Microsoft August 2021 Patch Tuesday
This month we got patches for 51 vulnerabilities. Of these, 7 are critical, 2 were previously disclosed and 1 is being exploited according to Microsoft.
The exploited vulnerability is an elevation of privilege Windows Update Medic Service (CVE-2021-36948). This vulnerability requires no user interaction low privileges and has a low attack complexity. The CVSS v3 for this vulnerability is 7.80.
Among the two previously disclosed vulnerability, there is a remote code execution (RCE) affecting Windows Print Spooler (CVE-2021-36936). This vulnerability may be exploited from network, requires low privileges and no user interaction. Microsoft has released patches to fix this vulnerability on virtually all supported Windows versions and also for the unsupported Windows 7. The CVSS v3 for this vulnerability is 8.80.
The second previously disclosed vulnerability is a spoofing vulnerability affecting Windows LSA (CVE-2021-36942). This vulnerability man be exploited remotely (network), requires no privilege nor user interaction. According the the vulnerability advisory, an unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM. The security update released thsi month by Microsoft blocks the affected API calls (OpenEncryptedFileRawA) and (OpenEncryptedFileRawW) through LSARPC interface.
Yet about LSA Spoofing vulnerability, despite affecting all Windows Servers, according to Microsoft, Domain Controllers should be prioritazed on updating process. Additionally, there are further actions (KB5005413) users need to take to protect their systems after applying the security update. The CVSS v3 for this vulnerability is 7.5, but, when chained with NTLM Relay attacks on Active Directory Certificate Services (AD CS) is 9.80.
Finally, the highest CVSS this month (9.90) went to the Windows TCP/IP Remote Code Execution Vulnerability (CVE-2021-26424). According to the vulnerability advisory, this vulnerability may be remotely triggerable by a malicious Hyper-V guest sending an ipv6 ping to the Hyper-V host. An attacker could send a specially crafted TCPIP packet to its host utilizing the TCPIP Protocol Stack (tcpip.sys) to process packets.
See my dashboard for a more detailed breakout: https://patchtuesdaydashboard.com
| Description | |||||||
|---|---|---|---|---|---|---|---|
| CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
| .NET Core and Visual Studio Denial of Service Vulnerability | |||||||
| CVE-2021-26423 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| .NET Core and Visual Studio Information Disclosure Vulnerability | |||||||
| CVE-2021-34485 | No | No | Less Likely | Less Likely | Important | 5.0 | 4.4 |
| ASP.NET Core and Visual Studio Information Disclosure Vulnerability | |||||||
| CVE-2021-34532 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Azure CycleCloud Elevation of Privilege Vulnerability | |||||||
| CVE-2021-33762 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| CVE-2021-36943 | No | No | Less Likely | Less Likely | Important | 4.0 | 3.5 |
| Azure Sphere Denial of Service Vulnerability | |||||||
| CVE-2021-26430 | No | No | Less Likely | Less Likely | Important | 6.0 | 5.4 |
| Azure Sphere Elevation of Privilege Vulnerability | |||||||
| CVE-2021-26429 | No | No | Less Likely | Less Likely | Important | 7.7 | 6.9 |
| Azure Sphere Information Disclosure Vulnerability | |||||||
| CVE-2021-26428 | No | No | Less Likely | Less Likely | Important | 4.4 | 4.0 |
| Chromium: CVE-2021-30590 Heap buffer overflow in Bookmarks | |||||||
| CVE-2021-30590 | No | No | - | - | - | ||
| Chromium: CVE-2021-30591 Use after free in File System API | |||||||
| CVE-2021-30591 | No | No | - | - | - | ||
| Chromium: CVE-2021-30592 Out of bounds write in Tab Groups | |||||||
| CVE-2021-30592 | No | No | - | - | - | ||
| Chromium: CVE-2021-30593 Out of bounds read in Tab Strip | |||||||
| CVE-2021-30593 | No | No | - | - | - | ||
| Chromium: CVE-2021-30594 Use after free in Page Info UI | |||||||
| CVE-2021-30594 | No | No | - | - | - | ||
| Chromium: CVE-2021-30596 Incorrect security UI in Navigation | |||||||
| CVE-2021-30596 | No | No | - | - | - | ||
| Chromium: CVE-2021-30597 Use after free in Browser UI | |||||||
| CVE-2021-30597 | No | No | - | - | - | ||
| Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability | |||||||
| CVE-2021-36949 | No | No | Less Likely | Less Likely | Important | 7.1 | 6.4 |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||||
| CVE-2021-36950 | No | No | Less Likely | Less Likely | Important | 5.4 | 4.9 |
| Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability | |||||||
