Microsoft has revealed its latest Patch Tuesday release, plugging over 100 security holes in Windows 10 along with fixes for other products including Microsoft Exchange email server following its recent attacks.
Of the 108 patched vulnerabilities, 19 are classified as Critical, with five being zero-day vulnerabilities of which one is known to be actively exploited in the wild.
"We believe this exploit is used in the wild, potentially by several threat actors. It is an escalation of privilege (EoP) exploit that is likely used together with other browser exploits to escape sandboxes or get system privileges for further access," note security researchers from Kaspersky in a blog post on the vulnerability used by threat actors.
- Here's our choice of the best malware removal software on the market
- These are some of the best endpoint protection software
- Also take a look at the best firewall apps and services
Tracked as CVE-2021-28310, the flaw gives attackers the opportunity to elevate their privileges on a target system.
Patch Tuesday
Kaspersky noticed the attack based on the vulnerability that was eventually tagged as CVE-2021-28310 once it was brought to the attention of Microsoft earlier this year.
Kaspersky pins the blame for the exploit on the Bitter APT threat group. However, it wasn’t able to capture the full chain of attack and isn’t sure what other vulnerabilities are exploited by the attack.
In a blog post, Microsoft notes that it hasn’t observed any attacks based on the Exchange vulnerabilities that have been patched in this latest patch Tuesday.
Besides Windows other Microsoft products that got security updates this month include Edge (Chromium-based), Azure Sphere, Azure DevOps Server, SharePoint Server, Visual Studio, and more.
- Protect your devices with these best antivirus software
Via: BleepingComputer
