This week Microsoft released its security updates for July 2021, which has fixes for 117 vulnerabilities in Microsoft products. Every month we will post our vulnerability risk and tips around each patch released, to provide advice for IT professionals and businesses. This month Dan Robinson has provided our FIT score and tips.
Out of the 117 patches; 13 are classed as critical, 103 as important and 1 moderate. There were also 9 Zero-Day vulnerabilities publicly disclosed, 4 of them known to be exploited in the wild.
Zero-day vulnerabilities discovered this month:
The five publicly disclosed, but not exploited:-
- CVE-2021-34492 - Windows Certificate Spoofing Vulnerability
- CVE-2021-34523 - Microsoft Exchange Server Elevation of Privilege Vulnerability
- CVE-2021-34473 - Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2021-33779 - Windows ADFS Security Feature Bypass Vulnerability
- CVE-2021-33781 - Active Directory Security Feature Bypass Vulnerability
The one publicly disclosed and actively exploited vulnerability known as PrintNightmare:-
- CVE-2021-34527 - Windows Print Spooler Remote Code Execution Vulnerability
The three actively exploited Windows vulnerabilities that were not publicly disclosed:-
- CVE-2021-33771 - Windows Kernel Elevation of Privilege Vulnerability
- CVE-2021-34448 - Scripting Engine Memory Corruption Vulnerability
- CVE-2021-31979 - Windows Kernel Elevation of Privilege Vulnerability
Other companies who have released security updates this week:
- Adobe released security updates for five products.
- Android's July security updates were released yesterday.
- Cisco released security updates for numerous products this month.
- SAP released its July 2021 security updates.
- VMWare released security updates for ESXi and ThinApp.
All the patches can be found in the table below or alternatively downloaded here.
We have also curated a downloadable Patching Best Practice Guide.
|
Category |
CVE IDs |
CVE Title |
Severity |
FIT Score & Tip |
|
Active Directory Federation Services |
CVE-2021-33779 |
Windows ADFS Security Feature Bypass Vulnerability |
Important |
2/5 - This vulnerability is relatively low risk currently. It affects Server 2016 and 2019 and fixes are available within the normal monthly patching for July. |
|
Common Internet File System |
CVE-2021-34476 |
Bowser.sys Denial of Service Vulnerability |
Important |
2/5 - This vulnerability is flagged as low, and the fix for this is located within the July monthly patching. This isn't being actively exploited currently, but that could change. |
|
Dynamics Business Central Control |
CVE-2021-34474 |
Dynamics Business Central Remote Code Execution Vulnerability |
Critical |
4/5 - Flagged as critical, if you use Dynamics 365 there is a fix specifically for this software. |
|
Microsoft Bing |
CVE-2021-33753 |
Microsoft Bing Search Spoofing Vulnerability |
Important |
3/5 - This is an issue that affects the Bing Search for Android. The Android app must be updated from the Play Store for it to be resolved. |
|
Microsoft Exchange Server |
CVE-2021-34473 |
Microsoft Exchange Server Remote Code Execution Vulnerability |
Critical |
5/5 - If you use on-premise Exchange, this exploitation is likely to be exploited so it's worth prioritising this fix to be applied to your Exchange Servers. |
|
Microsoft Exchange Server |
CVE-2021-31206 |
Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Exchange Information Disclosure Vulnerability Microsoft Exchange Server Elevation of Privilege Vulnerability |
Important |
4/5 - If you use on-premise Exchange, it's worth applying this fix as it resolves multiple issues not just a single one. |
|
Microsoft Graphics Component |
CVE-2021-34440 |
GDI+ Information Disclosure Vulnerability DirectWrite Remote Code Execution Vulnerability Windows GDI Information Disclosure Vulnerability Windows GDI Elevation of Privilege Vulnerability Windows Font Driver Host Remote Code Execution Vulnerability |
Important |
3/5 - Exploitation is less likely on this one, but the fix is available for all operating systems, including Windows 7 which would now fall into the legacy category. |
|
Microsoft Office |
CVE-2021-34469 |
Microsoft Office Online Server Spoofing Vulnerability Microsoft Word Remote Code Execution Vulnerability |
Important |
3/5 - The updates for this vulnerability are either manually run for older Office packages or you can use Click to Run to update Office 365 packages. |
|
Microsoft Office Excel |
CVE-2021-34501 |
Microsoft Excel Remote Code Execution Vulnerability |
Important |
3/5 - Similar to the above, all modern Office packages have updates available and Office 365 has a Click to Run which will update that suite. |
|
Microsoft Office SharePoint |
CVE-2021-34468 |
Microsoft SharePoint Server Remote Code Execution Vulnerability Microsoft SharePoint Server Information Disclosure Vulnerability Microsoft SharePoint Server Spoofing Vulnerability |
Important |
4/5 - Exploitation is more likely on this one, and if you have an on-premise SharePoint server then you will need to apply the update to resolve this issue. If you use SharePoint online then Microsoft will take care of any updates to that platform. |
|
Microsoft Scripting Engine |
CVE-2021-34448 |
Scripting Engine Memory Corruption Vulnerability |
Critical |
5/5 - This is flagged as critical and also has exploitation detected currently, I'd encourage this to be updated as soon as possible. The fix is in the normal monthly updates. |
|
Microsoft Windows Codecs Library |
CVE-2021-33740 |
Windows Media Remote Code Execution Vulnerability |
Critical |
4/5 - Exploitation is less likely, however, it's within the monthly updates for July for most operating systems. I'd encourage this to be done as soon as you run the July updates. |
|
Microsoft Windows Codecs Library |
CVE-2021-33778 |
HEVC Video Extensions Remote Code Execution Vulnerability Media Foundation Information Disclosure Vulnerability Raw Image Extension Remote Code Execution Vulnerability |
Important |
4/5 - The Microsoft Store will handle the update, you can run this manually via the Store or you can run a PowerShell command to encourage the updates. |
|
Microsoft Windows DNS |
CVE-2021-34499 |
Windows DNS Server Denial of Service Vulnerability Windows DNS Server Remote Code Execution Vulnerability |
Important |
3/5 - Exploitation is less likely and the fix is contained in your normal monthly patching for July. |
|
Microsoft Windows Media Foundation |
CVE-2021-34439 |
Microsoft Windows Media Foundation Remote Code Execution Vulnerability |
Critical |
5/5 - Flagged as critical, although less likely to be exploited the exposure level if exploited is high. The fix is located in monthly patching. |
|
Microsoft Windows Media Foundation |
CVE-2021-34441 |
Microsoft Windows Media Foundation Remote Code Execution Vulnerability |
Important |
3/5 - The fix is located within your normal monthly patching for July. |
|
OpenEnclave |
CVE-2021-33767 |
Open Enclave SDK Elevation of Privilege Vulnerability |
Important |
2/5 - If you use OpenEnclave there is an update available that can be pulled from GitHub. |
|
Power BI |
CVE-2021-31984 |
Power BI Remote Code Execution Vulnerability |
Important |
3/5 - This is a component that forms part of Power Bi Desktop, you will need to update Power Bi Desktop to resolve this issue. The updated version is available here: https://www.microsoft.com/en-us/download/details.aspx?id=58494 |
|
Role: DNS Server |
CVE-2021-34494 |
Windows DNS Server Remote Code Execution Vulnerability |
Critical |
5/5 - DNS is a crucial part of your infrastructure and as such a fix has been released for Server operating systems. Once again, this is in the July monthly updates. |
|
Role: DNS Server |
CVE-2021-33749 |
Windows DNS Server Denial of Service Vulnerability Windows DNS Server Remote Code Execution Vulnerability Windows DNS Snap-in Remote Code Execution Vulnerability |
Important |
4/5 - DNS is a crucial part of your infrastructure and as such a fix has been released for Server operating systems. Once again, this is in the July monthly updates. |
|
Role: Hyper-V |
CVE-2021-34450 |
Windows Hyper-V Remote Code Execution Vulnerability |
Critical |
5/5 - Hyper-V is crucial for running virtual machines on Windows-based servers. The fix is in your normal monthly updates for July. |
|
Role: Hyper-V |
CVE-2021-33758 |
Windows Hyper-V Denial of Service Vulnerability |
Important |
4/5 - This fix is located in your July monthly updates. |
|
Visual Studio Code |
CVE-2021-34529 |
Visual Studio Code Remote Code Execution Vulnerability Microsoft Visual Studio Spoofing Vulnerability |
Important |
3/5 - If you use Visual Studio Code, a new release is available here: https://code.visualstudio.com/Download |
|
Visual Studio Code - .NET Runtime |
CVE-2021-34477 |
Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability |
Important |
3/5 - If you use the .NET Runtime with Visual Studio Code, then I would encourage this being updated as it won't be automatically done via Windows Update. |
|
Windows Active Directory |
CVE-2021-33781 |
Active Directory Security Feature Bypass Vulnerability |
Important |
4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability. |
|
Windows Address Book |
CVE-2021-34504 |
Windows Address Book Remote Code Execution Vulnerability |
Important |
4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability. |
|
Windows AF_UNIX Socket Provider |
CVE-2021-33785 |
Windows AF_UNIX Socket Provider Denial of Service Vulnerability |
Important |
4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability. |
|
Windows AppContainer |
CVE-2021-34459 |
Windows AppContainer Elevation Of Privilege Vulnerability |
Important |
4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability. |
|
Windows AppX Deployment Extensions |
CVE-2021-34462 |
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability |
Important |
4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability. |
|
Windows Authenticode |
CVE-2021-33782 |
Windows Authenticode Spoofing Vulnerability |
Important |
4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability. |
|
Windows Cloud Files Mini Filter Driver |
CVE-2021-33784 |
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
Important |
4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability. |
|
Windows Console Driver |
CVE-2021-34488 |
Windows Console Driver Elevation of Privilege Vulnerability |
Important |
4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability. |
|
Windows Defender |
CVE-2021-34522 |
Microsoft Defender Remote Code Execution Vulnerability |
Critical |
4/5 - Microsoft Defender will automatically update from Microsoft unless disabled. |
|
Windows Desktop Bridge |
CVE-2021-33759 |
Windows Desktop Bridge Elevation of Privilege Vulnerability |
Important |
4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability. |
|
Windows Event Tracing |
CVE-2021-33774 |
Windows Event Tracing Elevation of Privilege Vulnerability |
Important |
4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability. |
|
Windows File History Service |
CVE-2021-34455 |
