fb
Homepage 5 Blog 5 August 2021 Patch Tuesday Patch Review: 44 Flaws And 3 Zero-Days Fixed

August 2021 Patch Tuesday Patch Review: 44 Flaws And 3 Zero-Days Fixed

Manage remote endpoints, deploy software and patches with a robust cloud-based Action1 RMM solution. Start your 2-week trial or use free forever for up to 50 endpoints.



Today’s Microsoft Patch Tuesday list includes fixes for a total of 44 vulnerabilities. Seven of these were rated Critical, and the rest marked Important. This month’s patch release also addresses three zero-day vulnerabilities. Let’s look at some of the most prominent patches released today and their corresponding vulnerabilities:

Three Zero-Day Vulnerabilities

Among the three zero-day vulnerabilities, only CVE-2021-36948 was reported to have been exploited in the wild, although Microsoft does not explain how. The other two, CVE-2021-36942 and CVE-2021-36936, were publicly disclosed but not actively exploited.

CVE-2021-36948 – Windows Update Medic Service EPV

This vulnerability affects WaaSMedicSVC.exe, a Windows 10 feature that repairs damaged components in the Windows Update processes, paving the way for future updates. The flaw was reported internally by the Microsoft Threat Intelligent Center and Microsoft Security Response Center, hence the secrecy around its exploit in the wild. Microsoft labeled the CVE Important with a 7.8 CVSSv3 score.

CVE-2021-36942 – Windows LSA Spoofing Vulnerability

CVE-2021-36942 could allow an attacker using New Technology Lan Manager (NTLM) to get a domain controller to authenticate with another server. Last month, Microsoft sent out an advisory relating to the LSA spoofing vulnerability, urging users to protect Windows domain controllers against NTLM Relay Attacks on Active Directory Certificate Services (AD CS), otherwise known as the PetitPotam attacks.

The PetitPotam code could allow an attacker to send requests to a remote system via MS-EFSRPC functions to coerce the victim computer into triggering authentication procedures and sharing authentication information. A French security researcher discovered the issue in July and published its proof-of-concept on GitHub.

CVE-2021-36942 has a 7.5 CVSSv3 score, which goes up to 9.8 when combined with an NTLM Relay Attack. Microsoft recommends prioritizing this patch and taking further action to mitigate the risk.

CVE-2021-36936 – Windows Print Spooler Remote Code Execution Vulnerability

This is yet another publicly disclosed security bug on Windows Print Spooler. CVE-2021-36936 is a separate flaw from the EoP revealed last month and the PrintNightmare RCE Microsoft partially fixed in the last Patch Tuesday. Another Print Spooler RCE vulnerability, CVE-2021-36947, was also included in this month’s Patch Tuesday issues. But CVE-2021-36947 was not publicly disclosed or exploited before the patch release. Both CVEs score an 8.2 CVSSv3 and are rated “Exploitation More Likely.”

Other Notable Patches and Vulnerabilities

The zero-day trio stole the spotlight in this month’s Microsoft Windows Patch Tuesday. But even so, there are still other critical vulnerabilities at a high risk of exploitation, including:

  • CVE-2021-34480 – Scripting Engine memory corruption vulnerability: Through this flaw, an attacker could potentially write code to memory outside the context of the script engine.
  • CVE-2021-34535 – Remote Desktop Client RCE: Although the flaw is probably not workable, it has an 8.8 severity score and is more likely to be exploited.
  • CVE-2021-26424 – Windows TCP/IP RCE Vulnerability: This has a 9.9 CVSSv3 score, and an exploit is more likely. In February, Microsoft patched two equally severe CVEs, CVE-2021-24074 and CVE-2021-24094, but provides no exploitation context on CVE-2021-26424.

Read Microsoft’s Patch Tuesday release notes to get more information about this month’s windows security patch Tuesday, including updating guidance and a complete list of the patches released today.

In addition to Microsoft security updates, this Patch Tuesday also saw Windows 10 KB5005033 & KB5005031 cumulative updates. The Windows 10 update includes this Patch Tuesday’s security fixes and other important improvements. Learn more about these here.

Make sure to patch every vulnerable Windows system as soon as possible. And keep in mind that some of the fixes may require additional system reconfiguration and workarounds to be effective. The next patch Tuesday falls on September 14. Until then, stay tuned for more Microsoft Patch Tuesday news.

Solve All You Microsoft Patch Tuesday Problems with Action1

Microsoft rolls out dozens of patches on the second Tuesday of every month. And there might even be a couple of out-of-band patch releases in between subsequent Patch Tuesdays. Keeping up with these patches and applying them correctly to multiple systems is tedious, time-consuming work.

But there is an easier and faster way to manage Windows patches and updates – with Automated Patch Management. Action1 automatically tracks and installs Windows patches across multiple local and remote endpoints as soon as new updates become available. Try Action1 RMM for free and sample this extraordinary patching freedom and simplicity.

August 11, 2021

Related Articles

MSP Pricing Models Guide: Achieving MSP Profitability in 2021

MSP Pricing Models Guide: Achieving MSP Profitability in 2021

Managed IT services is one of the fastest-growing and most lucrative sectors of the business tech industry. The global IT services market is on track to hit $1.1 trillion by 2026, registering an 8.02 CAGR between 2021 and 2026. Although the managed IT market is...

Sure Strategies and Ways to Prevent Cyber Attacks

Sure Strategies and Ways to Prevent Cyber Attacks

Cybercriminals have been leveraging the latest in technology to plan and execute sophisticated cyberattacks. They use artificial intelligence, the Internet of things (IoT), bots, etc., to execute malware installations, ransomware infections, man-in-the-middle (MITM)...

About Action1 RMM

Action1 RMM is a cloud-based IT solution for remote monitoring and management, patching, and remote support.

Start your free two-week trial of Action1, or use RMM tools for free forever on 50 endpoints with no functionality limitations!



0 Comments

Submit a Comment

Your email address will not be published.

cloud patch management solutions action1

MSP Solution

Centralize endpoint management and boost efficiency of IT service delivery.

automated server patch management action compliance

Patch Management

Identify and deploy missing OS and third-party software updates.

cloud software deployment tools windows

Software Deployment

Distribute software and updates across managed endpoints.

software distribution tools software inventory action1

IT Asset Inventory

Keep a detailed inventory and manage hardware and software assets.

web client remote desktop

Remote Desktop

Support users via seamless remote desktop connection.

web based rdp client

Unattended Access

Provide administrative support and manage remote devices.

automated patch management action1

Endpoint Management

Run PowerShell, custom scripts, reboot computers and restart services.

API integrations action1

RESTful API

Integrate Action1 RMM to your IT ecosystem.

computer inventory tool for compliance

Reports and Alerts

Conduct endpoint security audits with comprehensive reporting.