Microsoft on Tuesday rolled out security patches to contain a total of 71 vulnerabilities in Microsoft Windows and other software, including a fix for an actively exploited privilege escalation vulnerability that could be exploited in conjunction with remote code execution bugs to take control over vulnerable systems.
Two of the addressed security flaws are rated Critical, 68 are rated Important, and one is rated Low in severity, with three of the issues listed as publicly known at the time of the release. The four zero-days are as follows —
- CVE-2021-40449 (CVSS score: 7.8) – Win32k Elevation of Privilege Vulnerability
- CVE-2021-41335 (CVSS score: 7.8) – Windows Kernel Elevation of Privilege Vulnerability
- CVE-2021-40469 (CVSS score: 7.2) – Windows DNS Server Remote Code Execution Vulnerability
- CVE-2021-41338 (CVSS score: 5.5) – Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability
Source: Update Your Windows PCs Immediately to Patch New 0-Day Under Active Attack