Microsoft releases 117 fixes for critical bugs, zero day exploits - IBTimes India

Battered by cyberattacks, Microsoft releases 117 fixes at one go for critical bugs
Microsoft has issued multiple security upgrades in response to cyber attacks on its servers and software, including a remote code execution (RCE) problem in its Exchange Server. RiskIQ, a global leader in threat intelligence and attack surface control, has also been bought by Microsoft.
By IANS
July 14, 2021 12:10 IST

Advertisement 0:05

Microsoft pushes reopening offices as Covid cases surge
Microsoft pushes reopening offices as Covid cases surge
After facing cyber attacks on its servers and software, Microsoft has released several security fixes, including a remote code execution (RCE) bug in its Exchange Server.

The July 2021 Patch Tuesday fixes 117 vulnerabilities tackling RCEs, spoofing, memory corruption and information disclosure, among others.

"The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates," the company said in an update.

"In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features," the company added. Thirteen security fixes are critical and nine are zero-days.

Microsoft
REUTERS
Microsoft last week released an emergency Windows patch to fix a critical vulnerability in the Windows Print Spooler service called 'PrintNightmare'.

An attacker who successfully exploited this vulnerability could run arbitrary code with System privileges. An attacker could then install programmes, view, change, or delete data, or create new accounts with full user rights.

Microsoft said it has completed the investigation and has released security updates to address this vulnerability. The Print Spooler service runs by default on Windows, including on client versions of the OS, Domain Controllers, and many Windows Server instances.

Microsoft has also acquired RiskIQ, a leader in global threat intelligence and attack surface management, for an undisclosed sum as the company aims to strengthen cybersecurity of digital transformation and hybrid work.