CVE-2021-34448: Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability

CVE-2016-4654 The More You Know, The More You Know You Don’t Know - Project Zero A Year in Review of 0-days Used In-the-Wild in 2021 Posted by Maddie Stone, Google Project Zero This is our third annual year in review of 0-days exploited in-the-wild [2020, 2019]. Each year we’ve looked back at all of the detected and disclosed in-the-wild 0-days as a group and synthesized what we think the trends and takeaways are. The goal of this report is not to detail each individual exploit, but instead to analyze the exploits from the year as a group, looking for trends, gaps, lessons learned, successes, etc. If you’re interested in the analysis of individual exploits, please check out our root cause analysis repository. We perform and share this analysis in order to make 0-day hard. We want it to be more costly, more resource intensive, and overall more difficult for

CVE-2021-34448 [MEDIUM] Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability

CVE-2021-34448 [MEDIUM] CWE-787 Microsoft Windows Scripting Engine Memory Corruption Vulnerability Microsoft Windows Scripting Engine Memory Corruption Vulnerability Microsoft Windows Scripting Engine contains an unspecified vulnerability that allows for memory corruption. Affected: Microsoft Windows Required Action: Apply updates per vendor instructions. Exploitation References: https://api.msrc.microsoft.com/cvrf/v3.0/cvrf/2021-Jul; https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json Remediation Due: 2021-11-17

CVE-2021-34448 [HIGH] CWE-787 Microsoft Windows Scripting Engine Memory Corruption Vulnerability Vulnerability: Microsoft Windows Scripting Engine Memory Corruption Vulnerability Affected: Microsoft Windows Microsoft Windows Scripting Engine contains an unspecified vulnerability that allows for memory corruption. Required Action: Apply updates per vendor instructions. Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-34448 Remediation Due Date: 2021-11-17

CVE-2021-34448 [MEDIUM] Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. Microsoft Scripting Engine: Microsoft Scripting Engine Microsoft: Microsoft Impact: Remote Code Execution Explo

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys #### Table of Contents - Situation - Directive Scope - CISA Catalog of Known Exploited Vulnerabilities - Detect CISA Vulnerabilities Using Qualys VMDR - CISA Exploited RTI - Detailed Operational Dashboard - Remediation - Federal Enterprises and Agencies Can Act Now - Summary - Getting Started CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively. ## Situation Last November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directiv

Qualys Response to CISA Alert: Binding Operational Directive 22-01 ## Table of Contents Overview Directive Scope CISA Catalog of Known Exploited Vulnerabilities Detect CISAs Vulnerabilities Using Qualys VMDR Remediation Federal Enterprises and Agencies Can Act Now Summary Getting Started Start your VMDR 30-day, no-cost trial today ## Overview On November 3, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directive 22-01 , “Reducing the Significant Risk of Known Exploited Vulnerabilities.” This directive recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal government and establishes requirements for agencies to remediate

Qualys Response to CISA Alert: Binding Operational Directive 22-01 | Qualys #### Table of Contents - Overview - Directive Scope - CISA Catalog of Known Exploited Vulnerabilities - Detect CISAs Vulnerabilities Using Qualys VMDR - Remediation - Federal Enterprises and Agencies Can Act Now - Summary - Getting Started Start your VMDR 30-day, no-cost trial today ## Overview On November 3, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directive 22-01, “Reducing the Significant Risk of Known Exploited Vulnerabilities.” This directive recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal government and establishes requirements for agencies to

Threat Source newsletter (July 15, 2021) Good afternoon, Talos readers. The value of cryptocurrency is all over the place. Elon Musk's tweets can send Dogecoin rising and falling. And Monero, the most popular currency for cryptominers, has gone all over the place this year. So does that have any effect on the rate of attackers deploying miners? We looked at Talos telemetry and virtual currency value to find out. Also, if you haven't already, be sure to update your Microsoft products. The company disclosed three vulnerabilities this month that attackers are exploiting in the wild (four if you count PrintNightmare from earlier this month). ## Upcoming Talos public engagements Talos at BlackHat USA 2021 Date: July 31 - Aug. 5 Location: Virtual and Mandalay Bay hotel and resort, Las Vegas, Nevada Description: Join Talos and C

