14.09.2021 Microsoft’s Patch Tuesday is here — and Field Effect’s security researchers have been busy

by Field Effect

It’s Patch Tuesday, a day that’s always on our radar here at Field Effect.   

And today’s report has some special additions. More on that soon, but let’s first cover the basics. 

What is Patch Tuesday? 

Since 2003, Patch Tuesday has been the day Microsoft releases security fixes for vulnerable Windows and Office products — and other leading software brands have also started providing patches following this schedule.               

For busy IT and infosec teams, the second Tuesday of each month can save hours trying to track and prioritize critical software patches and stay ahead of malicious cyber attacks. 

That’s because the report consolidates the month’s high-priority patches — enabling time-strapped IT pros to determine the ones to test and deploy for their mission-critical applications and operating systems updates.   

 

Spoiler alert: 

In addition to our news last month, this week’s Windows update includes five more 0-day vulnerabilities that we discovered back in May. 

 If unpatched, these vulnerabilities could be exploited to gain kernel-level privilege — giving attackers the ability to move deeply into operating systems, applications, and more — bypassing traditional controls.  

Here are those we discovered that have patches available today:  

  • CVE-2021-38629: Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability 
  • CVE-2021-38628: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability 
  • CVE-2021-38638: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. Note: this CVE actually includes three 0-days.   

The best defense, in addition to ensuring our MDR platform Covalence is tracking and preventing threats from harming your network, is being diligent about patch management. Pay attention to Patch Tuesday reports, maintain a patching schedule, manage regular updates, and check in with our Field Effect team for questions or advice at any time. 

Stay tuned for more updates next month 

That’s all we will say for now — but stay tuned for full details about our findings next month. 

You can access links to the patches and more details about the vulnerabilities patched in Microsoft’s Security Update. 

For the latest news about new and emerging threats, cyber security best practices and tips, informative webinar invites, and more – sign up for our newsletter below! 



 

Request Demo

Fill out the form and we will send you details about our demo.