Subj : MS 2021 wrap up with 64 patches
To   : All
From : August Abolins
Date : Sat Mar 05 2022 08:37 pm

Microsoft wraps up 2021 with 64 patched vulnerabilities- 
including Windows 7 fixes

https://news.sophos.com/en-us/2021/12/14/microsoft-wraps-up- 
2021-with-64-patched-vulnerabilities-including-windows-7-fixes/

I found this comment somewhat amusing yet disconcerting:

"fixes apply to versions of Windows stretching the way back to  
the end-of-life'd Windows 7. In fact, there are 17 bugs being  
patched in Windows 7 this month"

WRT Win7, "vulnerability in Windows' Encrypted File System  
(EFS) that also extends back to Windows 7 (CVE-2021-43217)-one  
that can be triggered regardless of whether or not EFS is in  
use on the targeted system. A specially-crafted attack could  
result in a buffer overflow write to memory that could result  
in unauthenticated code being executed by triggering EFS. This  
bug has been publicly disclosed, making it an urgent fix."

The EFS exploit sounds a bit worrisome since "the problem" can  
be triggered even when EFS is not even in use.  I *was*  
thinking of trying it a while back though.

--
  ../|ug

--- OpenXP 5.0.51
 * Origin:  (1:396/45.29)

.