This week Microsoft released its security updates for August 2021, which has fixes for 44 vulnerabilities in Microsoft products. Every month we will post our vulnerability risk and tips around each patch released, to provide advice for IT professionals and businesses. This month Dan Robinson has provided our FIT score and tips.
Out of the 44 patches; 7 are classed as critical and 37 as important. There were also 3 Zero-Day vulnerabilities publicly disclosed.
Zero-day vulnerabilities discovered this month:
The two publicly disclosed, but not exploited:-
- CVE-2021-36936 - Windows Print Spooler Remote Code Execution Vulnerability
- CVE-2021-36942 - Windows LSA Spoofing Vulnerability
The one actively exploited elevation of privileges vulnerability:-
Other companies who have released security updates this week:
- Adobe released security updates for two products.
- Android's August security updates were released yesterday.
- Cisco released security updates for numerous products this month.
- SAP released its August 2021 security updates.
- VMWare released security updates for VMware Workspace ONE.
All the patches can be found in the table below or alternatively downloaded here.
We have also curated a downloadable Patching Best Practice Guide.
|
Category |
CVE IDs |
CVE Title |
Severity |
FIT Score & Tip |
|
.NET Core & Visual Studio |
CVE-2021-34485 |
.NET Core and Visual Studio Information Disclosure Vulnerability .NET Core and Visual Studio Denial of Service Vulnerability |
Important |
3/5 - Attackers needs local access to execute vulnerability. Updates are available for .NET, PowerShell and Visual Studio 2019. |
|
ASP.NET Core & Visual Studio |
CVE-2021-34532 |
ASP.NET Core and Visual Studio Information Disclosure Vulnerability |
Important |
3/5 - The type of information that could be disclosed if an attacker successfully exploited this vulnerability is data inside the targeted website like IDs, tokens, nonces, and other sensitive information. |
|
Azure |
CVE-2021-36943 |
Azure CycleCloud Elevation of Privilege Vulnerability |
Important |
3/5 - Updates are available for Azure CycleCloud 8.2.0. |
|
Azure Sphere |
CVE-2021-26428 |
Azure Sphere Information Disclosure Vulnerability Azure Sphere Denial of Service Vulnerability Azure Sphere Elevation of Privilege Vulnerability |
Important |
3/5 - All versions of Azure Sphere that are 21.07 and higher are protected from this vulnerability. If you need to update due to lack of connectivity, there are specific commands available once connected to update. |
|
Microsoft Azure Active Directory Connect |
CVE-2021-36949 |
Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability |
Important |
4/5 - The attacker must be able to establish Man-in-the-middle between your Azure AD Connect server and a domain controller. The attacker also needs to possess domain user credentials to be able to exploit this vulnerability. You will need to apply an update and also disable NTLM as per guidance. |
|
Microsoft Dynamics |
CVE-2021-36946 |
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability |
Important |
4/5 - Updates are available for Dynamics if you use it. Exploitation is less likely however if used, Dynamics may form a core component of your business and should be treated as important. |
|
Microsoft Edge (Chromium-based) |
CVE-2021-30591 |
Chromium: CVE-2021-30591 Use after free in File System API |
Unknown |
4/5 - There has been a bumper release of fixes for the Chromium engine that runs Microsoft Edge (as well as support Google Chrome) both of these will update independently, but worth checking your versions match up with the fixed releases. |
|
Microsoft Graphics Component |
CVE-2021-34530 |
Windows Graphics Component Remote Code Execution Vulnerability |
Critical |
5/5 - This forms part of your monthly patches for Microsoft operating systems and due to be flagged as critical, is important to get up to date. |
|
Microsoft Graphics Component |
CVE-2021-34533 |
Windows Graphics Component Font Parsing Remote Code Execution Vulnerability |
Important |
4/5 - This forms part of your monthly patches for the Microsoft operating system. |
|
Microsoft Office |
CVE-2021-34478 |
Microsoft Office Remote Code Execution Vulnerability |
Important |
3/5 - These updates are part of the Office suite and will need to be applied via click-to-run. Users would need to download a malicious file, so users do need to be made aware not to do as such. |
|
Microsoft Office SharePoint |
CVE-2021-36940 |
Microsoft SharePoint Server Spoofing Vulnerability |
Important |
4/5 - This is for SharePoint on-premise, if you use SharePoint Online, which is part of the O365 suite, then you do not need to worry about this update. - This is for SharePoint on-premise, if you use SharePoint Online, which is part of the O365 suite, then you do not need to worry about this update. |
|
Microsoft Office Word |
CVE-2021-36941 |
Microsoft Word Remote Code Execution Vulnerability |
Important |
4/5 - Updates exist for the Office suite for enterprise and also Mac. Worth version checking and then applying if required. |
|
Microsoft Scripting Engine |
CVE-2021-34480 |
Scripting Engine Memory Corruption Vulnerability |
Critical |
5/5 - The attack vector for this update is getting the user to open a maliciously generated file. This would then allow the attack to succeed. The fix for this vulnerability is within the normal monthly updates released in August. |
|
Microsoft Windows Codecs Library |
CVE-2021-36937 |
Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability |
Important |
