You are currently viewing Microsoft August 2021 Patch Tuesday Addresses 44 CVEs Including Three Zero-Days

Microsoft August 2021 Patch Tuesday Addresses 44 CVEs Including Three Zero-Days

Microsoft has released August Patch Tuesday security updates with a total of 44 vulnerabilities in the family of Windows and Mac operating systems and related products. In the release by Microsoft, 7 were rated as Critical and 37 as Important. The products covered in August’s security update include Microsoft Office, Windows Cryptographic Services, .NET Core & Visual Studio, Microsoft Azure Active Directory Connect, etc.

Microsoft has also released patches for three zero-day vulnerabilities. One among them is being actively exploited in the wild.


Zero-day vulnerabilities

CVE-2021-36936Windows Print Spooler Remote Code Execution Vulnerability. According to Microsoft, it has a high chance of exploitation since the attacker would only need a low level of access. The vulnerability is due to improper input validation in the Windows Print Spooler, which was disclosed publicly.

CVE-2021-36942Windows LSA Spoofing Vulnerability. The flaw is due to incorrect processing of user-supplied data in the Windows LSA. It allows an unauthenticated attacker to trick a domain controller into authenticating with another server combining with an NTLM Relay Attack. This spoofing vulnerability has received a combined CVSSv3 score of 9.3.

CVE-2021-36948Windows Update Medic Service Elevation of Privilege Vulnerability. This is the only zero-day vulnerability exploited in the wild this month. The flaw is due to an improper boundary check within the Windows Update Medic Service. It allows local attackers to execute arbitrary code with elevated privileges on the system. The vulnerability has received a CVSSv3 score of 7.8.


Critical Vulnerabilities

The remaining critical vulnerabilities addressed other than zero-days are,

CVE-2021-34530Windows Graphics Component Remote Code Execution Vulnerability. The flaw is due to an input validation error in the Windows Graphics Component. The bug allows attackers to social-engineer a victim into opening a specially crafted file and thus achieve remote code execution.

CVE-2021-34480Scripting Engine Memory Corruption Vulnerability. The flaw is due to an improper boundary check in the Scripting Engine. The bug allows attackers to social-engineer a victim into opening a specially crafted file or site, thus triggering remote code execution.

CVE-2021-34535Remote Desktop Client Remote Code Execution Vulnerability. According to Microsoft, it has a high chance of exploitation. The exploitation scenarios involve a victim making a remote desktop connection to an attacker-controlled server and a victim on the Hyper-V host makes a connection to a malicious VM. The vulnerability has received a CVSSv3 score of 8.8.

CVE-2021-34534Windows MSHTML Platform Remote Code Execution Vulnerability. The flaw is due to an input validation error in the rendering engine (mshtml.dll) called Trident used by Internet Explorer. The vulnerability has less exploitation since the attacker would need to pull off a highly complex attack with user interaction.

CVE-2021-26432Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability. The flaw is due to an input validation error in the Windows Services for NFS ONCRPC XDR Driver. It has a high chance of exploitation due to its low complexity status. The attacker would not need to have privileges or user interaction to exploit. The bug is categorized as ‘wormable’.

CVE-2021-26424Windows TCP/IP Remote Code Execution Vulnerability. The flaw is improperly implemented an unknown code block of the component TCP/IP Stack. The vulnerability has received a CVSSv3 score of 9.9 and has a high chance of exploitation due to its low complexity status. A specially crafted TCP/IP packet can be sent to a vulnerable Hyper-V server by a guest Hyper-V OS and completely take over the Hyper-V host.


Microsoft security bulletin summary for August 2021

  • Microsoft Office
  • Microsoft Browsers
  • Microsoft Windows
  • Remote Desktop Client
  • .NET Core
  • Visual Studio
  • Microsoft Azure
  • Windows Bluetooth Service
  • Microsoft Dynamics

Product: Microsoft Windows
CVEs/Advisory: CVE-2021-26424, CVE-2021-26425, CVE-2021-26426, CVE-2021-26431, CVE-2021-26432, CVE-2021-26433, CVE-2021-34480, CVE-2021-34481, CVE-2021-34483, CVE-2021-34484, CVE-2021-34486, CVE-2021-34487, CVE-2021-34530, CVE-2021-34533, CVE-2021-34534, CVE-2021-34535, CVE-2021-34536, CVE-2021-34537, CVE-2021-36926, CVE-2021-36927, CVE-2021-36932, CVE-2021-36933, CVE-2021-36934, CVE-2021-36936, CVE-2021-36937, CVE-2021-36938, CVE-2021-36942, CVE-2021-36945, CVE-2021-36947, CVE-2021-36948
Impact: Elevation of Privilege, Information Disclosure, Remote Code Execution, Spoofing
Severity: Critical, Important, Moderate
KBs: 4023814, 5005030, 5005031, 5005033, 5005036, 5005040, 5005043, 5005076, 5005094, 5005099, 5005106


Product: Microsoft Dynamics
CVEs/Advisory: CVE-2021-34524, CVE-2021-36946, CVE-2021-36950
Impact: Remote Code Execution, Spoofing
Severity: Important
KBs: 5005369, 5005368, 5005374, 5005373, 4618795, 5005239, 5005370


Product: Microsoft Office SharePoint
CVEs/Advisory: CVE-2021-36940
Impact: Spoofing
Severity: Important
KBs: 5002000, 4011600, 5002002


Product: Microsoft Visual Studio
CVEs/Advisory: CVE-2021-26423, CVE-2021-34485, CVE-2021-34532
Impact: Denial of Service, Information Disclosure
Severity: Important


Product: Microsoft .NET Core and ASP .NET
CVEs/Advisory: CVE-2021-26423, CVE-2021-34485, CVE-2021-34532
Impact: Information Disclosure, Denial of Service
Severity: Important


Product: Microsoft Azure
CVEs/Advisory: CVE-2021-26428, CVE-2021-26429, CVE-2021-26430, CVE-2021-33762, CVE-2021-36943, CVE-2021-36949
Impact: Denial of Service, Information Disclosure, Elevation of Privilege
Severity: Important


SanerNow VM and SanerNow PM detect these vulnerabilities and automatically fix them by applying security updates. Use SanerNow and keep your systems updated and secure.

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments