Microsoft has released July Patch Tuesday security updates with a total of 117 vulnerabilities in the family of Windows, Mac, and Android operating systems and related products. In the release by Microsoft, 13 were rated as Critical, 1 as moderate, and 103 as Important. The products covered in the July security update include Microsoft Exchange Server, Microsoft Office, Microsoft SharePoint Server, Microsoft Bing, OpenEnclave, etc.
Microsoft has also released patches for nine zero-day vulnerabilities. Five among these are publicly disclosed, and Four are actively exploited.
CVE-2021-34523 – Microsoft Exchange Server Elevation of Privilege Vulnerability. According to Microsoft, it has less chance of exploitation since the attacker would need to have already established a presence on the vulnerable Exchange Server before trying to exploit. It is the highest-rated zero-day EoP this time for Exchange Server and has a CVSSv3 score of 9.0.
CVE-2021-34473 – Microsoft Exchange Server Remote Code Execution Vulnerability. According to Microsoft, it has a high chance of exploitation and has a CVSSv3 score of 9.1. It is the highest-rated zero-day RCE this time for Exchange Server. According to Microsoft, even though it is patched as part of the April 2021 Patch Tuesday release, CVE was accidentally removed from the security update guide.
CVE-2021-33779 – Windows Active Directory Federation Services bypass vulnerability. The vulnerability is publicly disclosed but not exploited yet. This security feature bypass vulnerability is rated as important.
CVE-2021-33781 – Windows Active Directory Security Feature Bypass Vulnerability. It is less likely to be exploited, as per Microsoft. This publicly disclosed vulnerability is not exploited yet, and it is rated as important. It allows remote attackers to bypass authentication and gain elevated privileges on the target system.
CVE-2021-34527 – Windows Print Spooler Remote Code Execution Vulnerability.Vulnerability. The vulnerability is publicly disclosed and actively exploited in the wild. The flaw is an elevation of privilege vulnerability in the ‘RpcAddPrinterDriverEx’ function in the Windows Print Spooler service. It allows attackers to run arbitrary code with SYSTEM privilege that further allows the attackers to install arbitrary programs and cause unauthorized disclosure. The vulnerability dubbed as PrintNightmare is rated as critical.
CVE-2021-33771 – Windows Kernel Elevation of Privilege Vulnerability. The vulnerability is being exploited in the wild but was not publicly disclosed. It is rated as important. The vulnerability is due to an improper boundary check, and it allows local attackers to execute arbitrary code on the system with elevated privileges.
CVE-2021-34448 – Microsoft Scripting Engine Memory Corruption Vulnerability. The vulnerability is being exploited in the wild but was not publicly disclosed. The flaw is due to an improper boundary check when the Microsoft scripting engine process the HTML content. It allows remote attackers to execute arbitrary code on the target system.
CVE-2021-31979 – Microsoft Windows Kernel Privilege Escalation Vulnerability. The vulnerability is being exploited in the wild but was not publicly disclosed. The flaw is due to an improper boundary check in Windows Kernel. It allows attackers to execute arbitrary code on the system with elevated privileges.
CVE-2021-34492 – Microsoft Windows Certificate Spoofing Vulnerability. The flaw exists because Windows Certificate not handling user-supplied data properly. The vulnerability is rated as important. It allows remote attackers to spoof page content.
The actively exploited flaws among these zero-days consist of privilege escalation Vulnerabilities in Windows Kernel, memory corruption vulnerability in Microsoft Scripting Engine, and remote code execution vulnerability in Print Spooler.
Microsoft has also fixed critical vulnerabilities in Dynamics Business Central Control, Microsoft Windows Codecs Library, Microsoft Windows Media Foundation, DNS Server, Hyper-V, Windows Kernel, Windows MSHTML Platform.
