So these vulns weren't needed any more by some 3 letter agency? Or were they being used by someone a 3 letter agency didn't like? Or were about to be?<p>Security warfare is fascinating to watch from the mud huts.
<i>–CVE-2021-33742, a remote code execution bug in a Windows HTML component.</i><p>The only one that stands out as being a real concern, but who's willing to bet it requires JS to exploit (or even if not, the attackers prefer to obfuscate it using JS)? Turning off JS by default in IE is probably the single most effective way of preventing these attacks. Even if you don't use IE, it'll greatly reduce the attack surface. I've browsed the shadier parts of the Internet for literally decades this way.
So wait, Microsoft is still making patches for Windows7, they just aren't supplied via the windows-update ?<p><a href="https://www.catalog.update.microsoft.com/Search.aspx?q=KB5003667" rel="nofollow">https://www.catalog.update.microsoft.com/Search.aspx?q=KB500...</a><p>Is there a third party program that finds/installs the windows 7 updates?
Are these on the same level as Stuxnet? For an amazing technical deep dive into each 0-day Stuxnet vulnerability watch this talk with Bruce Dang from Microsoft[1]. I really enjoy his natural speaking style (it's like talking about Stuxnet over beers with him).<p>[1] <a href="https://youtu.be/rOwMW6agpTI?t=409" rel="nofollow">https://youtu.be/rOwMW6agpTI?t=409</a>
Do the Microsoft links not work for anyone else too? I get a "Something went wrong" error on all the links. Would like to read more about specific vulns.
Wow... patch tuesday analysis from a reporter who doesn't know how virus total works <a href="https://twitter.com/silascutler/status/1383085248381128715" rel="nofollow">https://twitter.com/silascutler/status/1383085248381128715</a>