IaaS, Azure & IT News | Foundation IT

Patch Tuesday Update - July 2021 | Foundation IT

Written by Lizzie Arcari | Jul 21, 2021 3:07:00 PM

This week Microsoft released its security updates for July 2021, which has fixes for 117 vulnerabilities in Microsoft products. Every month we will post our vulnerability risk and tips around each patch released, to provide advice for IT professionals and businesses. This month Dan Robinson has provided our FIT score and tips.

Out of the 117 patches; 13 are classed as critical, 103 as important and 1 moderate. There were also 9 Zero-Day vulnerabilities publicly disclosed, 4 of them known to be exploited in the wild. 

Zero-day vulnerabilities discovered this month:

The five publicly disclosed, but not exploited:-

  • CVE-2021-34492 - Windows Certificate Spoofing Vulnerability
  • CVE-2021-34523 - Microsoft Exchange Server Elevation of Privilege Vulnerability
  • CVE-2021-34473 - Microsoft Exchange Server Remote Code Execution Vulnerability
  • CVE-2021-33779 - Windows ADFS Security Feature Bypass Vulnerability
  • CVE-2021-33781 - Active Directory Security Feature Bypass Vulnerability

The one publicly disclosed and actively exploited vulnerability known as PrintNightmare:-

  • CVE-2021-34527 - Windows Print Spooler Remote Code Execution Vulnerability

The three actively exploited Windows vulnerabilities that were not publicly disclosed:-

  • CVE-2021-33771 - Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2021-34448 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2021-31979 - Windows Kernel Elevation of Privilege Vulnerability

Other companies who have released security updates this week:

  • Adobe released security updates for five products.
  • Android's July security updates were released yesterday.
  • Cisco released security updates for numerous products this month.
  • SAP released its July 2021 security updates.
  • VMWare released security updates for ESXi and ThinApp.

All the patches can be found in the table below or alternatively downloaded here.

We have also curated a downloadable Patching Best Practice Guide.

 

Category

CVE IDs

CVE Title 

Severity

FIT Score & Tip

Active Directory Federation Services
1

CVE-2021-33779

Windows ADFS Security Feature Bypass Vulnerability

Important

2/5 - This vulnerability is relatively low risk currently. It affects Server 2016 and 2019 and fixes are available within the normal monthly patching for July.

Common Internet File System
1

CVE-2021-34476

Bowser.sys Denial of Service Vulnerability

Important

2/5 - This vulnerability is flagged as low, and the fix for this is located within the July monthly patching. This isn't being actively exploited currently, but that could change.

Dynamics Business Central Control
1

CVE-2021-34474

Dynamics Business Central Remote Code Execution Vulnerability

Critical

4/5 - Flagged as critical, if you use Dynamics 365 there is a fix specifically for this software.

Microsoft Bing
1

CVE-2021-33753

Microsoft Bing Search Spoofing Vulnerability

Important

3/5 - This is an issue that affects the Bing Search for Android. The Android app must be updated from the Play Store for it to be resolved.

Microsoft Exchange Server
1

CVE-2021-34473

Microsoft Exchange Server Remote Code Execution Vulnerability

Critical

5/5 - If you use on-premise Exchange, this exploitation is likely to be exploited so it's worth prioritising this fix to be applied to your Exchange Servers.

Microsoft Exchange Server
6

CVE-2021-31206
CVE-2021-33766
CVE-2021-34523
CVE-2021-31196
CVE-2021-33768
CVE-2021-34470

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Information Disclosure Vulnerability

Microsoft Exchange Server Elevation of Privilege Vulnerability

Important

4/5 - If you use on-premise Exchange, it's worth applying this fix as it resolves multiple issues not just a single one.

Microsoft Graphics Component
5

CVE-2021-34440
CVE-2021-34489
CVE-2021-34496
CVE-2021-34498
CVE-2021-34438

GDI+ Information Disclosure Vulnerability

DirectWrite Remote Code Execution Vulnerability

Windows GDI Information Disclosure Vulnerability

Windows GDI Elevation of Privilege Vulnerability

Windows Font Driver Host Remote Code Execution Vulnerability

Important

3/5 - Exploitation is less likely on this one, but the fix is available for all operating systems, including Windows 7 which would now fall into the legacy category.

Microsoft Office
3

CVE-2021-34469
CVE-2021-34451
CVE-2021-34452

Microsoft Office Online Server Spoofing Vulnerability

Microsoft Word Remote Code Execution Vulnerability

Important

3/5 - The updates for this vulnerability are either manually run for older Office packages or you can use Click to Run to update Office 365 packages.

Microsoft Office Excel
2

CVE-2021-34501
CVE-2021-34518

Microsoft Excel Remote Code Execution Vulnerability

Important

3/5 - Similar to the above, all modern Office packages have updates available and Office 365 has a Click to Run which will update that suite.

Microsoft Office SharePoint
5

CVE-2021-34468
CVE-2021-34519
CVE-2021-34520
CVE-2021-34517
CVE-2021-34467

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Information Disclosure Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Important

4/5 - Exploitation is more likely on this one, and if you have an on-premise SharePoint server then you will need to apply the update to resolve this issue. If you use SharePoint online then Microsoft will take care of any updates to that platform.

Microsoft Scripting Engine
1

CVE-2021-34448

Scripting Engine Memory Corruption Vulnerability

Critical

5/5 - This is flagged as critical and also has exploitation detected currently, I'd encourage this to be updated as soon as possible. The fix is in the normal monthly updates.

Microsoft Windows Codecs Library
1

CVE-2021-33740

Windows Media Remote Code Execution Vulnerability

Critical

4/5 - Exploitation is less likely, however, it's within the monthly updates for July for most operating systems. I'd encourage this to be done as soon as you run the July updates.

Microsoft Windows Codecs Library
7

CVE-2021-33778
CVE-2021-31947
CVE-2021-33760
CVE-2021-33775
CVE-2021-33776
CVE-2021-33777
CVE-2021-34521

HEVC Video Extensions Remote Code Execution Vulnerability

Media Foundation Information Disclosure Vulnerability

Raw Image Extension Remote Code Execution Vulnerability

Important

4/5 - The Microsoft Store will handle the update, you can run this manually via the Store or you can run a PowerShell command to encourage the updates.

Microsoft Windows DNS
3

CVE-2021-34499
CVE-2021-33746
CVE-2021-33754

Windows DNS Server Denial of Service Vulnerability

Windows DNS Server Remote Code Execution Vulnerability

Important

3/5 - Exploitation is less likely and the fix is contained in your normal monthly patching for July.

Microsoft Windows Media Foundation
2

CVE-2021-34439
CVE-2021-34503

Microsoft Windows Media Foundation Remote Code Execution Vulnerability

Critical

5/5 - Flagged as critical, although less likely to be exploited the exposure level if exploited is high. The fix is located in monthly patching.

Microsoft Windows Media Foundation
1

CVE-2021-34441

Microsoft Windows Media Foundation Remote Code Execution Vulnerability

Important

3/5 - The fix is located within your normal monthly patching for July.

OpenEnclave
1

CVE-2021-33767

Open Enclave SDK Elevation of Privilege Vulnerability

Important

2/5 - If you use OpenEnclave there is an update available that can be pulled from GitHub.

Power BI
1

CVE-2021-31984

Power BI Remote Code Execution Vulnerability

Important

3/5 - This is a component that forms part of Power Bi Desktop, you will need to update Power Bi Desktop to resolve this issue. The updated version is available here: https://www.microsoft.com/en-us/download/details.aspx?id=58494

Role: DNS Server
1

CVE-2021-34494

Windows DNS Server Remote Code Execution Vulnerability

Critical

5/5 - DNS is a crucial part of your infrastructure and as such a fix has been released for Server operating systems. Once again, this is in the July monthly updates.