Windows File History Service Elevation of Privilege Vulnerability |
Important |
4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability. |
|
Windows Hello |
CVE-2021-34466 |
Windows Hello Security Feature Bypass Vulnerability |
Important |
4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability. |
|
Windows HTML Platform |
CVE-2021-34446 |
Windows HTML Platforms Security Feature Bypass Vulnerability |
Important |
4/5 - This vulnerability affects a number of Windows-based operating systems. Legacy operating systems may require extended support for updates to be applied. |
|
Windows Installer |
CVE-2021-33765 |
Windows Installer Spoofing Vulnerability Windows Installer Elevation of Privilege Vulnerability Windows InstallService Elevation of Privilege Vulnerability |
Important |
4/5 - This vulnerability affects a number of Windows-based operating systems. Legacy operating systems may require extended support for updates to be applied. |
|
Windows Kernel |
CVE-2021-34458 |
Windows Kernel Remote Code Execution Vulnerability |
Critical |
5/5 - Flagged as critical, although less likely to be exploited the exposure level if exploited is high. The fix is located in monthly patching. |
|
Windows Kernel |
CVE-2021-34461 |
Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability Windows Kernel Remote Code Execution Vulnerability Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Memory Information Disclosure Vulnerability |
Important |
4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability. |
|
Windows Key Distribution Center |
CVE-2021-33764 |
Windows Key Distribution Center Information Disclosure Vulnerability |
Important |
4/5 - This vulnerability affects a number of Windows-based operating systems. Legacy operating systems may require extended support for updates to be applied. |
|
Windows Local Security Authority Subsystem Service |
CVE-2021-33788 |
Windows LSA Denial of Service Vulnerability Windows LSA Security Feature Bypass Vulnerability |
Important |
4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability. |
|
Windows MSHTML Platform |
CVE-2021-34497 |
Windows MSHTML Platform Remote Code Execution Vulnerability |
Critical |
4/5 - Flagged as critical, it's worth applying this sooner rather than later, but again like the others it's contained in the monthly patching. |
|
Windows MSHTML Platform |
CVE-2021-34447 |
Windows MSHTML Platform Remote Code Execution Vulnerability |
Important |
4/5 - User interaction is required on for this exploit. The fix is contained in the normal monthly patching for July. |
|
Windows Partition Management Driver |
CVE-2021-34493 |
Windows Partition Management Driver Elevation of Privilege Vulnerability |
Important |
3/5 - Exploitation is less likely but risk factor is high. This vulnerability is resolved in July monthly updates. |
|
Windows PFX Encryption |
CVE-2021-34492 |
Windows Certificate Spoofing Vulnerability |
Important |
3/5 - Exploitation is less likely but risk factor is high. This vulnerability is resolved in July monthly updates. |
|
Windows Print Spooler Components |
CVE-2021-34527 |
Windows Print Spooler Remote Code Execution Vulnerability |
Critical |
5/5 - Probably the most key to this patching cycle, this vulnerability also know as Print Nightmare has now had a fix produced. It was out of bands, but this has now been included in the July monthly updates. |
|
Windows Projected File System |
CVE-2021-33743 |
Windows Projected File System Elevation of Privilege Vulnerability |
Important |
4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability. |
|
Windows Remote Access Connection Manager |
CVE-2021-34457 |
Windows Remote Access Connection Manager Information Disclosure Vulnerability |
Important |
4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability. |
|
Windows Remote Assistance |
CVE-2021-34507 |
Windows Remote Assistance Information Disclosure Vulnerability |
Important |
4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability. |
|
Windows Secure Kernel Mode |
CVE-2021-33744 |
Windows Secure Kernel Mode Security Feature Bypass Vulnerability |
Important |
4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability. |
|
Windows Security Account Manager |
CVE-2021-33757 |
Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability |
Important |
4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability. |
|
Windows Shell |
CVE-2021-34454 |
Windows Remote Access Connection Manager Information Disclosure Vulnerability |
Important |
4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability. |
|
Windows SMB |
CVE-2021-33783 |
Windows SMB Information Disclosure Vulnerability |
Important |
4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability. |
|
Windows Storage Spaces Controller |
CVE-2021-33751 |
Storage Spaces Controller Elevation of Privilege Vulnerability Storage Spaces Controller Information Disclosure Vulnerability |
Important |
4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability. |
|
Windows TCP/IP |
CVE-2021-31183 |
Windows TCP/IP Driver Denial of Service Vulnerability |
Important |
4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability. |
|
Windows Win32K |
CVE-2021-34449 |
Win32k Elevation of Privilege Vulnerability Win32k Information Disclosure Vulnerability |
Important |
4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability. |
Hope this table with helpful!
About the Author: Lizzie Arcari
Lizzie joined Foundation IT in 2019 after graduating from University. She is excited to develop her career in the IT industry, learning from the best.
