Microsoft has released August Patch Tuesday security updates with a total of 44 vulnerabilities in the family of Windows and Mac operating systems and related products. In the release by Microsoft, 7 were rated as Critical and 37 as Important. Hence, the products covered in August’s security update include Microsoft Office, Windows Cryptographic Services, .NET Core & Visual Studio, Microsoft Azure Active Directory Connect, etc. A good Vulnerability Management Tool can prevent these attacks.
Moreover, Microsoft has also released patches for three zero-day vulnerabilities. However, One among them is being actively exploited in the wild. Therefore, A Vulnerability Management System can resolve these issues.
Zero-day vulnerabilities
CVE-2021-36936 – Windows Print Spooler Remote Code Execution Vulnerability. According to Microsoft, it has a high chance of exploitation since the attacker only needs a low level of access. Moreover, the vulnerability is due to improper input validation in the Windows Print Spooler, which was disclosed publicly.
CVE-2021-36942 – Windows LSA Spoofing Vulnerability. However, The flaw is due to incorrect processing of user-supplied data in the Windows LSA. Hence, It allows an unauthenticated attacker to trick a domain controller into authenticating with another server combining with an NTLM Relay Attack. Moreover, This spoofing vulnerability has received a combined CVSSv3 score of 9.3.
CVE-2021-36948 – Windows Update Medic Service Elevation of Privilege Vulnerability. This is the only zero-day vulnerability exploited in the wild this month. Therefore, The flaw is due to an improper boundary check within the Windows Update Medic Service. It allows local attackers to execute arbitrary code with elevated privileges on the system. Hence, The vulnerability has received a CVSSv3 score of 7.8.
Critical Vulnerabilities
The remaining critical vulnerabilities addressed other than zero-days are,
CVE-2021-34530 – Windows Graphics Component Remote Code Execution Vulnerability. The flaw is due to an input validation error in the Windows Graphics Component. The bug allows attackers to social-engineer a victim into opening a specially crafted file and thus achieve remote code execution.
CVE-2021-34480 – Scripting Engine Memory Corruption Vulnerability. The flaw is due to an improper boundary check in the Scripting Engine. Hence, The bug allows attackers to social-engineer a victim into opening a specially crafted file or site, thus triggering remote code execution.
CVE-2021-34535 – Remote Desktop Client Remote Code Execution Vulnerability. According to Microsoft, it has a high chance of exploitation. However, the exploitation scenarios involve a victim making a remote desktop connection to an attacker-controlled server and a victim on the Hyper-V host makes a connection to a malicious VM. The vulnerability has received a CVSSv3 score of 8.8.
CVE-2021-34534 – Windows MSHTML Platform Remote Code Execution Vulnerability. The flaw is due to an input validation error in the rendering engine (mshtml.dll) called Trident used by Internet Explorer. The vulnerability has less exploitation since the attacker must pull off a highly complex attack with user interaction.
CVE-2021-26432 – Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability. The flaw is due to an input validation error in the Windows Services for NFS ONCRPC XDR Driver. It has a high chance of exploitation due to its low complexity status. The attacker would not need to have privileges or user interaction to exploit. The bug is categorized as ‘wormable’.
CVE-2021-26424 – Windows TCP/IP Remote Code Execution Vulnerability. Therefore, the flaw is improperly implementing an unknown TCP/IP Stack component code block. However, the vulnerability has received a CVSSv3 score of 9.9 and has a high chance of exploitation due to its low complexity status. Moreover, A guest Hyper-V OS can send a specially crafted TCP/IP packet to a vulnerable server and completely take over the host.
Microsoft security bulletin summary for August 2021
- Microsoft Office
- Microsoft Browsers
- Microsoft Windows
- Remote Desktop Client
- .NET Core
- Visual Studio
- Microsoft Azure
- Windows Bluetooth Service
- Microsoft Dynamics
1. Product: Microsoft Windows
CVEs/Advisory: CVE-2021-26424, CVE-2021-26425, CVE-2021-26426, CVE-2021-26431, CVE-2021-26432, CVE-2021-26433, CVE-2021-34480, CVE-2021-34481, CVE-2021-34483, CVE-2021-34484, CVE-2021-34486, CVE-2021-34487, CVE-2021-34530, CVE-2021-34533, CVE-2021-34534, CVE-2021-34535, CVE-2021-34536, CVE-2021-34537, CVE-2021-36926, CVE-2021-36927, CVE-2021-36932, CVE-2021-36933, CVE-2021-36934, CVE-2021-36936, CVE-2021-36937, CVE-2021-36938, CVE-2021-36942, CVE-2021-36945, CVE-2021-36947, CVE-2021-36948
Impact: Elevation of Privilege, Information Disclosure, Remote Code Execution, Spoofing
Severity: Critical, Important, Moderate
KBs: 4023814, 5005030, 5005031, 5005033, 5005036, 5005040, 5005043, 5005076, 5005094, 5005099, 5005106
2.Product: Microsoft Dynamics
CVEs/Advisory: CVE-2021-34524, CVE-2021-36946, CVE-2021-36950
Impact: Remote Code Execution, Spoofing
Severity: Important
KBs: 5005369, 5005368, 5005374, 5005373, 4618795, 5005239, 5005370
3.Product: Microsoft Office SharePoint
CVEs/Advisory: CVE-2021-36940
Impact: Spoofing
Severity: Important
KBs: 5002000, 4011600, 5002002
4.Product: Microsoft Visual Studio
CVEs/Advisory: CVE-2021-26423, CVE-2021-34485, CVE-2021-34532
Impact: Denial of Service, Information Disclosure
Severity: Important
5.Product: Microsoft .NET Core and ASP .NET
CVEs/Advisory: CVE-2021-26423, CVE-2021-34485, CVE-2021-34532
Impact: Information Disclosure, Denial of Service
Severity: Important
6.Product: Microsoft Azure
CVEs/Advisory: CVE-2021-26428, CVE-2021-26429, CVE-2021-26430, CVE-2021-33762, CVE-2021-36943, CVE-2021-36949
Impact: Denial of Service, Information Disclosure, Elevation of Privilege
Severity: Important
SanerNow VM and SanerNow PM detect and hence, automatically fix these vulnerabilities by applying security updates. Therefore, Use SanerNow and keep your systems updated and secure.