Microsoft Releases July 2021 Patch Tuesday to Fix 117 Vulnerabilities, Including Some Zero-Day Issues

Microsoft has released Its July 2021 Patch Tuesday that comprises fixes for as many as 117 vulnerabilities. The security updates are meant for a range of Microsoft products and features, including Microsoft Office, Windows Defender, Windows Hello, and Microsoft Exchange Server, among others. The latest set of fixes contain security patches for some of the most recent security vulnerabilities to surface in the wild, including two new Remote Code Execution vulnerabilities in Microsoft Exchange Server, a serious memory-corruption bug in Windows kernel mode drivers, and a privilege escalation in Windows Update. CVE-2019-0977, CVE-2019-1173, and CVE-2019-0982: Remote Code Execution Vulnerabilities in Microsoft Exchange Server 2019 Microsoft Exchange Server 2019 is an email and messaging service offered by Microsoft. Exchange servers have a range of critical features, including Microsoft's Office Web Apps and Microsoft Exchange ActiveSync. Two Remote Code Execution vulnerabilities were discovered in Microsoft Exchange Server 2019 that would allow an attacker to gain administrative privileges on the system. The issue was fixed in February 2020. The first update released by Microsoft contained a fix for this problem.

COBRA insurance premiums old Florida home insurance Travel and Life Insurance Companies Types of Health Insurance Denials Medical Malpractice Insurance Insurance Premiums Audited Insurance Agent Personal Accident Insurance Vs Life Insurance Comparison one-time COVID credits and benefits Florida House fight climate change US Amazon union watershed green water policies water scarce Project Presentation Wrong climate change fight Water crisis builds in Egypt Waste Water Treatment Waste Management is environmentally friendly Various Techniques Used For Waste Management Improving Your Time Management Storm-Water Management Systems Project Manager plan to tackle water shortage Land surveying Mine Water Management Solutions HIGHLY EFFECTIVE CONFLICT RESOLVERS Nile Delta threatened by climate change Coping with Environmental Stress Conflict Management Can be Quick And Easy By 2050, climate change could destroy U.S. agriculture 11 technologies to eliminate food and or water shortage Environmental Management online marketing / digital marketing organic farming 10 great photography tips Agriculture Farming Tools And Implements Making Money From An Agricultural Business CORN FARMING NEW TECHNOLOGY Start an urban agriculture and food system organic farming popular today Tomato Cultivation Technology Biodynamic Agriculture Secrets Biodynamic Agriculture Biodynamic agriculture 5 Tips Biodynamic agriculture performance of natural farming natural farming proper material list for natural farming reduce weeds by natural farming

 

CVE-2019-0977: An XSLT vulnerability in Exchange Web Services CVE-2019-1173: A Remote Code Execution Vulnerability in Exchange Web Services. CVE-2019-0982: The XSLT vulnerability used in CVE-2019-0977 as a fallback. "In Exchange Web Services, CVE-2019-0977 (XSLT vulnerability) is used as a fallback to CVE-2019-1173. Exchange Web Services uses Microsoft XML Services (MSXML). CVE-2019-1173 requires support for Extended MIME. Some versions of Windows do not support Extended MIME. Exchange Web Services has a fallback in CVE-2019-0982 (XSLT vulnerability) that does not use Extended MIME. In the fallback XSLT vulnerability, CVE-2019-0977 does not occur. In this case, the attacker does not need to compromise mailboxes. Instead, the attacker can send specially crafted XML messages to an affected Exchange Web Services instance. CVE-2019-1173 is not a requirement for Windows Server versions before Windows Server 2003. Microsoft does not recommend using Exchange Web Services on affected Windows Server versions. However, organizations that need to use Exchange Web Services on affected Windows Server versions can choose to do so." "Microsoft does not recommend using Exchange Web Services on affected Windows Server versions. However, organizations that need to use Exchange Web Services on affected Windows Server versions can choose to do so. CVE-2019-0982 (XSLT vulnerability) can be used to mitigate this vulnerability if Exchange Web Services is used." We are still looking at CVE-2019-0982 CVE-2019-1173. However, even if Microsoft addresses CVE-2019-1173, there are still a number of servers out there using the deprecated version of XSLT. There have been no reliable exploits to date for CVE-2019-0977, so users are vulnerable to it only if they have Exchange Web Services servers running on Windows versions where Extended MIME is unsupported.

Microsoft has released Its July 2021 Patch Tuesday that comprises fixes for as many as 117 vulnerabilities. The security updates are meant for a range of Microsoft products and features, including Microsoft Office, Windows Defender, Windows Hello, and Microsoft Exchange Server, among others. Some of the vulnerabilities affect Windows vulnerabilities, while others are for Microsoft Office and Exchange Server. Microsoft Security Response Center (MSRC) has also released the July Security Update Patch Table for a much better overview of the security updates that have been patched by Microsoft as well as other updates.