Threat Source newsletter (July 15, 2021) ## Threat Source newsletter (July 15, 2021) Good afternoon, Talos readers. The value of cryptocurrency is all over the place. Elon Musk's tweets can send Dogecoin rising and falling. And Monero, the most popular currency for cryptominers, has gone all over the place this year. So does that have any effect on the rate of attackers deploying miners? We looked at Talos telemetry and virtual currency value to find out . Also, if you haven't already, be sure to update your Microsoft products. The company disclosed three vulnerabilities this month that attackers are exploiting in the wild (four if you count PrintNightmare from earlier this month). ## Upcoming Talos public engagements Talos at BlackHat USA 2021 Date: July 31 - Aug. 5 Location: Virtual and Mandalay Bay hotel and resort, La

[MEDIUM] Microsoft Patch Tuesday for July 2021 — Snort rules and prominent vulnerabilities By Jon Munshaw, with contributions from Jaeson Schultz. Microsoft released its monthly security update Tuesday, disclosing 117 vulnerabilities across its suite of products, by far the most in a month this year. Today’s Patch Tuesday includes three vulnerabilities that Microsoft states are being exploited in the wild, which we will cover in more detail. There are 13 critical vulnerabilities patched in this month, and there is one low- and moderate-severity vulnerability each. The remainder are considered “important.” Most notably, Microsoft has released an update to patch the “PrintNightmare” vulnerability in its print spooler function that could allow an attacker to execute remote code. This vulnerability was first disclosed in April, though security researchers later discovered it coul

[CRITICAL] July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems Exploits & Vulnerabilities # July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems After two relatively quiet months, July has proven to be another busy month for Microsoft security bulletins. A total of 117 bulletins were issued for various security vulnerabilities fixed in the July Patch Tuesday cycle. By: Trend Micro 2021/07/13 Read time: ( words) Save to Folio After two relatively quiet months, July has proven to be another busy month for Microsoft security bulletins. A total of 117 bulletins were issued for various security vulnerabilities fixed in the July Patch Tuesday cycle. Thirteen of these were rated as Critical, 103 as Important, and one was classified as Moderate. Fifteen were submitted via the Trend Micro Zero Day Initiative. PrintNightmare pat

CVE-2021-34448 [HIGH] Microsoft and Adobe Patch Tuesday (July 2021) – Microsoft 117 Vulnerabilities with 13 Critical, Adobe 26 Vulnerabilities | Qualys ### Microsoft Patch Tuesday – July 2021 Microsoft patched 117 vulnerabilities in their July 2021 Patch Tuesday release, and 13 of them are rated as critical severity. ### Critical Microsoft Vulnerabilities Patched CVE-2021-34448 – Scripting Engine Memory Corruption Vulnerability This is being actively exploited. The vulnerability allows an attacker to execute malicious code on a compromised website if a user browses to a specially crafted file on the website. The vendor has assigned a CVSSv3 base score of 6.8 and should be prioritized for patching. CVE-2021-34494 – Windows DNS Server Remote Code Execution Vulnerability Microsoft released patches addressing a critical RCE vulnerability in Windows DNS Server (CVE-2021-34494). This CVE has a high likelihood of exploitability and is assi

[HIGH] Microsoft’s July 2021 Patch Tuesday Includes 116 CVEs (CVE-2021-31979, CVE-2021-33771) ## Cloud Exposure Tenable Cloud Security (CNAPP) Request a demo Tenable Cloud Vulnerability Management Request a demo Tenable CIEM Request a demo Secure your cloud ## Vulnerability Exposure Tenable Vulnerability Management Try for free Tenable Security Center Request a demo Tenable Web App Scanning Try for free Tenable Patch Management Request a demo Tenable Enclave Security Request a demo Tenable Attack Surface Management Request a demo Tenable Nessus Try for free ## AI Exposure Tenable AI Exposure Request a demo ## OT/IoT Exposure Tenable OT Security Request a demo ## Identity Exposure Tenable Identity Exposure Request a demo ## Business needs Active Directory AI Security Posture Management (AI-SPM) AWS security Azure security Cloud Security Posture Man