Role: DNS Server
9

CVE-2021-33749
CVE-2021-33745
CVE-2021-34442
CVE-2021-34444
CVE-2021-34525
CVE-2021-33780
CVE-2021-33750
CVE-2021-33752
CVE-2021-33756

Windows DNS Server Denial of Service Vulnerability

Windows DNS Server Remote Code Execution Vulnerability

Windows DNS Snap-in Remote Code Execution Vulnerability

Important

4/5 - DNS is a crucial part of your infrastructure and as such a fix has been released for Server operating systems. Once again, this is in the July monthly updates.

Role: Hyper-V
1

CVE-2021-34450

Windows Hyper-V Remote Code Execution Vulnerability

Critical

5/5 - Hyper-V is crucial for running virtual machines on Windows-based servers. The fix is in your normal monthly updates for July.

Role: Hyper-V
2

CVE-2021-33758
CVE-2021-33755

Windows Hyper-V Denial of Service Vulnerability

Important

4/5 - This fix is located in your July monthly updates.

Visual Studio Code
3

CVE-2021-34529
CVE-2021-34528
CVE-2021-34479

Visual Studio Code Remote Code Execution Vulnerability

Microsoft Visual Studio Spoofing Vulnerability

Important

3/5 - If you use Visual Studio Code, a new release is available here: https://code.visualstudio.com/Download

Visual Studio Code - .NET Runtime
1

CVE-2021-34477

Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability

Important

3/5 - If you use the .NET Runtime with Visual Studio Code, then I would encourage this being updated as it won't be automatically done via Windows Update.

Windows Active Directory
1

CVE-2021-33781

Active Directory Security Feature Bypass Vulnerability

Important

4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability.

Windows Address Book
1

CVE-2021-34504

Windows Address Book Remote Code Execution Vulnerability

Important

4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability.

Windows AF_UNIX Socket Provider
1

CVE-2021-33785

Windows AF_UNIX Socket Provider Denial of Service Vulnerability

Important

4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability.

Windows AppContainer
1

CVE-2021-34459

Windows AppContainer Elevation Of Privilege Vulnerability

Important

4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability.

Windows AppX Deployment Extensions
1

CVE-2021-34462

Windows AppX Deployment Extensions Elevation of Privilege Vulnerability

Important

4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability.

Windows Authenticode
1

CVE-2021-33782

Windows Authenticode Spoofing Vulnerability

Important

4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability.

Windows Cloud Files Mini Filter Driver
1

CVE-2021-33784

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Important

4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability.

Windows Console Driver
1

CVE-2021-34488

Windows Console Driver Elevation of Privilege Vulnerability

Important

4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability.

Windows Defender
2

CVE-2021-34522
CVE-2021-34464

Microsoft Defender Remote Code Execution Vulnerability

Critical

4/5 - Microsoft Defender will automatically update from Microsoft unless disabled.

Windows Desktop Bridge
1

CVE-2021-33759

Windows Desktop Bridge Elevation of Privilege Vulnerability

Important

4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability.

Windows Event Tracing
1

CVE-2021-33774

Windows Event Tracing Elevation of Privilege Vulnerability

Important

4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability.

Windows File History Service
1

CVE-2021-34455

Windows File History Service Elevation of Privilege Vulnerability

Important

4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability.

Windows Hello
1

CVE-2021-34466

Windows Hello Security Feature Bypass Vulnerability

Important

4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability.

Windows HTML Platform
1

CVE-2021-34446

Windows HTML Platforms Security Feature Bypass Vulnerability

Important

4/5 - This vulnerability affects a number of Windows-based operating systems. Legacy operating systems may require extended support for updates to be applied.

Windows Installer
3

CVE-2021-33765
CVE-2021-34511
CVE-2021-31961

Windows Installer Spoofing Vulnerability

Windows Installer Elevation of Privilege Vulnerability

Windows InstallService Elevation of Privilege Vulnerability

Important

4/5 - This vulnerability affects a number of Windows-based operating systems. Legacy operating systems may require extended support for updates to be applied.

Windows Kernel
1

CVE-2021-34458

Windows Kernel Remote Code Execution Vulnerability

Critical

5/5 - Flagged as critical, although less likely to be exploited the exposure level if exploited is high. The fix is located in monthly patching.

