The latest update for Windows 10 fixes 66 vulnerabilities
Microsoft has sent out its usual monthly security updates with the Tuesday Patch. This time 66 vulnerabilities have been patched, one of which is critical and is being actively exploited so it is recommended to immediately update your system.
The security flaw identified as CVE-2021-40444, is a zero-day vulnerability that affects all versions of Windows from Windows 7 to Windows 10,and Windows Server from version 2008 onwards.
It is being exploited through malicious Office documents
The bug in question is a remote code execution vulnerability in MSHTML (the main HTML component of Internet Explorer) and allows Windows users to be compromised through a simple Office document.
An attacker could create a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser’s rendering engine. The attacker would then have to convince the user to open the malicious document, and once this is done, they would have access to execute code remotely on the victim’s computer.
Microsoft also explains that users without administrator privileges would be impacted less by one of these attacks than those who use administrator accounts all the time.
In addition to this vulnerability, Microsoft also patched three elevation of privilege bugs in the Windows Print Spooler service, part of a long list of vulnerabilities related to this component that have recently been plaguing the system.