Microsoft has released an update within their usual schedule with several fixes for vulnerabilities in Windows operating system’s different components. The update also fixes an actively exploited flaw used for delivering Emotet, TrickBot, and Bazaloader malware payloads.
7 flaws are critical, 5 flaws are publicly known
The monthly update fixes a total of 67 flaws. While 7 of them are Critical, the remaining 60 flaws are rated as Important. 5 of these 67 flaws were known publicly known.
The most critical vulnerability was CVE-2021-43890, with a CVSS score of 7.1. It is a Windows AppX installer spoofing vulnerability that could be exploited for arbitrary code execution. This flaw is said to be less dangerous for those users who logged with low user level in the user settings while being more dangerous for high user level ones.
The 5 flaws that are publicly known are listed below:
- CVE-2021-41333 (CVSS score: 7.8) – Windows Print Spooler elevation of privilege vulnerability
- CVE-2021-43883 (CVSS score: 7.8) – Windows Installer elevation of privilege vulnerability
- CVE-2021-43240 (CVSS score: 7.8) – NTFS set short name elevation of privilege vulnerability
- CVE-2021-43893 (CVSS score: 7.5) – Windows Encrypting File System (EFS) elevation of privilege vulnerability
- CVE-2021-43880 (CVSS score: 5.5) – Windows Mobile Device Management elevation of privilege vulnerability
Windows 10 and Windows 11 users should leave automatic updates “on” while also manually checking for updates from time to time. Sometimes an update may need a user confirmation, blocking the remaining update pipeline.