fb
Homepage 5 Blog 5 July 2021: Microsoft Patch Tuesday Review

July 2021: Microsoft Patch Tuesday Review

Manage remote endpoints, deploy software and patches with a robust cloud-based Action1 RMM solution. Start your 2-week trial or use free forever for up to 50 endpoints.



Microsoft released fixes for 117 flaws in this July’s Patch Tuesday. Of the 117 vulnerabilities, 13 were marked as Critical, 103 Important, and 1 Moderate; nine were zero-day vulnerabilities, four of which were actively exploited before the patch release. The bugs included the usual blend of RCE, DOS, information disclosure, EoP, spoofing, and security bypass vulnerabilities across Microsoft’s suite of products. The volume of the latest patch release exceeds the combined totals from the last two months, and it’s the second time this year that Microsoft has packed more than 100 fixes in one Patch Tuesday batch.

Besides the triple-digit figure, here are other interesting highlights from this month’s Patch Tuesday:

Nine Zero-Day Vulnerabilities Fixed

CVE-2021-34448 – Scripting Engine Memory Corruption Vulnerability

CVE-2021-34448 was listed under active exploit. The flaw could allow an attacker to execute code on a vulnerable system if the user browsed a specially crated website. Since the attacker has to entice a victim into visiting a malicious site, Microsoft regards the exploit as highly complex, giving it a moderate severity score of only CVSSv3 6.8.

CVE-2021-34527 – PrintNightmare

Earlier this month, Microsoft releases an Out-of-Band patch to fix this CVE following multiple proof-of-concept reports from research communities. The flaw could allow remote exploits when printing capabilities were exposed online. On July 1, Microsoft released an advisory in response to public reports about CVE-2021-1675, a similar bug on Windows Print Spooler. Microsoft updated this advisory about a week later to clear up confusion over the two CVEs and released patches for various Windows versions to address CVE-2021-34527 (nicknamed PrintNightmare).

Although there were many reports that the emergency patch was incomplete and ineffective, Microsoft insisted that it worked fine, but only if registry keys had the right values. Some system admins went as far as disabling Windows Print Spooler service on non-printing workstations and all servers. Hopefully, the new patch does the trick, but it’s still wise to err on the side of caution with this one.

Two more zero-day Windows Kernel EoP Vulnerabilities, CVE-2021-31979 and CVE-2021-33771, were also actively exploited but not publicly disclosed before this patch rollout. Another five zero-day vulnerabilities were publicly disclosed:

  • CVE-2021-33781 – AD Security Feature Bypass Vulnerability
  • CVE-2021-34473 – Microsoft Exchange Server RCE Vulnerability
  • CVE-2021-33779 – Windows ADFS flaw
  • CVE-2021-34492 – Windows Certificate Spoofing bug
  • CVE-2021-34523 – Microsoft Exchange Server EoP Vulnerability

Other Notable Vulnerabilities Patched Today

CVE-2021-34458 – Windows Kernel RCE Vulnerability

This rare RCE bug affects host virtual machines (VMs) running the single-root input/output virtualization (SR-IOV) configuration. The SR-IOV configuration adds more virtualization definitions to a hosted PCI bus, enabling multiple VMs to share common PCI hardware. CVE-2021-34458 scores a Critical 9.9 CVSSv3 rating.

5 Windows DNS Server RCE Vulnerabilities

CVE-2021-33746 and CVE-2021-33754 have a CVSSv3 score of 8.0, while CVE-2021-33780, CVE-2021-34494, and CVE-2021-34525 score an 8.8 CVSSv3. A hacker would require a low-privilege account to send crafted DNS requests to a vulnerable DNS server to exploit these flaws.

Microsoft Defender RCE Vulnerabilities

CVE-2021-34464 and CVE-2021-34522 are remote code execution vulnerabilities in Microsoft Defender’s Malware Protection Engine. They both score 7.8 on the CVSSv3 severity scale, but Microsoft says exploits based on these two vulnerabilities are less likely. However, any bugs affecting Windows Defender are worth noting and patching.