3/5 - Exploitation of this vulnerability is less likely, and the fix is located within your normal monthly patching. |
|
Remote Desktop Client |
CVE-2021-34535 |
Remote Desktop Client Remote Code Execution Vulnerability |
Critical |
5/5 - Exploitation is likely to occur for this vulnerability. In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client. In the case of Hyper-V, a malicious program running in a guest VM could trigger guest-to-host RCE by exploiting this vulnerability in the Hyper-V Viewer when a victim running on the host connects to the attacking Hyper-V guest. The fix is located within this months normal patching cycle. |
|
Windows Bluetooth Service |
CVE-2021-34537 |
Windows Bluetooth Driver Elevation of Privilege Vulnerability |
Important |
3/5 - Exploitation is less likely on this vulnerability. An authorized attacker could exploit the Windows Bluetooth driver vulnerability by programatically running certain functions that could lead to elevation of privilege on the Bluetooth component. |
|
Windows Cryptographic Services |
CVE-2021-36938 |
Windows Cryptographic Primitives Library Information Disclosure Vulnerability |
Important |
3/5 - This fix is only for later operating systems, such as Windows 10 and Server 2019. |
|
Windows Defender |
CVE-2021-34471 |
Microsoft Windows Defender Elevation of Privilege Vulnerability |
Important |
3/5 - There is a process to check your version, but ultimately if the version is out then install the update. |
|
Windows Event Tracing |
CVE-2021-34486 |
Windows Event Tracing Elevation of Privilege Vulnerability |
Important |
3/5 - This update forms part of the monthly updates for August. |
|
Windows Media |
CVE-2021-36927 |
Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability |
Important |
3/5 - Exploitation is less likely on this vulnerability. Updates are available for all desktop operating systems. |
|
Windows MSHTML Platform |
CVE-2021-34534 |
Windows MSHTML Platform Remote Code Execution Vulnerability |
Critical |
5/5 - The user would need to open a maliciously created file in order for this vulnerability to fire. However, as users are the attack vector this makes it critical. |
|
Windows NTLM |
CVE-2021-36942 |
Windows LSA Spoofing Vulnerability |
Important |
4/5 - An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM. This security update blocks the affected API calls OpenEncryptedFileRawA and OpenEncryptedFileRawW through LSARPC interface. |
|
Windows Print Spooler Components |
CVE-2021-36936 |
Windows Print Spooler Remote Code Execution Vulnerability |
Critical |
5/5 - Most users are finally getting over the print nightmare vulnerability, but Microsoft have plugged another issue with the print spooler. I'd recommend you get this applied and this will be part of the monthly updates. |
|
Windows Print Spooler Components |
CVE-2021-36947 |
Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Remote Code Execution Vulnerability |
Important |
4/5 - Like the above, this is part of the monthly patches and should be applied to machines in conjunction with the above. |
|
Windows Services for NFS ONCRPC XDR Driver |
CVE-2021-26432 |
Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability |
Critical |
5/5 - Flagged as critical. Servers that have installed the Network File System are exposed to this vulnerability in rpcxdr.sys. An attacker would require read or write permission to any file on an NFS share on the victim system. If NFS is configured to allow anonymous access, then the victim system would be vulnerable to unauthenticated attackers. Located within the monthly updates released in August. |
|
Windows Services for NFS ONCRPC XDR Driver |
CVE-2021-36933 |
Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability |
Important |
4/5 - This links to the above, once again located within the updates from August. |
|
Windows Storage Spaces Controller |
CVE-2021-34536 |
Storage Spaces Controller Elevation of Privilege Vulnerability |
Important |
3/5 - Expoitation is less likely, updates are available in the monthly updates released in August. |
|
Windows TCP/IP |
CVE-2021-26424 |
Windows TCP/IP Remote Code Execution Vulnerability |
Critical |
5/5 - This is remotely triggerable by a malicious Hyper-V guest sending an ipv6 ping to the Hyper-V host. An attacker could send a specially crafted TCPIP packet to its host utilizing the TCPIP Protocol Stack (tcpip.sys) to process packets. Exploitation is more likely on this vulnerability. Updates are available for all operating systems. |
|
Windows Update |
CVE-2021-36948 |
Windows Update Medic Service Elevation of Privilege Vulnerability |
Important |
4/5 - Exploitation has been detected on this one. Updates to resolve are located within the monthly updates released in August. |
|
Windows Update Assistant |
CVE-2021-36945 |
Windows 10 Update Assistant Elevation of Privilege Vulnerability Windows Recovery Environment Agent Elevation of Privilege Vulnerability |
Important |
3/5 - Exploitation is less likely and an update is available for Windows Update Assistant. |
|
Windows User Profile Service |
CVE-2021-34484 |
Windows User Profile Service Elevation of Privilege Vulnerability Windows User Account Profile Picture Elevation of Privilege Vulnerability |
Important |
3/5 - Exploitation is less likely. Updates are available for all operating systems, these are in the normal monthly updates released in August. |
Hope this table with helpful!
About the Author: Lizzie Arcari
Lizzie joined Foundation IT in 2019 after graduating from University. She is excited to develop her career in the IT industry, learning from the best.