[CRITICAL] July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems Exploits & Vulnerabilities ## July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems After two relatively quiet months, July has proven to be another busy month for Microsoft security bulletins. A total of 117 bulletins were issued for various security vulnerabilities fixed in the July Patch Tuesday cycle. By: Trend Micro 2021/07/13 Read time: ( words) Save to Folio After two relatively quiet months, July has proven to be another busy month for Microsoft security bulletins. A total of 117 bulletins were issued for various security vulnerabilities fixed in the July Patch Tuesday cycle. Thirteen of these were rated as Critical, 103 as Important, and one was classified as Moderate. Fifteen were submitted via the Trend Micro Zero Day Initiative . PrintNightmare pa

[CRITICAL] July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems Exploits & Vulnerabilities ## July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems After two relatively quiet months, July has proven to be another busy month for Microsoft security bulletins. A total of 117 bulletins were issued for various security vulnerabilities fixed in the July Patch Tuesday cycle. By: Trend Micro Jul 13, 2021 Read time: ( words) Save to Folio After two relatively quiet months, July has proven to be another busy month for Microsoft security bulletins. A total of 117 bulletins were issued for various security vulnerabilities fixed in the July Patch Tuesday cycle. Thirteen of these were rated as Critical, 103 as Important, and one was classified as Moderate. Fifteen were submitted via the Trend Micro Zero Day Initiative . PrintNightmare

[CRITICAL] July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems Exploits y vulnerabilidades ## July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems After two relatively quiet months, July has proven to be another busy month for Microsoft security bulletins. A total of 117 bulletins were issued for various security vulnerabilities fixed in the July Patch Tuesday cycle. By: Trend Micro Jul 13, 2021 Read time: ( words) Save to Folio After two relatively quiet months, July has proven to be another busy month for Microsoft security bulletins. A total of 117 bulletins were issued for various security vulnerabilities fixed in the July Patch Tuesday cycle. Thirteen of these were rated as Critical, 103 as Important, and one was classified as Moderate. Fifteen were submitted via the Trend Micro Zero Day Initiative . PrintNightmare

[CRITICAL] July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems Sfruttamento vulnerabilità ## July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems After two relatively quiet months, July has proven to be another busy month for Microsoft security bulletins. A total of 117 bulletins were issued for various security vulnerabilities fixed in the July Patch Tuesday cycle. By: Trend Micro Jul 13, 2021 Read time: ( words) Save to Folio After two relatively quiet months, July has proven to be another busy month for Microsoft security bulletins. A total of 117 bulletins were issued for various security vulnerabilities fixed in the July Patch Tuesday cycle. Thirteen of these were rated as Critical, 103 as Important, and one was classified as Moderate. Fifteen were submitted via the Trend Micro Zero Day Initiative . PrintNightmare

[CRITICAL] July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems Ausnutzung von Schwachstellen ## July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems After two relatively quiet months, July has proven to be another busy month for Microsoft security bulletins. A total of 117 bulletins were issued for various security vulnerabilities fixed in the July Patch Tuesday cycle. By: Trend Micro Jul 13, 2021 Read time: ( words) Save to Folio After two relatively quiet months, July has proven to be another busy month for Microsoft security bulletins. A total of 117 bulletins were issued for various security vulnerabilities fixed in the July Patch Tuesday cycle. Thirteen of these were rated as Critical, 103 as Important, and one was classified as Moderate. Fifteen were submitted via the Trend Micro Zero Day Initiative . PrintNightma

[MEDIUM] Microsoft Patch Tuesday for July 2021 — Snort rules and prominent vulnerabilities ## Microsoft Patch Tuesday for July 2021 — Snort rules and prominent vulnerabilities By Jon Munshaw, with contributions from Jaeson Schultz. Microsoft released its monthly security update Tuesday, disclosing 117 vulnerabilities across its suite of products, by far the most in a month this year. Today’s Patch Tuesday includes three vulnerabilities that Microsoft states are being exploited in the wild, which we will cover in more detail. There are 13 critical vulnerabilities patched in this month, and there is one low- and moderate-severity vulnerability each. The remainder are considered “important.” Most notably, Microsoft has released an update to patch the “PrintNightmare” vulnerability in its print spooler function that could allow an attacker to execute remote code. This vulnerabil

