Action1 5 Blog 5 August 2021 Patch Tuesday Patch Review: 44 Flaws And 3 Zero-Days Fixed

August 2021 Patch Tuesday Patch Review: 44 Flaws And 3 Zero-Days Fixed

August 11, 2021

By Peter Barnett

Today’s Microsoft Patch Tuesday list includes fixes for a total of 44 vulnerabilities. Seven of these were rated Critical, and the rest marked Important. This month’s patch release also addresses three zero-day vulnerabilities. Let’s look at some of the most prominent patches released today and their corresponding vulnerabilities:

Three Zero-Day Vulnerabilities

Among the three zero-day vulnerabilities, only CVE-2021-36948 was reported to have been exploited in the wild, although Microsoft does not explain how. The other two, CVE-2021-36942 and CVE-2021-36936, were publicly disclosed but not actively exploited.

CVE-2021-36948 Windows Update Medic Service EPV

This vulnerability affects WaaSMedicSVC.exe, a Windows 10 feature that repairs damaged components in the Windows Update processes, paving the way for future updates. The flaw was reported internally by the Microsoft Threat Intelligent Center and Microsoft Security Response Center, hence the secrecy around its exploit in the wild. Microsoft labeled the CVE Important with a 7.8 CVSSv3 score.

CVE-2021-36942 Windows LSA Spoofing Vulnerability

CVE-2021-36942 could allow an attacker using New Technology Lan Manager (NTLM) to get a domain controller to authenticate with another server. Last month, Microsoft sent out an advisory relating to the LSA spoofing vulnerability, urging users to protect Windows domain controllers against NTLM Relay Attacks on Active Directory Certificate Services (AD CS), otherwise known as the PetitPotam attacks.

The PetitPotam code could allow an attacker to send requests to a remote system via MS-EFSRPC functions to coerce the victim computer into triggering authentication procedures and sharing authentication information. A French security researcher discovered the issue in July and published its proof-of-concept on GitHub.

CVE-2021-36942 has a 7.5 CVSSv3 score, which goes up to 9.8 when combined with an NTLM Relay Attack. Microsoft recommends prioritizing this patch and taking further action to mitigate the risk.

CVE-2021-36936 Windows Print Spooler Remote Code Execution Vulnerability

This is yet another publicly disclosed security bug on Windows Print Spooler. CVE-2021-36936 is a separate flaw from the EoP revealed last month and the PrintNightmare RCE Microsoft partially fixed in the last Patch Tuesday. Another Print Spooler RCE vulnerability, CVE-2021-36947, was also included in this month’s Patch Tuesday issues. But CVE-2021-36947 was not publicly disclosed or exploited before the patch release. Both CVEs score an 8.2 CVSSv3 and are rated “Exploitation More Likely.”

Other Notable Patches and Vulnerabilities

The zero-day trio stole the spotlight in this month’s Microsoft Windows Patch Tuesday. But even so, there are still other critical vulnerabilities at a high risk of exploitation, including:

  • CVE-2021-34480 Scripting Engine memory corruption vulnerability: Through this flaw, an attacker could potentially write code to memory outside the context of the script engine.
  • CVE-2021-34535 Remote Desktop Client RCE: Although the flaw is probably not workable, it has an 8.8 severity score and is more likely to be exploited.
  • CVE-2021-26424 Windows TCP/IP RCE Vulnerability: This has a 9.9 CVSSv3 score, and an exploit is more likely. In February, Microsoft patched two equally severe CVEs, CVE-2021-24074 and CVE-2021-24094, but provides no exploitation context on CVE-2021-26424.

Read Microsoft’s Patch Tuesday release notes to get more information about this month’s windows security patch Tuesday, including updating guidance and a complete list of the patches released today.

In addition to Microsoft security updates, this Patch Tuesday also saw Windows 10 KB5005033 & KB5005031 cumulative updates. The Windows 10 update includes this Patch Tuesday’s security fixes and other important improvements. Learn more about these here.

Make sure to patch every vulnerable Windows system as soon as possible. And keep in mind that some fixes may require additional system reconfiguration and workarounds to be effective. The next patch Tuesday falls on September 14. Until then, stay tuned for more Microsoft Patch Tuesday news.

Solve All You Microsoft Patch Tuesday Problems with Action1

Microsoft rolls out dozens of patches on the second Tuesday of every month. And there might even be a couple of out-of-band patch releases in between subsequent Patch Tuesdays. Keeping up with these patches and applying them correctly to multiple systems is tedious, time-consuming work.

But there is an easier and faster way to manage Windows patches and updates with Automated Patch Management. Action1 automatically tracks and installs Windows patches across multiple local and remote endpoints as soon as new updates become available. Try Action1 RMM for free and sample this extraordinary patching freedom and simplicity.

See What You Can Do with Action1 RMM

 

Join our weekly LIVE webinar “Patching and remote management” to learn more

about Action1 RMM features and use cases for your IT needs.

 

Related Posts

6-Step Patch Management Process

Patch management is often a complicated process because many organizations use proprietary software. The lack of enough staff members and strict legal requirements also...

read more