There is always a debate about whether it is best to delay installing the monthly Windows 10 Cumulative Update to allow others to discover its bugs, or whether one should install it immediately to get the fixes as soon as possible.

This month the news that the update fixes 55 recently discovered flaws , including 4 classified as critical and three Zero-Day Exploits may help tip the balance.

Those are:

CVE-2021-31204

CVE-2021-31204  is a vulnerability that impacts .NET and Visual Studio and could allow a successful attacker to elevate their permissions. Microsoft has released patches for Microsoft Visual Studio 2019 for Windows and macOS as well as .NET 5.0 and .NET Core 3.1. Microsoft indicates that while this has been publicly disclosed, it has not been exploited in the wild. There are additional details regarding this vulnerability available on the dotnet github page.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

CVE-2021-31207

CVE-2021-31207  is a Microsoft Exchange Server vulnerability. On this occasion, it is a security feature bypass discovered during PWN2OWN 2021.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

CVE-2021-31200

This code execution vulnerability is found in Neural Network Intelligence (NNI), an open-source tool for managing AutoML experiments. Since it is an open-source project, you can see the code change that was made to resolve this vulnerability.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

Read the rest of the Patch Tuesday changelog here, and install the update by Checking for Updates in Settings.

via TripWire, WBI

Comments