Yesterday Microsoft released a new patch and it solves up to 116 security vulnerabilities on Windows 10.
If you have installed any of the three most recent versions of Windows 10 (2004, 20H2 and 21H1) when you open Windows Update you will have the version KB5004237 available for update, which includes improvements and fixes related to general system security, login data verification, and printing tasks.
The older versions of Windows 10, on the other hand, have their own update packs:
This patch solves up to 116 security vulnerabilities on Windows 10
Actually, we already know several of the patches included in this update, as they have been released independently in the previous days: patches to fix game performance, PDF problems, and the famous fix against the PrintNightmare vulnerability.
Finally, the Patch Tuesday released yesterday for Windows 10 solves 116 security problems. Among those problems, at least 4 of them are currently being exploited, and a total of 13 have been classified as ‘critical’ by Microsoft.
Three of them stand out, which are part of both groups: CVE-2021-34448, a critical remote code execution vulnerability in the scripting engine built into all supported versions of Windows (including server versions); and CVE-2021-33771 and CVE-2021-31979, both bugs related to privilege elevation in the Windows kernel.
Another of the most relevant vulnerabilities among those patched yesterday is CVE-2021-34494, a ‘zero-day’ security hole in the Windows DNS server that also affects Windows server versions, and allows manipulating the domain name resolution system, thus redirecting web accesses transparently to the user.
But among the 116 security holes, there is a bit of everything, with others affecting a long list of Windows components (Windows Defender, Dynamics Business Central, Windows Media Foundation, Hyper-V and the MSHTL platform), as well as external programs (such as HEVC Video Extensions, Microsoft Excel and SharePoint Server, Word, Power BI, etc.).