Windows Kernel
6

CVE-2021-34461
CVE-2021-34508
CVE-2021-33771
CVE-2021-31979
CVE-2021-34514
CVE-2021-34500

Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability

Windows Kernel Remote Code Execution Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Memory Information Disclosure Vulnerability

Important

4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability.

Windows Key Distribution Center
1

CVE-2021-33764

Windows Key Distribution Center Information Disclosure Vulnerability

Important

4/5 - This vulnerability affects a number of Windows-based operating systems. Legacy operating systems may require extended support for updates to be applied.

Windows Local Security Authority Subsystem Service
2

CVE-2021-33788
CVE-2021-33786

Windows LSA Denial of Service Vulnerability

Windows LSA Security Feature Bypass Vulnerability

Important

4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability.

Windows MSHTML Platform
1

CVE-2021-34497

Windows MSHTML Platform Remote Code Execution Vulnerability

Critical

4/5 - Flagged as critical, it's worth applying this sooner rather than later, but again like the others it's contained in the monthly patching.

Windows MSHTML Platform
1

CVE-2021-34447

Windows MSHTML Platform Remote Code Execution Vulnerability

Important

4/5 - User interaction is required on for this exploit. The fix is contained in the normal monthly patching for July.

Windows Partition Management Driver
1

CVE-2021-34493

Windows Partition Management Driver Elevation of Privilege Vulnerability

Important

3/5 - Exploitation is less likely but risk factor is high. This vulnerability is resolved in July monthly updates.

Windows PFX Encryption
1

CVE-2021-34492

Windows Certificate Spoofing Vulnerability

Important

3/5 - Exploitation is less likely but risk factor is high. This vulnerability is resolved in July monthly updates.

Windows Print Spooler Components
1

CVE-2021-34527

Windows Print Spooler Remote Code Execution Vulnerability

Critical

5/5 - Probably the most key to this patching cycle, this vulnerability also know as Print Nightmare has now had a fix produced. It was out of bands, but this has now been included in the July monthly updates.

Windows Projected File System
1

CVE-2021-33743

Windows Projected File System Elevation of Privilege Vulnerability

Important

4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability.

Windows Remote Access Connection Manager
6

CVE-2021-34457
CVE-2021-33761
CVE-2021-33773
CVE-2021-33763
CVE-2021-34445
CVE-2021-34456

Windows Remote Access Connection Manager Information Disclosure Vulnerability

Important

4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability.

Windows Remote Assistance
1

CVE-2021-34507

Windows Remote Assistance Information Disclosure Vulnerability

Important

4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability.

Windows Secure Kernel Mode
1

CVE-2021-33744

Windows Secure Kernel Mode Security Feature Bypass Vulnerability

Important

4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability.

Windows Security Account Manager
1

CVE-2021-33757

Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability

Important

4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability.

Windows Shell
1

CVE-2021-34454

Windows Remote Access Connection Manager Information Disclosure Vulnerability

Important

4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability.

Windows SMB
1

CVE-2021-33783

Windows SMB Information Disclosure Vulnerability

Important

4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability.

Windows Storage Spaces Controller
6

CVE-2021-33751
CVE-2021-34460
CVE-2021-34509
CVE-2021-34510
CVE-2021-34512
CVE-2021-34513

Storage Spaces Controller Elevation of Privilege Vulnerability

Storage Spaces Controller Information Disclosure Vulnerability

Important

4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability.

Windows TCP/IP
3

CVE-2021-31183
CVE-2021-33772
CVE-2021-34490

Windows TCP/IP Driver Denial of Service Vulnerability

Important

4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability.

Windows Win32K
3

CVE-2021-34449
CVE-2021-34516
CVE-2021-34491

Win32k Elevation of Privilege Vulnerability

Win32k Information Disclosure Vulnerability

Important

4/5 - This fix is located in your July monthly updates. Normal monthly updates will take care of closing this vulnerability.

 

Hope this table with helpful!