Today Microsoft released an incredibly important KB5004237 & KB5004245 cumulative updates to all computers. It resolved nine 0-day vulnerabilities, of which 4 are actively being exploited.
According to BleepingComputer.com The five publicly disclosed, but not exploited, zero-day vulnerabilities are:
- CVE-2021-34492 – Windows Certificate Spoofing Vulnerability
- CVE-2021-34523 – Microsoft Exchange Server Elevation of Privilege Vulnerability
- CVE-2021-34473 – Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2021-33779 – Windows ADFS Security Feature Bypass Vulnerability
- CVE-2021-33781 – Active Directory Security Feature Bypass Vulnerability
There was everyone’s favorite PrintNightmare that was publicly disclosed and actively exploited.
- CVE-2021-34527 – Windows Print Spooler Remote Code Execution Vulnerability
The last three are actively exploited Windows vulnerabilities that were not publicly disclosed.
- CVE-2021-33771 – Windows Kernel Elevation of Privilege Vulnerability
- CVE-2021-34448 – Scripting Engine Memory Corruption Vulnerability
- CVE-2021-31979 – Windows Kernel Elevation of Privilege Vulnerability
For more information please visit BleepingComputers article on the subject: Microsoft July 2021 Patch Tuesday fixes 9 zero-days, 117 flaws (bleepingcomputer.com)
Or Microsoft’s website on this months updates: https://support.microsoft.com/en-us/help/5004237
Why are Updates so Soul Crushing?
Here is the truth about Microsoft, is even the system administrators, network administrators, and Microsoft themselves know that updates are a pain. The reason? The dreaded “Restart Now?” question that plagues us constantly.
I don’t even like looking at that screen, even less debating the ethical dilemma of restarting now or restarting later. For Cybersecurity experts, updates and patches are incredibly important… but also are the bane of our existence.
If we look at Linux it is quite simple. We just have to run the following code, and usually don’t have a reboot. It restarts any services that is needing it and brings everything back online pretty quickly. It does however have minor updates every so often so you will want to check for frequency often. All you have to do is run:
sudo apt-get update -y
sudo apt-get upgrade -y
It really is that simple. Or if you just use the ubuntu updates its even easier, and runs those commands for you.
Its the same with MAC, there are not usually reboots to fix issues, if there is then its for a major update.
So why does Windows do this to us? Why can’t they have a better platform for updates? Well, my only explination of this is that Microsoft just hasn’t figured out how to do that effectively.
On a personal note, I’ve been working on Windows computers for decades and it has always been a pain to run updates. Even using Configuration Manager or Intune can help, but doesn’t assist with what the end-user has to deal with. It’s not am easy thing to administer and if Microsoft Windows reams made it more streamlined. By the way, please thank your system administrators and your cybersecurity teams. They really do work hard to keep the environment safe.
Why are Updates Necessary?
Well, to be clear… Its not just about updates having the latest and greatest features. It is really about not exposing our machines to vulnerabilities so that your computer doesn’t get compromised. With that I want to bring up why confidentiality, integrity, and availability are the highest importance to information security and updates.
When it comes to these vulnerabilities most attacks fall under one of those categories. If a vulnerability allows potential exposure of data, that is an attack on confidentiality. If a vulnerability allows attack alters personal information at a bank to get money transferred somewhere else, that is an attack on integrity. and finally, if there is a vulnerability that allows a execution of code, an attacker could use it to force a system, or a whole organization to be offline, it is an attack on availability. These types of attacks can be remediated by many updates. This is why we have to reboot. This is why we have to keep updating.
Remediating the vulnerabilities are the reasons we need updates. While updates are a pain, it’s better to deal with the updates, than to be vulnerable to an attack that could have been avoided with a simple update.