Microsoft Patch Tuesday: Windows Flaw Under Active Attack


The zero-day flaw, documented as CVE-2021-36948, is rated “important” with a CVSS base score of 7.8.

Microsoft described the vulnerability as a local privilege escalation bug, a suggestion that it is part of a larger software exploit chain.

The Windows Update Medic Service is used to repair Windows Update components from damage so that Windows machines can continue to receive software updates. The utility was first introduced in Windows 10 and is an important part of the operating system’s self-healing mechanisms.