We are again on the second Tuesday of the month. And we all know what that means: that Today is 'Patch Tuesday', that Patch Tuesday in which many of the large software development companies concentrate their update releases. A policy that, in the case of Microsoft, translates into releases of its cumulative updates for Windows 10.
So that if you are a user of the stable version of Windows 10 (in any of its Pro, Home, etc flavors), it means that —for a little over an hour— you have available on Windows Update (Settings> Update and security> Windows Update) update KB5003637. You can also download it from the Windows Update Catalog.
What does this new update include?
This new cumulative update incorporates, according to Microsoft, improvements and bug fixes for various components of Windows 10 such as Microsoft Scripting Engine, Windows App Platform, Windows HTML Platform, Windows Authentication, Windows Virtualization, or the operating system's own kernel and file system.
This update It will also be the one that finally allows activating the 'News and interests' function in all users who install it, instead of - as it happened until now - it was activated randomly only for a certain percentage of Windows 10 users.
So, once you update, you can have on your taskbar this Microsoft alternative to Google Discover, based on the content of MSN (Microsoft News).
Among the 50 vulnerabilities patched this update KB5003637, stand out no less than six 'zero day' vulnerabilities:
CVE-2021-31955: This vulnerability means that an attacker can read the contents of kernel memory in a user mode process.
CVE-2021-31956: This vulnerability of NTFS elevation of privilege it requires the attacker to convince us to run a certain executable on our computer.
CVE-2021-33739: This vulnerability allows a local privilege escalation attack to be carried out linked to Desktop Windows Manager or DWM, the Windows 10 window manager. The attacker can do this by causing us to run an executable or a script on our computer.
CVE-2021-33742: This vulnerability (also qualified as 'critical') that affects the Trident HTML engine, so affects a multitude of applications, not just Internet Explorer. This vulnerability allows a potential attacker to execute malicious code on a system if a user uses it to access specially crafted web content.
CVE-2021-31199 / CVE-2021-31201 - Both vulnerabilities facilitate elevation of privilege attacks that affect Microsoft's Enhanced Cryptographic Provider, and are related to another vulnerability - already solved last month - of the popular Adobe Reader.
Via | Sleeping Computer