CVE-2021-34448 [HIGH] Microsoft and Adobe Patch Tuesday (July 2021) – Microsoft 117 Vulnerabilities with 13 Critical, Adobe 26 Vulnerabilities ## Microsoft Patch Tuesday – July 2021 Microsoft patched 117 vulnerabilities in their July 2021 Patch Tuesday release, and 13 of them are rated as critical severity. ## Critical Microsoft Vulnerabilities Patched CVE-2021-34448 – Scripting Engine Memory Corruption Vulnerability This is being actively exploited. The vulnerability allows an attacker to execute malicious code on a compromised website if a user browses to a specially crafted file on the website. The vendor has assigned a CVSSv3 base score of 6.8 and should be prioritized for patching. CVE-2021-34494 – Windows DNS Server Remote Code Execution Vulnerability Microsoft released patches addressing a critical RCE vulnerability in Windows DNS Server (CVE-2021-34494). This CVE has a high likelihood of exploitability and is assign

[HIGH] Microsoft Patch Tuesday, July 2021 Edition Microsoft today released updates to patch at least 116 security holes in its Windows operating systems and related software. At least four of the vulnerabilities addressed today are under active attack, according to Microsoft. Thirteen of the security bugs quashed in this month’s release earned Microsoft’s most-dire “critical” rating, meaning they can be exploited by malware or miscreants to seize remote control over a vulnerable system without any help from users. Another 103 of the security holes patched this month were flagged as “important,” which Microsoft assigns to vulnerabilities “whose exploitation could result in compromise of the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources.” Among the critical bugs is o

[CRITICAL] July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems Exploits & Vulnerabilities ## July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems After two relatively quiet months, July has proven to be another busy month for Microsoft security bulletins. A total of 117 bulletins were issued for various security vulnerabilities fixed in the July Patch Tuesday cycle. By: Trend Micro Jul 13, 2021 Read time: ( words) Save to Folio After two relatively quiet months, July has proven to be another busy month for Microsoft security bulletins. A total of 117 bulletins were issued for various security vulnerabilities fixed in the July Patch Tuesday cycle. Thirteen of these were rated as Critical, 103 as Important, and one was classified as Moderate. Fifteen were submitted via the Trend Micro Zero Day Initiative . PrintNightmare

[HIGH] Microsoft Patch Tuesday, July 2021 Edition Microsoft today released updates to patch at least 116 security holes in its Windows operating systems and related software. At least four of the vulnerabilities addressed today are under active attack, according to Microsoft. Thirteen of the security bugs quashed in this month’s release earned Microsoft’s most-dire “critical” rating, meaning they can be exploited by malware or miscreants to seize remote control over a vulnerable system without any help from users. Another 103 of the security holes patched this month were flagged as “important,” which Microsoft assigns to vulnerabilities “whose exploitation could result in compromise of the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources.” Among the critical bugs is o

[HIGH] Zscaler found Windows vulnerabilities | 07-13-2021 Provide users with seamless, secure, reliable access to applications and data. Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud. Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems. Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners. Industry Report Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE) USE CASES INDUSTRY & MARKET SOLUTIONS PARTNERS TECHNOLOGY PARTNERS Resource Center Events & Trainings Security Research & Services Tools Community & Support CXO REVOLUTIONARIES Amplifying the voices of real-world digital and zero trust pioneers Discover how it began and where it’s going Meet o

CVE-2026-20929 [HIGH] July 2021 Patch Tuesday: Updates and Analysis How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026 STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026 Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026 Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026 How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026 STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026 Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026 Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026 Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019 Helping Non-Security Stakeholders Understand AT

CVE-2026-20929 [HIGH] July 2021 Patch Tuesday: Updates and Analysis STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026 Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026 Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026 How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026 STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026 Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026 Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026 How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026 Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019 Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI