Microsoft has released July Patch Tuesday security updates with a total of 117 vulnerabilities in the family of Windows, Mac, and Android operating systems and related products. In the release by Microsoft, 13 were rated as Critical, 1 as moderate, and 103 as Important. The products covered in the July security update include Microsoft Exchange Server, Microsoft Office, Microsoft SharePoint Server, Microsoft Bing, OpenEnclave, etc. Microsoft has also released patches for nine zero-day vulnerabilities. Five among these are publicly disclosed, and Four are actively exploited. These were found during their vulnerability scans.
Zero-day vulnerabilities
July Patch Tuesday fixes these CVEs:
CVE-2021-34523 – Microsoft Exchange Server Elevation of Privilege Vulnerability. According to Microsoft, it has less chance of exploitation since the attacker would need to have already established a presence on the vulnerable Exchange Server before trying to exploit. It is the highest-rated zero-day EoP this time for Exchange Server and has a CVSSv3 score of 9.0.
CVE-2021-34473 – Microsoft Exchange Server Remote Code Execution Vulnerability. According to Microsoft, it has a high chance of exploitation and has a CVSSv3 score of 9.1. It is the highest-rated zero-day RCE this time for Exchange Server. According to Microsoft, even though it is patched as part of the April 2021 Patch Tuesday release, CVE was accidentally removed from the security update guide.
CVE-2021-33779 – Windows Active Directory Federation Services bypass vulnerability. The vulnerability is publicly disclosed but not exploited yet. This security feature bypass vulnerability h
CVE-2021-33781 – Windows Active Directory Security Feature Bypass Vulnerability. It is less likely to be exploited, as per Microsoft.The public disclosure of this vulnerability results in active exploitation of this in the wild.
. Hence, it allows remote attackers to bypass authentication and gain elevated privileges on the target system.
CVE-2021-34527 – Windows Print Spooler Remote Code Execution Vulnerability.Vulnerability. The vulnerability is publicly disclosed and actively exploited in the wild. The flaw is an elevation of privilege vulnerability in the ‘RpcAddPrinterDriverEx’ function in the Windows Print Spooler service.According to Microsoft, It allows attackers to run arbitrary code with SYSTEM privilege that further allows the attackers to install arbitrary programs and cause unauthorized disclosure. The vulnerability dubbed as PrintNightmare has an important rating.
CVE versions
CVE-2021-33771 – Windows Kernel Elevation of Privilege Vulnerability. The vulnerability is being exploited in the wild but was not publicly disclosed. It has an important rating . The vulnerability is due to an improper boundary check, and it allows local attackers to execute arbitrary code on the system with elevated privileges.
CVE-2021-34448 – Microsoft Scripting Engine Memory Corruption Vulnerability. The flaw is due to an improper boundary check when the Microsoft scripting engine process the HTML content. It allows remote attackers to execute arbitrary code on the target system.
CVE-2021-31979 – Microsoft Windows Kernel Privilege Escalation Vulnerability.The flaw is due to an improper boundary check in Windows Kernel. It allows attackers to execute arbitrary code on the system with elevated privileges.
CVE-2021-34492 – Microsoft Windows Certificate Spoofing Vulnerability. The flaw exists because Windows Certificate not handling user-supplied data properly. Therefore, the vulnerability has an important rating . Thus it allows remote attackers to spoof page content.
Conclusion
The actively exploited flaws among these zero-days consist of privilege escalation Vulnerabilities in Windows Kernel, memory corruption vulnerability in Microsoft Scripting Engine, and remote code execution vulnerability in Print Spooler.
Microsoft has also fixed critical vulnerabilities in Dynamics Business Central Control, Microsoft Windows Codecs Library, Microsoft Windows Media Foundation, DNS Server, Hyper-V, Windows Kernel, Windows MSHTML Platform.
