
One of the most concerning vulnerabilities addressed in this Patch Tuesday is a critical bug that is being actively exploited in the wild. Designated as CVE-2021-40444, this flaw exists in the MSHTML component of Internet Explorer and was reported as being leveraged in targeted attacks against Windows users. Microsoft has released a patch for this issue to prevent further exploitation.
Organizations are strongly advised to apply the patch as soon as possible to protect their systems from potential attacks. Exploiting this vulnerability could allow threat actors to execute arbitrary code on vulnerable systems, leading to potential data theft or system compromise. It is essential for users to stay vigilant and keep their software up to date to mitigate these risks.
Angry Bug Hunter Discloses Issue
Adding to the complexity of this month's Patch Tuesday, a security researcher has publicly disclosed a vulnerability that affects Microsoft Exchange servers. The bug, identified as CVE-2021-24084, was initially reported to Microsoft in April but was not fixed in the latest round of patches. Frustrated by the lack of action, the researcher decided to make the details public, potentially putting users at risk.
Microsoft has acknowledged the public disclosure and stated that they are monitoring the situation. In the meantime, users are advised to follow any mitigation advice provided by the company and take steps to secure their Exchange servers. This incident underscores the importance of timely and effective communication between researchers and vendors to prevent the unnecessary exposure of vulnerabilities.
[...]
Feel free to let me know if you need more Content!
If you have any questions, please don't hesitate to Contact Us
β Back to Technology News