Today is actually Microsoft’s August 2021 Patch Tuesday, and also from it happens fixes for 3 zero-day susceptibilities and also a total amount of 44 flaws, therefore satisfy behave to your Windows admins as they scurry to put in spots.
Microsoft has actually dealt with 44 susceptibilities (51 featuring Microsoft Edge) along with today’s improve, along with 7 categorized as Critical and also 37 as Important.
Of the 44 susceptibilities, thirteen are actually remote control code completion, 8 are actually relevant information declaration, pair of are actually rejection of solution, and also 4 are actually spoofing susceptibilities.
For relevant information regarding the non-security Windows updates, you may review today’s Windows 10 KB5005033 & & KB5005031 increasing updates.
Microsoft fixes Print Nightmare and also PetitPotam strikes
Microsoft has actually launched safety updates for pair of excitedly foreseed zero-day susceptibilities that were actually found over recent month.
One of the safety updates fixes the Print Nightmare susceptibilities that permit hazard stars to obtain SYSTEM degree advantages just through attaching to a remote control printing hosting server under their management.
Microsoft has actually repaired this weakness through demanding customers possess managerial advantages to put in ink-jet printer vehicle drivers making use of the Point and also Print Windows component.
You may locate a lot more thorough relevant information regarding the Print Nightmare weakness and also the Point and also Print reliefs in a committed short article posted today.
Microsoft likewise dealt with the PetitPotam NTLM relay assault angle that makes use of the MS-EFSRPC API to push a gadget to bargain along with a remote control relay hosting server under an assailant’s management.
A danger star along with reduced advantages can utilize this assault to consume a domain name operator and also hence the whole Windows domain name.
Three zero-days dealt with, along with one definitely made use of
August’s Patch Tuesday consists of 3 zero-day susceptibilities, along with one definitely made use of in bush.
Microsoft categorizes a weakness as a zero-day if it is actually openly divulged or even definitely made use of without any formal safety updates or even launched.
The pair of openly divulged, yet certainly not definitely made use of, zero-day susceptibilities are actually:
The CVE-2021 -36942 weakness is actually linked with the PetitPotam NTLM relay assault angle that makes it possible for the consume of domain name operators.
Finally, one definitely made use of altitude of advantages weakness was actually found due to the Microsoft Security Response Center (MSRC) and also Microsoft Threat Intelligence Center (MSTIC).
- CVE-2021-36948 – Windows Update Medic Service Elevation of Privilege Vulnerability
It is actually not known exactly how hazard stars utilized this weakness in strikes right now.
Recent updates coming from various other business
Other sellers that launched updates in July feature:
The August 2021 Patch Tuesday Security Updates
Below is actually the total listing of addressed susceptibilities and also launched advisories in the August 2021 Patch Tuesday updates. To accessibility the complete summary of each weakness and also the bodies that it has an effect on, you may watch the complete document listed below.
| Tag | CVE I.D. | CVETitle | Severity |
|---|---|---|---|
| INTERNET Core & &Visual Studio | CVE-2021-34485 | INTERNET Core & and alsoVisual Studio Information Disclosure Vulnerability | Important |
| INTERNET Core & &Visual Studio | CVE-2021-26423 | INTERNET Core and also Visual Studio Denial of Service Vulnerability | Important |
| ASP.NET Core & Visual Studio | CVE-2021-34532 | ASP.NET Core and also Visual Studio Information Disclosure Vulnerability | Important |
| Azure | CVE-2021-36943 | Azure CycleCloud Elevation of Privilege Vulnerability | Important |
| Azure | CVE-2021-33762 | Azure CycleCloud Elevation of Privilege Vulnerability | Important |
| Azure Sphere | CVE-2021-26428 | Azure Sphere Information Disclosure Vulnerability | Important |
| Azure Sphere | CVE-2021-26430 | Azure Sphere Denial ofService Vulnerability | Important |
| Azure Sphere | CVE-2021-26429 | Azure Sphere Elevation ofPrivilege Vulnerability | Important |
| Microsoft Azure Active Directory Connect | CVE-2021-36949 | Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability | Important |
| Microsoft Dynamics | CVE-2021-36946 | Microsoft Dynamics Business Central Cross- website Scripting Vulnerability | Important |
| Microsoft Dynamics | CVE-2021-36950 | Microsoft Dynamics 365 (on-premises)Cross- websiteScripting Vulnerability | Important |