CVE-2021-34450 – Windows Hyper-V Remote Code Execution Vulnerability

This vulnerability could allow a guest-authenticated attacker to send arbitrary code execution requests to the host machine in a VM environment. But despite the Critical 8.5 CVSSv3, Microsoft says the exploit is “less likely.”

Microsoft Exchange Server EoP Trio

In addition to CVE-2021-34523, CVE-2021-33768 and CVE-2021-34470 are two more elevation of privilege vulnerabilities in the Microsoft Exchange Server. According to Microsoft’s CVE exploitability assessment, all three vulnerabilities are less likely to be exploited in active attacks. An attacker would first have to establish a presence on a vulnerable server before elevating their privilege. Microsoft already patched similar bugs in Windows Exchange Server earlier this year in April.

Microsoft thanked security researchers from Fortinet’s FortiGuard Lab, Google Security, ZDI, and Checkmarx, among other organizations and contributors, for helping to identify many of the now patched bugs in Windows systems.

Read the complete guide to this month’s Patch Tuesday updates in Microsoft’s release notes. And as usual, after every Patch Tuesday, make sure you check and install all the relevant updates on your Windows machines. Until the next updates and patches, stay safe.

Never Miss Updates with Action1 Cloud Patch Management Solutions

New patches and features updates present opportunities to improve your IT performance and safeguard your digital assets against internal and external threats. It’s up to you to ensure that these patches are installed correctly and promptly to avoid compromising your IT security posture and efficiency.

With the Action1 cloud-based patch management solution, you never have to worry about patches or other updates on your Windows systems. Action1 enables automated patching on Windows OS and features while allowing real-time control and visibility into the updates already installed and those that are missing. Our patch manager reinforces your endpoint security by automatically scanning and deploying all the necessary Windows updates as soon as they’re released.

Sign up for Action1 free trial today and sample the freedom, peace of mind, convenience, and reassurance of protecting your software infrastructure using the most robust and dependable automated patch management solution.

July 15, 2021

Related Articles

MSP Pricing Models Guide: Achieving MSP Profitability in 2021

MSP Pricing Models Guide: Achieving MSP Profitability in 2021

Managed IT services is one of the fastest-growing and most lucrative sectors of the business tech industry. The global IT services market is on track to hit $1.1 trillion by 2026, registering an 8.02 CAGR between 2021 and 2026. Although the managed IT market is...

Sure Strategies and Ways to Prevent Cyber Attacks

Sure Strategies and Ways to Prevent Cyber Attacks

Cybercriminals have been leveraging the latest in technology to plan and execute sophisticated cyberattacks. They use artificial intelligence, the Internet of things (IoT), bots, etc., to execute malware installations, ransomware infections, man-in-the-middle (MITM)...

About Action1 RMM

Action1 RMM is a cloud-based IT solution for remote monitoring and management, patching, and remote support.

Start your free two-week trial of Action1, or use RMM tools for free forever on 50 endpoints with no functionality limitations!



0 Comments

Submit a Comment

Your email address will not be published.

cloud patch management solutions action1

MSP Solution

Centralize endpoint management and boost efficiency of IT service delivery.

automated server patch management action compliance

Patch Management

Identify and deploy missing OS and third-party software updates.

cloud software deployment tools windows

Software Deployment

Distribute software and updates across managed endpoints.

software distribution tools software inventory action1

IT Asset Inventory

Keep a detailed inventory and manage hardware and software assets.

web client remote desktop

Remote Desktop

Support users via seamless remote desktop connection.

web based rdp client

Unattended Access

Provide administrative support and manage remote devices.

automated patch management action1

Endpoint Management

Run PowerShell, custom scripts, reboot computers and restart services.

API integrations action1

RESTful API

Integrate Action1 RMM to your IT ecosystem.

computer inventory tool for compliance

Reports and Alerts

Conduct endpoint security audits with comprehensive reporting.