Subj : MS 2021 wrap up with 64 patches
To   : All
From : August Abolins
Date : Sat Mar 05 2022 08:37 pm

Microsoft wraps up 2021 with 64 patched vulnerabilities-
including Windows 7 fixes

https://news.sophos.com/en-us/2021/12/14/microsoft-wraps-up-
2021-with-64-patched-vulnerabilities-including-windows-7-fixes/

I found this comment somewhat amusing yet disconcerting:

"fixes apply to versions of Windows stretching the way back to
the end-of-life'd Windows 7. In fact, there are 17 bugs being
patched in Windows 7 this month"

WRT Win7, "vulnerability in Windows' Encrypted File System
(EFS) that also extends back to Windows 7 (CVE-2021-43217)-one
that can be triggered regardless of whether or not EFS is in
use on the targeted system. A specially-crafted attack could
result in a buffer overflow write to memory that could result
in unauthenticated code being executed by triggering EFS. This
bug has been publicly disclosed, making it an urgent fix."

The EFS exploit sounds a bit worrisome since "the problem" can
be triggered even when EFS is not even in use.  I *was*
thinking of trying it a while back though.

--
 ../|ug

--- OpenXP 5.0.51
* Origin:  (1:396/45.29)