Microsoft today released software updates to plug at least 44 security vulnerabilities in its Windows operating systems and related products. The software giant warned that attackers already are pouncing on one of the flaws, which ironically enough involves an easy-to-exploit bug in the software component responsible for patching Windows 10 PCs and Windows Server 2019 machines.
Microsoft said attackers have seized upon CVE-2021-36948, which is a weakness in the Windows Update Medic service. Update Medic is a new service that lets users repair Windows Update components from a damaged state so that the device can continue to receive updates.
Redmond says while CVE-2021-36948 is being actively exploited, it is not aware of exploit code publicly available. The flaw is an “elevation of privilege” vulnerability that affects Windows 10 and Windows Server 2019, meaning it can be leveraged in combination with another vulnerability to let attackers run code of their choice as administrator on a vulnerable system.
According to Microsoft, critical flaws are those that can be exploited remotely by malware or malcontents to take complete control over a vulnerable Windows computer — and with little to no help from users. Top of the heap again this month: Microsoft also took another stab at fixing a broad class of weaknesses in its printing software.
Microsoft said the Print Spooler patch it is pushing today should address all publicly documented security problems with the service.
August brings yet another critical patch (CVE-2021-34535) for the Windows Remote Desktop service, and this time the flaw is in the Remote Desktop client instead of the server.
CVE-2021-26424 — a scary, critical bug in the Windows TCP/IP component — earned a CVSS score of 9.9 (10 is the worst), and is present in Windows 7 through Windows 10, and Windows Server 2008 through 2019 (Windows 7 is no longer being supported with security updates).
Microsoft said it was not aware of anyone exploiting this bug yet, although the company assigned it the label “exploitation more likely,” meaning it may not be difficult for attackers to figure out. CVE-2021-26424 could be exploited by sending a single malicious data packet to a vulnerable system.
How to manually check for Updates in Windows 10
Open Start Menu and click on Settings > Update & Security settings
Here, press on the Check for updates button.
If any updates are available, they will be offered to you.
If Windows Update says that your PC is up to date, it means that you have all the updates that are currently available for your system.
If you are looking for details on the latest updates, click on the Details link. More details about the updates will then be shown to you.
If you need more information about the updates, click on the Learn more link. Every update comes with a KB number. Here for example you can see update KB3103688 being offered. You could search on your favorite search engine using this KB number. Relevant results about the update are sure to be offered.
You can make your Windows 10 receive updates for other Microsoft products and software, like Office, when you update Windows.