Microsoft security bulletin summary for July 2021
- Microsoft Exchange Server
- Microsoft Office
- Microsoft Office SharePoint
- Microsoft Windows
- Visual Studio Code
- Windows Defender
- Microsoft Windows Media Foundation
- Microsoft Bing
Product: Microsoft Windows
CVEs/Advisory: CVE-2021-31183, CVE-2021-31961, CVE-2021-31979, CVE-2021-33740, CVE-2021-33743, CVE-2021-33744, CVE-2021-33745, CVE-2021-33746, CVE-2021-33749, CVE-2021-33750, CVE-2021-33751, CVE-2021-33752, CVE-2021-33754, CVE-2021-33755, CVE-2021-33756, CVE-2021-33757, CVE-2021-33758, CVE-2021-33759, CVE-2021-33761, CVE-2021-33763, CVE-2021-33764, CVE-2021-33765, CVE-2021-33771, CVE-2021-33773, CVE-2021-33774, CVE-2021-33779, CVE-2021-33780, CVE-2021-33781, CVE-2021-33782, CVE-2021-33783, CVE-2021-33784, CVE-2021-33785, CVE-2021-33786, CVE-2021-33788, CVE-2021-34438, CVE-2021-34439, CVE-2021-34440, CVE-2021-34441, CVE-2021-34442, CVE-2021-34444, CVE-2021-34445, CVE-2021-34446, CVE-2021-34447, CVE-2021-34448, CVE-2021-34449, CVE-2021-34450, CVE-2021-34454, CVE-2021-34455, CVE-2021-34456, CVE-2021-34457, CVE-2021-34458, CVE-2021-34459, CVE-2021-34460, CVE-2021-34462, CVE-2021-34466, CVE-2021-34476, CVE-2021-34488, CVE-2021-34489, CVE-2021-34490, CVE-2021-34491, CVE-2021-34492, CVE-2021-34493, CVE-2021-34494, CVE-2021-34496, CVE-2021-34497, CVE-2021-34498, CVE-2021-34499, CVE-2021-34500, CVE-2021-34503, CVE-2021-34504, CVE-2021-34507, CVE-2021-34508, CVE-2021-34509, CVE-2021-34510, CVE-2021-34511, CVE-2021-34512, CVE-2021-34514, CVE-2021-34516, CVE-2021-34525, CVE-2021-34527
Impact: Remote Code Execution, Elevation of Privilege, Denial of Service, Security Feature Bypass, Spoofing, Information Disclosure
Severity: Critical, Important, Low
KBs: 5004233, 5004238, 5004244, 5004249, 5004285, 5004294, 5004298, 5004302, 5004947, 5004948, 5004950, 5004954, 5004956, 5004958, 5004960
Product: Microsoft Office
CVEs/Advisory: CVE-2021-34451, CVE-2021-34452, CVE-2021-34467, CVE-2021-34468, CVE-2021-34469, CVE-2021-34501, CVE-2021-34517, CVE-2021-34518, CVE-2021-34519, CVE-2021-34520
Impact: Remote Code Execution, Spoofing, Security Feature Bypass, Information Disclosure
Severity: Important, Moderate
KBs: 5001949, 5001973, 5001975, 5001976, 5001977, 5001979, 5001981, 5001983, 5001984, 5001986, 5001992, 5001993, 5001996
Product: Microsoft Office SharePoint
CVEs/Advisory: CVE-2021-34467, CVE-2021-34468, CVE-2021-34517, CVE-2021-34519, CVE-2021-34520
Impact: Remote Code Execution, Information Disclosure, Spoofing
Severity: Important, Moderate
KBs:5001975, 5001976, 5001981, 5001984, 5001992, 5001996
Product: Open Enclave SDK
Impact: Elevation of Privilege
Product: Microsoft Bing Search for Android
Product: Microsoft Exchange Server
CVEs/Advisory: CVE-2021-31196, CVE-2021-31206, CVE-2021-33766, CVE-2021-33768, CVE-2021-34470, CVE-2021-34473, CVE-2021-34523
Impact: Remote Code Execution, Information Disclosure, Elevation of Privilege
Severity: Critical, Important
KBs: 5001779, 5003611, 5003612, 5004778, 5004779, 5004780