| Microsoft Dynamics | CVE-2021-34524 | Microsoft Dynamics 365( on-premises) Remote Code Execution Vulnerability | Important |
| Microsoft Edge (Chromium- located) | CVE-2021-30591 | Chromium: CVE-2021 -30591 Use after cost-free in File System API | Unknown |
| Microsoft Edge (Chromium- located) | CVE-2021-30592 | Chromium: CVE-2021 -30592 Out of bounds fill in Tab Groups | Unknown |
| Microsoft Edge( Chromium- located) | CVE-2021-30597 | Chromium: CVE-2021 -30597 Use after cost-free in Browser UI | Unknown |
| Microsoft Edge(Chromium- located) | (* 44 *) | Chromium: CVE-2021 -30594 Use after cost-free in Page Info UI | Unknown |
| Microsoft Edge( Chromium – located) | CVE-2021-30596 | Chromium: CVE – 2021 -30596 Incorrect safety UI in Navigation | Unknown |
| Microsoft Edge (Chromium – located) | CVE-2021-30590 | Chromium: CVE -2021 -30590 Heap stream spillover inBookmarks | Unknown |
| Microsoft Edge(Chromium – located) | CVE-2021-30593 | Chromium: CVE – 2021 -30593 Out of bounds gone through in Tab Strip | Unknown |
| Microsoft Graphics Component | CVE-2021-34530 | Windows Graphics Component Remote Code Execution Vulnerability | Critical |
| Microsoft Graphics Component | CVE-2021-34533 | Windows Graphics Component Font Parsing Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2021-34478 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2021-36940 | Microsoft Share Point Server Spoofing Vulnerability | Important |
| Microsoft Office Word | CVE-2021-36941 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Scripting Engine | CVE-2021-34480 | Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Windows Codecs Library | CVE-2021-36937 | Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability | Important |
| Remote Desktop Client | CVE-2021-34535 | Remote Desktop Client Remote Code Execution Vulnerability | Critical |
| Windows Bluetooth Service | (*3 *) | Windows Bluetooth Driver Elevation of Privilege Vulnerability | Important |
| Windows Cryptographic Services | CVE-2021-36938 | Windows Cryptographic Primitives Library Information Disclosure Vulnerability | Important |
| Windows Defender | CVE-2021-34471 | Microsoft Windows Defender Elevation ofPrivilege Vulnerability | Important |
| Windows Event Tracing | CVE-2021-34486 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
| Windows Event Tracing | CVE-2021-34487 | Windows Event Tracing Elevation ofPrivilege Vulnerability | Important |
| Windows Event Tracing | CVE-2021-26425 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
| Windows Media | CVE-2021-36927 | Windows Digital TELEVISION Tuner tool enrollment app Elevation ofPrivilege Vulnerability | Important |
| Windows MSHTML Platform | CVE-2021-34534 | Windows MSHTML Platform Remote Code Execution Vulnerability | Critical |
| Windows NTLM | CVE-2021-36942 | Windows LSA Spoofing Vulnerability | Important |
| Windows Print Spooler Components | CVE-2021-34483 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Print Spooler Components | CVE-2021-36947 | Windows Print Spooler Remote Code Execution Vulnerability | Important |
| Windows Print Spooler Components | CVE-2021-36936 | Windows Print Spooler Remote Code Execution Vulnerability | Critical |
| Windows Services for NFS ONCRPC XDR Driver | CVE-2021-36933 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | Important |
| Windows Services for NFS ONCRPC XDR Driver | CVE-2021-26433 | Windows Services for NFS ONCRPC XDRDriver Information Disclosure Vulnerability | Important |
| Windows Services for NFS ONCRPC XDR Driver | CVE-2021-36932 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | Important |
| Windows Services for NFS ONCRPC XDR Driver | CVE-2021-26432 | Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability | Critical |
| Windows Services for NFS ONCRPC XDR Driver | CVE-2021-36926 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | Important |
| Windows Storage Spaces Controller | CVE-2021-34536 | Storage Spaces Controller Elevation of Privilege Vulnerability | Important |
| Windows TCP/IP | CVE-2021-26424 | Windows TCP/IP Remote Code Execution Vulnerability | Critical |
| Windows Update | CVE-2021-36948 | Windows Update Medic Service Elevation of Privilege Vulnerability | Important |
| Windows Update Assistant | CVE-2021-36945 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | Important |
| Windows Update Assistant | CVE-2021-26431 | Windows Recovery Environment Agent Elevation of Privilege Vulnerability | Important |
| Windows User Profile Service | CVE-2021-34484 | Windows User Profile Service Elevation of Privilege Vulnerability | Important |
| Windows User Profile Service | CVE-2021-26426 | Windows User Account Profile Picture Elevation of Privilege Vulnerability | Important |
.
Comments are closed.