Microsoft security bulletin summary for July 2021
- Microsoft Exchange Server
- Microsoft Office
- Microsoft Office SharePoint
- Microsoft Windows
- OpenEnclave
- Visual Studio Code
- Windows Defender
- Microsoft Windows Media Foundation
- Microsoft Bing
Product Information
1.Product: Microsoft Windows
CVEs/Advisory: CVE-2021-31183, CVE-2021-31961, CVE-2021-31979, CVE-2021-33740, CVE-2021-33743, CVE-2021-33744, CVE-2021-33745, CVE-2021-33746, CVE-2021-33749, CVE-2021-33750, CVE-2021-33751, CVE-2021-33752, CVE-2021-33754, CVE-2021-33755, CVE-2021-33756, CVE-2021-33757, CVE-2021-33758, CVE-2021-33759, CVE-2021-33761, CVE-2021-33763, CVE-2021-33764, CVE-2021-33765, CVE-2021-33771, CVE-2021-33773, CVE-2021-33774, CVE-2021-33779, CVE-2021-33780, CVE-2021-33781, CVE-2021-33782, CVE-2021-33783, CVE-2021-33784, CVE-2021-33785, CVE-2021-33786, CVE-2021-33788, CVE-2021-34438, CVE-2021-34439, CVE-2021-34440, CVE-2021-34441, CVE-2021-34442, CVE-2021-34444, CVE-2021-34445, CVE-2021-34446, CVE-2021-34447, CVE-2021-34448, CVE-2021-34449, CVE-2021-34450, CVE-2021-34454, CVE-2021-34455, CVE-2021-34456, CVE-2021-34457, CVE-2021-34458, CVE-2021-34459, CVE-2021-34460, CVE-2021-34462, CVE-2021-34466, CVE-2021-34476, CVE-2021-34488, CVE-2021-34489, CVE-2021-34490, CVE-2021-34491, CVE-2021-34492, CVE-2021-34493, CVE-2021-34494, CVE-2021-34496, CVE-2021-34497, CVE-2021-34498, CVE-2021-34499, CVE-2021-34500, CVE-2021-34503, CVE-2021-34504, CVE-2021-34507, CVE-2021-34508, CVE-2021-34509, CVE-2021-34510, CVE-2021-34511, CVE-2021-34512, CVE-2021-34514, CVE-2021-34516, CVE-2021-34525, CVE-2021-34527
Impact: Remote Code Execution, Elevation of Privilege, Denial of Service, Security Feature Bypass, Spoofing, Information Disclosure
Severity: Critical, Important, Low
KBs: 5004233, 5004238, 5004244, 5004249, 5004285, 5004294, 5004298, 5004302, 5004947, 5004948, 5004950, 5004954, 5004956, 5004958, 5004960
2.Product: Microsoft Office
CVEs/Advisory: CVE-2021-34451, CVE-2021-34452, CVE-2021-34467, CVE-2021-34468, CVE-2021-34469, CVE-2021-34501, CVE-2021-34517, CVE-2021-34518, CVE-2021-34519, CVE-2021-34520
Impact: Remote Code Execution, Spoofing, Security Feature Bypass, Information Disclosure
Severity: Important, Moderate
KBs: 5001949, 5001973, 5001975, 5001976, 5001977, 5001979, 5001981, 5001983, 5001984, 5001986, 5001992, 5001993, 5001996
3.Product: Microsoft Office SharePoint
CVEs/Advisory: CVE-2021-34467, CVE-2021-34468, CVE-2021-34517, CVE-2021-34519, CVE-2021-34520
Impact: Remote Code Execution, Information Disclosure, Spoofing
Severity: Important, Moderate
KBs:5001975, 5001976, 5001981, 5001984, 5001992, 5001996
4.Product: Open Enclave SDK
CVEs/Advisory: CVE-2021-33767
Impact: Elevation of Privilege
Severity: Important
5.Product: Microsoft Visual Studio Code
CVEs/Advisory: CVE-2021-34479, CVE-2021-34529, CVE-2021-34528
Impact: Spoofing, Remote Code Execution
Severity: Important
6.Product: Microsoft Bing Search for Android
CVEs/Advisory: CVE-2021-33753
Impact: Spoofing
Severity: Important
Product: Microsoft Exchange Server
CVEs/Advisory: CVE-2021-31196, CVE-2021-31206, CVE-2021-33766, CVE-2021-33768, CVE-2021-34470, CVE-2021-34473, CVE-2021-34523
Impact: Remote Code Execution, Information Disclosure, Elevation of Privilege
Severity: Critical, Important
KBs: 5001779, 5003611, 5003612, 5004778, 5004779, 5004780
SanerNow VM and SanerNow PM detect these vulnerabilities and automatically fix them by applying security updates. Use SanerNow and therefore keep your systems updated and secure.