Today is Microsoft's August 2021 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities and a total of 44 flaws, so please be nice to your Windows admins as they scramble to installed patches.
Microsoft has fixed 44 vulnerabilities (51 including Microsoft Edge) with today's update, with seven classified as Critical and 37 as Important.
Of the 44 vulnerabilities, 13 are remote code execution, eight are information disclosure, two are denial of service, and four are spoofing vulnerabilities.
For information about the non-security Windows updates, you can read about today's Windows 10 KB5005033 & KB5005031 cumulative updates.
Microsoft fixes PrintNightmare and PetitPotam attacks
Microsoft has released security updates for two eagerly anticipated zero-day vulnerabilities that were discovered over the past month.
One of the security updates fixes the PrintNightmare vulnerabilities that allow threat actors to gain SYSTEM level privileges simply by connecting to a remote print server under their control.
Microsoft has fixed this vulnerability by requiring users have administrative privileges to install printer drivers using the Point and Print Windows feature.
You can find more detailed information about the PrintNightmare vulnerability and the Point and Print mitigations in a dedicated article published today.
Microsoft also fixed the PetitPotam NTLM relay attack vector that uses the MS-EFSRPC API to force a device to negotiate with a remote relay server under an attacker's control.
A threat actor with low privileges could use this attack to take over a domain controller and thus the entire Windows domain.
Three zero-days fixed, with one actively exploited
August's Patch Tuesday includes three zero-day vulnerabilities, with one actively exploited in the wild.
Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official security updates or released.
The two publicly disclosed, but not actively exploited, zero-day vulnerabilities are:
- CVE-2021-36936 - Windows Print Spooler Remote Code Execution Vulnerability
- CVE-2021-36942 - Windows LSA Spoofing Vulnerability
The CVE-2021-36942 vulnerability is associated with the PetitPotam NTLM relay attack vector that allows the take over of domain controllers.
Finally, one actively exploited elevation of privileges vulnerability was discovered by the Microsoft Security Response Center (MSRC) and Microsoft Threat Intelligence Center (MSTIC).
- CVE-2021-36948 - Windows Update Medic Service Elevation of Privilege Vulnerability
It is unknown how threat actors used this vulnerability in attacks at this time.
Recent updates from other companies
Other vendors who released updates in July include:
- Adobe released security updates for two products.
- Android's August security updates were released last week.
- Cisco released security updates for numerous products this month.
- SAP released its August 2021 security updates.
- VMware released security updates for VMware Workspace ONE
The August 2021 Patch Tuesday Security Updates
Below is the complete list of resolved vulnerabilities and released advisories in the August 2021 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET Core & Visual Studio | CVE-2021-34485 | .NET Core and Visual Studio Information Disclosure Vulnerability | Important |
| .NET Core & Visual Studio | CVE-2021-26423 | .NET Core and Visual Studio Denial of Service Vulnerability | Important |
| ASP.NET Core & Visual Studio | CVE-2021-34532 | ASP.NET Core and Visual Studio Information Disclosure Vulnerability | Important |
| Azure | CVE-2021-36943 | Azure CycleCloud Elevation of Privilege Vulnerability | Important |
| Azure | CVE-2021-33762 | Azure CycleCloud Elevation of Privilege Vulnerability | Important |
| Azure Sphere | CVE-2021-26428 | Azure Sphere Information Disclosure Vulnerability | Important |
| Azure Sphere | CVE-2021-26430 | Azure Sphere Denial of Service Vulnerability | Important |
| Azure Sphere | CVE-2021-26429 | Azure Sphere Elevation of Privilege Vulnerability | Important |
| Microsoft Azure Active Directory Connect | CVE-2021-36949 | Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability | Important |
| Microsoft Dynamics | CVE-2021-36946 | Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | Important |
| Microsoft Dynamics | CVE-2021-36950 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
| Microsoft Dynamics | CVE-2021-34524 | Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2021-30591 | Chromium: CVE-2021-30591 Use after free in File System API | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2021-30592 | Chromium: CVE-2021-30592 Out of bounds write in Tab Groups | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2021-30597 | Chromium: CVE-2021-30597 Use after free in Browser UI | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2021-30594 | Chromium: CVE-2021-30594 Use after free in Page Info UI | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2021-30596 | Chromium: CVE-2021-30596 Incorrect security UI in Navigation | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2021-30590 | Chromium: CVE-2021-30590 Heap buffer overflow in Bookmarks | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2021-30593 | Chromium: CVE-2021-30593 Out of bounds read in Tab Strip | Unknown |
| Microsoft Graphics Component | CVE-2021-34530 | Windows Graphics Component Remote Code Execution Vulnerability | Critical |
| Microsoft Graphics Component | CVE-2021-34533 | Windows Graphics Component Font Parsing Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2021-34478 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2021-36940 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft Office Word | CVE-2021-36941 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Scripting Engine | CVE-2021-34480 | Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Windows Codecs Library | CVE-2021-36937 | Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability | Important |
| Remote Desktop Client | CVE-2021-34535 | Remote Desktop Client Remote Code Execution Vulnerability | Critical |
| Windows Bluetooth Service | CVE-2021-34537 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | Important |
| Windows Cryptographic Services | CVE-2021-36938 | Windows Cryptographic Primitives Library Information Disclosure Vulnerability | Important |
| Windows Defender | CVE-2021-34471 | Microsoft Windows Defender Elevation of Privilege Vulnerability | Important |
| Windows Event Tracing | CVE-2021-34486 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
| Windows Event Tracing | CVE-2021-34487 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
| Windows Event Tracing | CVE-2021-26425 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
| Windows Media | CVE-2021-36927 | Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability | Important |
| Windows MSHTML Platform | CVE-2021-34534 | Windows MSHTML Platform Remote Code Execution Vulnerability | Critical |
| Windows NTLM | CVE-2021-36942 | Windows LSA Spoofing Vulnerability | Important |
| Windows Print Spooler Components | CVE-2021-34483 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Print Spooler Components | CVE-2021-36947 | Windows Print Spooler Remote Code Execution Vulnerability | Important |
| Windows Print Spooler Components | CVE-2021-36936 | Windows Print Spooler Remote Code Execution Vulnerability | Critical |
| Windows Services for NFS ONCRPC XDR Driver | CVE-2021-36933 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | Important |
| Windows Services for NFS ONCRPC XDR Driver | CVE-2021-26433 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | Important |
| Windows Services for NFS ONCRPC XDR Driver | CVE-2021-36932 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | Important |
| Windows Services for NFS ONCRPC XDR Driver | CVE-2021-26432 | Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability | Critical |
| Windows Services for NFS ONCRPC XDR Driver | CVE-2021-36926 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | Important |
| Windows Storage Spaces Controller | CVE-2021-34536 | Storage Spaces Controller Elevation of Privilege Vulnerability | Important |
| Windows TCP/IP | CVE-2021-26424 | Windows TCP/IP Remote Code Execution Vulnerability | Critical |
| Windows Update | CVE-2021-36948 | Windows Update Medic Service Elevation of Privilege Vulnerability | Important |
| Windows Update Assistant | CVE-2021-36945 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | Important |
| Windows Update Assistant | CVE-2021-26431 | Windows Recovery Environment Agent Elevation of Privilege Vulnerability | Important |
| Windows User Profile Service | CVE-2021-34484 | Windows User Profile Service Elevation of Privilege Vulnerability | Important |
| Windows User Profile Service | CVE-2021-26426 | Windows User Account Profile Picture Elevation of Privilege Vulnerability | Important |