[ad_1]
Today is Microsoft’s August 2021 patch Tuesday, and with it, fixes for three zero-day vulnerabilities and a total of 44 flaws, so be nice to your Windows admins as they rush around to the patches installed.
Microsoft fixed 44 vulnerabilities (51 including Microsoft Edge) with today’s update, including seven classified as critical and 37 as important.
Of the 44 vulnerabilities, 13 are remote code execution, eight are information disclosure, two are denial of service, and four are spoofing vulnerabilities.
For more information on non-security Windows updates, you can read today’s Windows 10 cumulative updates KB5005033 and KB5005031.
Microsoft corrects PrintNightmare and PetitPotam attacks
Microsoft has released security updates for two highly anticipated zero-day vulnerabilities that were discovered over the past month.
One of the security updates addresses vulnerabilities in PrintNightmare that allow malicious actors to gain SYSTEM-level privileges simply by connecting to a remote print server under their control.
Microsoft corrected this vulnerability by requiring users to have administrative privileges to install printer drivers using the Windows Point and Print feature.
You can find more detailed information about the PrintNightmare vulnerability and Point and Print mitigations in a dedicated article published today.
Microsoft also fixed the PetitPotam NTLM relay attack vector which uses the MS-EFSRPC API to force a device to negotiate with a remote relay server under the control of an attacker.
A threat actor with low privileges could use this attack to take control of a domain controller and therefore of the entire Windows domain.
Three fixed zero-days, one of which is actively exploited
The August Patch Tuesday includes three zero-day vulnerabilities, one of which is actively exploited in the wild.
Microsoft classifies a vulnerability as a zero day if it is publicly disclosed or actively exploited without an official or released security update.
The two publicly disclosed, but not actively exploited zero-day vulnerabilities are:
The CVE-2021-36942 vulnerability is associated with the PetitPotam NTLM relay attack vector, which allows domain controllers to be taken over.
Finally, an actively exploited elevation of privilege vulnerability has been discovered by the Microsoft Security Response Center (MSRC) and the Microsoft Threat Intelligence Center (MSTIC).
- CVE-2021-36948 – Windows Update Medic Service Elevation of Privilege Vulnerability
It is not known how threat actors have used this vulnerability in attacks at this time.
Recent updates from other companies
Other vendors who released updates in July include:
August 2021 Patch Tuesday security updates
Below is the full list of fixed vulnerabilities and notices published in the August 2021 Patch Tuesday updates. For a full description of each vulnerability and the systems it affects, you can view the report. full here.
| Label | CVE ID | CVE Title | Gravity |
|---|---|---|---|
| .NET Core and Visual Studio | CVE-2021-34485 | Information Disclosure Vulnerability in .NET Core and Visual Studio | Important |
| .NET Core and Visual Studio | CVE-2021-26423 | .NET Core and Visual Studio Denial of Service Vulnerability | Important |
| ASP.NET Core and Visual Studio | CVE-2021-34532 | Information Disclosure Vulnerability in ASP.NET Core and Visual Studio | Important |
| Azure blue | CVE-2021-36943 | Azure CycleCloud Elevation of Privilege Vulnerability | Important |
| Azure blue | CVE-2021-33762 | Azure CycleCloud Elevation of Privilege Vulnerability | Important |
| Azure sphere | CVE-2021-26428 | Azure Sphere Information Disclosure Vulnerability | Important |
| Azure sphere | CVE-2021-26430 | Azure Sphere Denial of Service Vulnerability | Important |
| Azure sphere | CVE-2021-26429 | Azure Sphere Elevation of Privilege Vulnerability | Important |
| Microsoft Azure Active Directory connection | CVE-2021-36949 | Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability | Important |
| Microsoft Dynamics | CVE-2021-36946 | Microsoft Dynamics Business Central Cross-Site Scripting Vulnerability | Important |
| Microsoft Dynamics | CVE-2021-36950 | Microsoft Dynamics 365 (on-premises) cross-site scripting vulnerability | Important |
| Microsoft Dynamics | CVE-2021-34524 | Remote Code Execution Vulnerability in Microsoft Dynamics 365 (on-premises) | Important |
| Microsoft Edge (Chrome based) | CVE-2021-30591 | Chrome: CVE-2021-30591 Free to use in File System API | Unknown |
| Microsoft Edge (Chrome based) | CVE-2021-30592 | Chrome: CVE-2021-30592 Write out of range in tab groups | Unknown |
| Microsoft Edge (Chrome based) | CVE-2021-30597 | Chrome: CVE-2021-30597 Free to use in browser UI | Unknown |
| Microsoft Edge (Chrome based) | CVE-2021-30594 | Chrome: CVE-2021-30594 Use after free version in page information UI | Unknown |
| Microsoft Edge (Chrome based) | CVE-2021-30596 | Chrome: CVE-2021-30596 Incorrect security user interface in navigation | Unknown |
| Microsoft Edge (Chrome based) | CVE-2021-30590 | Chrome: CVE-2021-30590 Buffer overflow in bookmarks | Unknown |
| Microsoft Edge (Chrome based) | CVE-2021-30593 | Chrome: CVE-2021-30593 Out of range read in tab strip | Unknown |
| Microsoft Graphics Component | CVE-2021-34530 | Remote Code Execution Vulnerability in Windows Graphical Component | Critical |
| Microsoft Graphics Component | CVE-2021-34533 | Remote Code Execution Vulnerability When Parsing Windows Graphics Component Fonts | Important |
| Microsoft Office | CVE-2021-34478 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2021-36940 | Microsoft SharePoint Server spoofing vulnerability | Important |
| Microsoft Office Word | CVE-2021-36941 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Script Engine | CVE-2021-34480 | Script Engine Memory Corruption Vulnerability | Critical |
| Microsoft Windows Codec Library | CVE-2021-36937 | Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability | Important |
| Remote desktop client | CVE-2021-34535 | Remote Desktop Client Remote Code Execution Vulnerability | Critical |
| Windows Bluetooth Service | CVE-2021-34537 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | Important |
| Windows cryptographic services | CVE-2021-36938 | Windows Cryptographic Primitive Library Information Disclosure Vulnerability | Important |
| Windows Defender | CVE-2021-34471 | Microsoft Windows Defender Elevation of Privilege Vulnerability | Important |
| Windows Event Tracking | CVE-2021-34486 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
| Windows Event Tracking | CVE-2021-34487 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
| Windows Event Tracking | CVE-2021-26425 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
| Windows Media | CVE-2021-36927 | Windows Digital TV Tuner Device Registration Application Elevation of Privilege Vulnerability | Important |
| Windows platform MSHTML | CVE-2021-34534 | Windows MSHTML Platform Remote Code Execution Vulnerability | Critical |
| Windows NTLM | CVE-2021-36942 | Windows LSA Impersonation Vulnerability | Important |
| Windows Print Spooler Components | CVE-2021-34483 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Print Spooler Components | CVE-2021-36947 | Windows Print Spooler Remote Code Execution Vulnerability | Important |
| Windows Print Spooler Components | CVE-2021-36936 | Windows Print Spooler Remote Code Execution Vulnerability | Critical |
| Windows Services for NFS ONCRPC XDR Driver | CVE-2021-36933 | Windows Services Driver Information Disclosure Vulnerability for NFS ONCRPC XDR | Important |
| Windows Services for NFS ONCRPC XDR Driver | CVE-2021-26433 | Windows Services Driver Information Disclosure Vulnerability for NFS ONCRPC XDR | Important |
| Windows Services for NFS ONCRPC XDR Driver | CVE-2021-36932 | Windows Services Driver Information Disclosure Vulnerability for NFS ONCRPC XDR | Important |
| Windows Services for NFS ONCRPC XDR Driver | CVE-2021-26432 | Windows Services Remote Code Execution Vulnerability for Driver NFS ONCRPC XDR | Critical |
| Windows Services for NFS ONCRPC XDR Driver | CVE-2021-36926 | Windows Services Driver Information Disclosure Vulnerability for NFS ONCRPC XDR | Important |
| Windows Storage Controller | CVE-2021-34536 | Storage space controller elevation of privilege vulnerability | Important |
| Windows TCP / IP | CVE-2021-26424 | Windows TCP / IP Remote Code Execution Vulnerability | Critical |
| Windows Update | CVE-2021-36948 | Windows Update Medic Service Elevation of Privilege Vulnerability | Important |
| Windows Update Assistant | CVE-2021-36945 | Windows 10 Update Assistant elevation of privilege vulnerability | Important |
| Windows Update Assistant | CVE-2021-26431 | Windows Recovery Environment Agent Elevation of Privilege Vulnerability | Important |
| Windows User Profile Service | CVE-2021-34484 | Windows User Profile Service elevation of privilege vulnerability | Important |
| Windows User Profile Service | CVE-2021-26426 | Windows User Account Profile Image Elevation of Privilege Vulnerability | Important |
[ad_2]
Source link