| CVE-2021-34524 | No | No | Less Likely | Less Likely | Important | 8.1 | 7.1 |
| Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | |||||||
| CVE-2021-36946 | No | No | Less Likely | Less Likely | Important | 5.4 | 4.9 |
| Microsoft Office Remote Code Execution Vulnerability | |||||||
| CVE-2021-34478 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||||
| CVE-2021-36940 | No | No | Less Likely | Less Likely | Important | 7.6 | 6.6 |
| Microsoft Windows Defender Elevation of Privilege Vulnerability | |||||||
| CVE-2021-34471 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Microsoft Word Remote Code Execution Vulnerability | |||||||
| CVE-2021-36941 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Remote Desktop Client Remote Code Execution Vulnerability | |||||||
| CVE-2021-34535 | No | No | More Likely | More Likely | Critical | 8.8 | 7.9 |
| Scripting Engine Memory Corruption Vulnerability | |||||||
| CVE-2021-34480 | No | No | More Likely | More Likely | Critical | 6.8 | 5.9 |
| Storage Spaces Controller Elevation of Privilege Vulnerability | |||||||
| CVE-2021-34536 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows 10 Update Assistant Elevation of Privilege Vulnerability | |||||||
| CVE-2021-36945 | No | No | Less Likely | Less Likely | Important | 7.3 | 6.4 |
| Windows Bluetooth Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2021-34537 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Cryptographic Primitives Library Information Disclosure Vulnerability | |||||||
| CVE-2021-36938 | No | No | Unlikely | Unlikely | Important | 5.5 | 4.8 |
| Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability | |||||||
| CVE-2021-36927 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Event Tracing Elevation of Privilege Vulnerability | |||||||
| CVE-2021-34486 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2021-34487 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| CVE-2021-26425 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Graphics Component Font Parsing Remote Code Execution Vulnerability | |||||||
| CVE-2021-34533 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Graphics Component Remote Code Execution Vulnerability | |||||||
| CVE-2021-34530 | No | No | Less Likely | Less Likely | Critical | 7.8 | 6.8 |
| Windows LSA Spoofing Vulnerability | |||||||
| CVE-2021-36942 | Yes | No | More Likely | More Likely | Important | 7.5 | 7.0 |
| Windows MSHTML Platform Remote Code Execution Vulnerability | |||||||
| CVE-2021-34534 | No | No | Less Likely | Less Likely | Critical | 6.8 | 5.9 |
| Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability | |||||||
| CVE-2021-36937 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||||
| CVE-2021-34483 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.2 |
| Windows Print Spooler Remote Code Execution Vulnerability | |||||||
| CVE-2021-36936 | Yes | No | More Likely | More Likely | Critical | 8.8 | 8.2 |
| CVE-2021-36947 | No | No | More Likely | More Likely | Important | 8.8 | 8.2 |
| Windows Recovery Environment Agent Elevation of Privilege Vulnerability | |||||||
| CVE-2021-26431 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | |||||||
| CVE-2021-26433 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| CVE-2021-36926 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| CVE-2021-36932 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| CVE-2021-36933 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability | |||||||
| CVE-2021-26432 | No | No | More Likely | More Likely | Critical | 9.8 | 8.5 |
| Windows TCP/IP Remote Code Execution Vulnerability | |||||||
| CVE-2021-26424 | No | No | More Likely | More Likely | Critical | 9.9 | 8.6 |
| Windows Update Medic Service Elevation of Privilege Vulnerability | |||||||
| CVE-2021-36948 | No | Yes | Detected | Detected | Important | 7.8 | 7.2 |
| Windows User Account Profile Picture Elevation of Privilege Vulnerability | |||||||
| CVE-2021-26426 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| Windows User Profile Service Elevation of Privilege Vulnerability | |||||||
| CVE-2021-34484 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
--
Renato Marinho
Morphus Labs| LinkedIn|Twitter
Comments
www
Nov 17th 2022
2 months ago
EEW
Nov 17th 2022
2 months ago
qwq
Nov 17th 2022
2 months ago
mashood
Nov 17th 2022
2 months ago
isc.sans.edu
Nov 23rd 2022
2 months ago
isc.sans.edu
Nov 23rd 2022
2 months ago
isc.sans.edu
Dec 3rd 2022
1 month ago
isc.sans.edu
Dec 3rd 2022
1 month ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
1 month ago
isc.sans.edu
Dec 26th 2022
1 month ago