As IT administrators do their best to cope with business continuity plans, it’s imperative that they understand and manage patch updates. With cybersecurity threats on the rise thanks to the pandemic, it is essential to gain a better understanding of the Patch Tuesday releases, and find ways to deploy them to remote endpoints efficiently. Microsoft has released fixes for 83 vulnerabilities this Patch Tuesday, among which 10 are classified as critical and 73 as Important. Along with these vulnerabilities, Microsoft has also released fixes for one zero-day, and one publicly disclosed vulnerability this month.
A lineup of significant updates
Microsoft security updates have been released for:
- Microsoft Windows
- Microsoft Edge (EdgeHTML-based)
- Microsoft Office, Microsoft Office Services and Web Apps
- Microsoft Windows Codecs Library
- Visual Studio
- SQL Server
- Microsoft Malware Protection Engine
- .NET Core
- .NET Repository
- ASP .NET
- Azure
Microsoft Defender Zero-day vulnerability
CVE-2021-1647 is a remote code execution vulnerability in the Windows Defender. Microsoft has fixed this vulnerability in Microsoft Malware Protection Engine version 1.1.17700.4 and above. Though exploited in the wild, Microsoft says, this exploit is only at its proof-of-concept level, and is not functional.
To prevent further attacks, in its latest updates of Microsoft Malware Protection Engine, Microsoft has released patches that do not require any user interaction, and updates are automatically installed. unless blocked specifically by the system administrators.
Publicly disclosed Windows EoP vulnerability
The Microsoft splwow64 Elevation of Privilege vulnerability, identified as CVE-2021-1648, has been fixed by Microsoft this month. This flaw in the Microsoft splwow64 service was abused to elevate the privileges of an attacker’s code.
Noteworthy updates
Here are a few vulnerabilities that are especially noteworthy:
- CVE-2021-1658 – Remote Procedure Call Runtime Remote Code Execution Vulnerability: The highest CVSS score and low attack complexity vulnerability of the month.
- Micropatch released for PSExec: A 0patch released for a remote execution vulnerability in the Sysinternals PSExec utility.
Shedding some light on this month’s critical updates
10 Critical vulnerabilities have been reported this Patch Tuesday; those are listed below.
Product | CVE Title | CVE ID |
---|---|---|
Microsoft DTV-DVD Video Decoder | Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability | CVE-2021-1668 |
Microsoft Edge (HTML-based) | Microsoft Edge (HTML-based) Memory Corruption Vulnerability | CVE-2021-1705 |
Microsoft Graphics Component | GDI+ Remote Code Execution Vulnerability | CVE-2021-1665 |
Microsoft Malware Protection Engine | Microsoft Defender Remote Code Execution Vulnerability | CVE-2021-1647 |
Microsoft Windows Codecs Library | HEVC Video Extensions Remote Code Execution Vulnerability | CCVE-2021-1643 |
Windows Remote Procedure Call Runtime | Remote Procedure Call Runtime Remote Code Execution Vulnerability | CVE-2021-1666 |
Windows Remote Procedure Call Runtime | Remote Procedure Call Runtime Remote Code Execution Vulnerability | CVE-2021-1673 |
Windows Remote Procedure Call Runtime | Remote Procedure Call Runtime Remote Code Execution Vulnerability | CVE-2021-1658 |
Windows Remote Procedure Call Runtime | Remote Procedure Call Runtime Remote Code Execution Vulnerability | CVE-2021-1667 |
Windows Remote Procedure Call Runtime | Remote Procedure Call Runtime Remote Code Execution Vulnerability | CVE-2021-1660 |
Third-party updates released this month
Coinciding with this month’s Patch Tuesday, Adobe has released security updates for Photoshop, Illustrator, and Animate. We also have notable security updates from Apple, Android, SAP, Intel, Cisco, and VMware.
Keep reading for a few best practices that are ideal in a remote patch management scenario.
- Prioritize security updates over non-security and optional updates.
- Download patches directly to endpoints rather than saving them on your server, and distributing them to remote locations.
- Schedule automation tasks specifically for deploying critical patches for timely updates.
- Always test the newly incoming patches before deploying them to your endpoints.
- Plan to set broad deployment windows so critical updates aren’t missed due to unavoidable hindrances.
- Allow end users to skip deployments to avoid disturbing their productivity.
- Ensure the machines under your scope aren’t running any end-of-life OSs or applications.
- Ensure you use a secure gateway server to establish a safe connection between your remote endpoints.
With Desktop Central or Patch Manager Plus, you can completely automate the entire process of patch management, from testing patches to deploying them. You can also tailor the patch tasks according to your current situation. For hands-on experience with either of these products, start a 30-day free trial and keep thousands of applications patched and secure.
** Optrics Inc. is a ManageEngine partner
The original article can be found here: