[SANS ISC] Microsoft July 2021 Patch Tuesday, (Tue, Jul 13th)

This month we got patches for 117 vulnerabilities. Of these, 13 are critical, 6 were previously disclosed and 4 are being exploited according to Microsoft.

The known Printnightmare vulnerability (CVE-2021-34527) is one of the 4 exploited. Microsoft released an out of bound emergency security fix for it (KB5004945) on July 6 but it  is worth stressing the importance of applying this update. Remember to confirm if the PointAndPrint Windows registry is set to zero as well. Please, refer to the security advisory and a diary from Johannes detailing the vulnerability. 

The other 3 exploited vulnerabilities comprises two elevation of privilege affecting Windows Kernel (CVE-2021-31979 and CVE-2021-33771) and a remote code execution (RCE) affecing Windows Scripting Engine.

About the previously disclosed vulnerabilities, it’s worth mentioning two affecting Microsoft Exchange Server. One RCE (CVE-2021-34473) associated to a CVSS of 9.1 – the highest this month – and an elevation of privilege vulnerability (CVE-2021-34523) witn a CVSS of 9.0. 

See my dashboard for a more detailed breakout: https://patchtuesdaydashboard.com/

Description

CVE
Disclosed
Exploited
Exploitability (old versions)
current version
Severity
CVSS Base (AVG)
CVSS Temporal (AVG)

Active Directory Security Feature Bypass Vulnerability

%%cve:2021-33781%%
Yes
No
Less Likely
Less Likely
Important
8.1
7.1

Bowser.sys Denial of Service Vulnerability

%%cve:2021-34476%%
No
No
Less Likely
Less Likely
Important
7.5
6.5

DirectWrite Remote Code Execution Vulnerability

%%cve:2021-34489%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Dynamics Business Central Remote Code Execution Vulnerability

%%cve:2021-34474%%
No
No
Less Likely
Less Likely
Critical
8.0
7.0

GDI+ Information Disclosure Vulnerability

%%cve:2021-34440%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

HEVC Video Extensions Remote Code Execution Vulnerability

%%cve:2021-31947%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-33775%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-33776%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-33777%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-33778%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Media Foundation Information Disclosure Vulnerability

%%cve:2021-33760%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

Microsoft Bing Search Spoofing Vulnerability

%%cve:2021-33753%%
No
No
Less Likely
Less Likely
Important
4.7
4.1

Microsoft Defender Remote Code Execution Vulnerability

%%cve:2021-34464%%
No
No
Less Likely
Less Likely
Critical
7.8
6.8

%%cve:2021-34522%%
No
No
Less Likely
Less Likely
Critical
7.8
6.8

Microsoft Excel Remote Code Execution Vulnerability

%%cve:2021-34501%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-34518%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Microsoft Exchange Information Disclosure Vulnerability

%%cve:2021-33766%%
No
No
Less Likely
Less Likely
Important
7.3
6.4

Microsoft Exchange Server Elevation of Privilege Vulnerability

%%cve:2021-34523%%
Yes
No
Less Likely
Less Likely
Important
9.0
7.8

%%cve:2021-33768%%
No
No
Less Likely
Less Likely
Important
8.0
7.0

%%cve:2021-34470%%
No
No
Less Likely
Less Likely
Important
8.0
7.0

Microsoft Exchange Server Remote Code Execution Vulnerability

%%cve:2021-31196%%
No
No
Less Likely
Less Likely
Important
7.2
6.3

%%cve:2021-31206%%
No
No
Less Likely
Less Likely
Important
7.6
7.1

%%cve:2021-34473%%
Yes
No
More Likely
More Likely
Critical
9.1
7.9

Microsoft Office Online Server Spoofing Vulnerability

%%cve:2021-34451%%
No
No
Less Likely
Less Likely
Important
5.3
4.6

Microsoft Office Security Feature Bypass Vulnerability

%%cve:2021-34469%%
No
No
Less Likely
Less Likely
Important
8.2
7.1

Microsoft SharePoint Server Information Disclosure Vulnerability

%%cve:2021-34519%%
No
No
Less Likely
Less Likely
Moderate
5.3
4.8

Microsoft SharePoint Server Remote Code Execution Vulnerability

%%cve:2021-34467%%
No
No
More Likely
More Likely
Important
7.1
6.2

%%cve:2021-34468%%
No
No
More Likely
More Likely
Important
7.1
6.2

%%cve:2021-34520%%
No
No
More Likely
More Likely
Important
8.1
7.1

Microsoft SharePoint Server Spoofing Vulnerability

%%cve:2021-34517%%
No
No
Less Likely
Less Likely
Important
5.3
4.6

Microsoft Visual Studio Spoofing Vulnerability

%%cve:2021-34479%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Microsoft Windows Media Foundation Remote Code Execution Vulnerability

%%cve:2021-34441%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-34439%%
No
No
Less Likely
Less Likely
Critical
7.8
6.8

%%cve:2021-34503%%
No
No
Less Likely
Less Likely
Critical
7.8
6.8

Microsoft Word Remote Code Execution Vulnerability

%%cve:2021-34452%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Open Enclave SDK Elevation of Privilege Vulnerability

%%cve:2021-33767%%
No
No
Less Likely
Less Likely
Important
8.2
7.1

Power BI Remote Code Execution Vulnerability

%%cve:2021-31984%%
No
No
Less Likely
Less Likely
Important
7.6
6.6

Raw Image Extension Remote Code Execution Vulnerability

%%cve:2021-34521%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Scripting Engine Memory Corruption Vulnerability

%%cve:2021-34448%%
No
Yes
Detected
Detected
Critical
6.8
6.3

Storage Spaces Controller Elevation of Privilege Vulnerability

%%cve:2021-33751%%
No
No
Less Likely
Less Likely
Important
7.0
6.1

%%cve:2021-34460%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-34510%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-34512%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-34513%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Storage Spaces Controller Information Disclosure Vulnerability

%%cve:2021-34509%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability

%%cve:2021-34477%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Visual Studio Code Remote Code Execution Vulnerability

%%cve:2021-34528%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-34529%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Win32k Elevation of Privilege Vulnerability

%%cve:2021-34449%%
No
No
More Likely
More Likely
Important
7.0
6.1

%%cve:2021-34516%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Win32k Information Disclosure Vulnerability

%%cve:2021-34491%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

Windows ADFS Security Feature Bypass Vulnerability

%%cve:2021-33779%%
Yes
No
Less Likely
Less Likely
Important
8.1
7.1

Windows AF_UNIX Socket Provider Denial of Service Vulnerability

%%cve:2021-33785%%
No
No
Less Likely
Less Likely
Important
7.5
6.5

Windows Address Book Remote Code Execution Vulnerability

%%cve:2021-34504%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows AppContainer Elevation Of Privilege Vulnerability

%%cve:2021-34459%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows AppX Deployment Extensions Elevation of Privilege Vulnerability

%%cve:2021-34462%%
No
No
Less Likely
Less Likely
Important
7.0
6.1

Windows Authenticode Spoofing Vulnerability

%%cve:2021-33782%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

Windows Certificate Spoofing Vulnerability

%%cve:2021-34492%%
Yes
No
Less Likely
Less Likely
Important
8.1
7.1

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

%%cve:2021-33784%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows Console Driver Elevation of Privilege Vulnerability

%%cve:2021-34488%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability

%%cve:2021-34461%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows DNS Server Denial of Service Vulnerability

%%cve:2021-34442%%
No
No
Less Likely
Less Likely
Important
7.5
6.5

%%cve:2021-34444%%
No
No
Less Likely
Less Likely
Important
6.5
5.7

%%cve:2021-34499%%
No
No
Less Likely
Less Likely
Important
6.5
5.7

%%cve:2021-33745%%
No
No
Less Likely
Less Likely
Important
6.5
5.7

Windows DNS Server Remote Code Execution Vulnerability

%%cve:2021-33780%%
No
No
More Likely
More Likely
Important
8.8
7.7

%%cve:2021-34494%%
No
No
Less Likely
Less Likely
Critical
8.8
7.7

%%cve:2021-33746%%
No
No
Less Likely
Less Likely
Important
8.0
7.0

%%cve:2021-33754%%
No
No
Less Likely
Less Likely
Important
8.0
7.0

%%cve:2021-34525%%
No
No
Less Likely
Less Likely
Important
8.8
7.7

Windows DNS Snap-in Remote Code Execution Vulnerability

%%cve:2021-33749%%
No
No
Less Likely
Less Likely
Important
8.8
7.7

%%cve:2021-33750%%
No
No
Less Likely
Less Likely
Important
8.8
7.7

%%cve:2021-33752%%
No
No
Less Likely
Less Likely
Important
8.8
7.7

%%cve:2021-33756%%
No
No
Less Likely
Less Likely
Important
8.8
7.7

Windows Desktop Bridge Elevation of Privilege Vulnerability

%%cve:2021-33759%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows Event Tracing Elevation of Privilege Vulnerability

%%cve:2021-33774%%
No
No
Less Likely
Less Likely
Important
7.0
6.1

Windows File History Service Elevation of Privilege Vulnerability

%%cve:2021-34455%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows Font Driver Host Remote Code Execution Vulnerability

%%cve:2021-34438%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows GDI Elevation of Privilege Vulnerability

%%cve:2021-34498%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows GDI Information Disclosure Vulnerability

%%cve:2021-34496%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

Windows HTML Platforms Security Feature Bypass Vulnerability

%%cve:2021-34446%%
No
No
Less Likely
Less Likely
Important
8.0
7.0

Windows Hello Security Feature Bypass Vulnerability

%%cve:2021-34466%%
No
No
Less Likely
Less Likely
Important
5.7
5.0

Windows Hyper-V Denial of Service Vulnerability

%%cve:2021-33755%%
No
No
Less Likely
Less Likely
Important
6.3
5.5

%%cve:2021-33758%%
No
No
Less Likely
Less Likely
Important
7.7
6.7

Windows Hyper-V Remote Code Execution Vulnerability

%%cve:2021-34450%%
No
No
Less Likely
Less Likely
Critical
8.5
7.4

Windows InstallService Elevation of Privilege Vulnerability

%%cve:2021-31961%%
No
No
Less Likely
Less Likely
Important
6.1
5.3

Windows Installer Elevation of Privilege Vulnerability

%%cve:2021-34511%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows Installer Spoofing Vulnerability

%%cve:2021-33765%%
No
No
Less Likely
Less Likely
Important
6.2
5.4

Windows Kernel Elevation of Privilege Vulnerability

%%cve:2021-33771%%
No
Yes
Detected
Detected
Important
7.8
7.2

%%cve:2021-31979%%
No
Yes
Detected
Detected
Important
7.8
7.2

%%cve:2021-34514%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows Kernel Memory Information Disclosure Vulnerability

%%cve:2021-34500%%
No
No
Less Likely
Less Likely
Important
6.3
5.5

Windows Kernel Remote Code Execution Vulnerability

%%cve:2021-34458%%
No
No
Less Likely
Less Likely
Critical
9.9
8.6

%%cve:2021-34508%%
No
No
Less Likely
Less Likely
Important
8.8
7.7

Windows Key Distribution Center Information Disclosure Vulnerability

%%cve:2021-33764%%
No
No
Less Likely
Less Likely
Important
5.9
5.2

Windows LSA Denial of Service Vulnerability

%%cve:2021-33788%%
No
No
Less Likely
Less Likely
Important
7.5
6.5

Windows LSA Security Feature Bypass Vulnerability

%%cve:2021-33786%%
No
No
Less Likely
Less Likely
Important
8.1
7.1

Windows MSHTML Platform Remote Code Execution Vulnerability

%%cve:2021-34447%%
No
No
Less Likely
Less Likely
Important
6.8
5.9

%%cve:2021-34497%%
No
No
Less Likely
Less Likely
Critical
6.8
5.9

Windows Media Remote Code Execution Vulnerability

%%cve:2021-33740%%
No
No
Less Likely
Less Likely
Critical
7.8
6.8

Windows Partition Management Driver Elevation of Privilege Vulnerability

%%cve:2021-34493%%
No
No
Less Likely
Less Likely
Important
6.7
5.8

Windows Print Spooler Remote Code Execution Vulnerability

%%cve:2021-34527%%
Yes
Yes
Detected
Detected
Critical
8.8
8.2

Windows Projected File System Elevation of Privilege Vulnerability

%%cve:2021-33743%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

%%cve:2021-33761%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-33773%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-34445%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-34456%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows Remote Access Connection Manager Information Disclosure Vulnerability

%%cve:2021-33763%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

%%cve:2021-34454%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

%%cve:2021-34457%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

Windows Remote Assistance Information Disclosure Vulnerability

%%cve:2021-34507%%
No
No
Less Likely
Less Likely
Important
6.5
5.7

Windows SMB Information Disclosure Vulnerability

%%cve:2021-33783%%
No
No
Less Likely
Less Likely
Important
6.5
5.7

Windows Secure Kernel Mode Security Feature Bypass Vulnerability

%%cve:2021-33744%%
No
No
Less Likely
Less Likely
Important
5.3
4.6

Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability

%%cve:2021-33757%%
No
No
Less Likely
Less Likely
Important
5.3
4.6

Windows TCP/IP Driver Denial of Service Vulnerability

%%cve:2021-31183%%
No
No
Less Likely
Less Likely
Important
7.5
6.5

%%cve:2021-33772%%
No
No
Less Likely
Less Likely
Important
7.5
6.5

%%cve:2021-34490%%
No
No
Less Likely
Less Likely
Important
7.5
6.5

 


Renato Marinho
Morphus Labs| LinkedIn|Twitter

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Source: Read More (SANS Internet Storm Center, InfoCON: green)

You might be interested in …

[ESET] In Memoriam: John McAfee

All posts, ESET feed

What was it like to work for, and be friends with, the larger-than-life technology entrepreneur back when he helped shape the computer security industry? The post In Memoriam: John McAfee appeared first on WeLiveSecurity Source: Read More (WeLiveSecurity)

Read More

[HackerNews] Latest Report Uncovers Supply Chain Attacks by North Korean Hackers

All posts, HackerNews

Lazarus Group, the advanced persistent threat (APT) group attributed to the North Korean government, has been observed waging two separate supply chain attack campaigns as a means to gain a foothold into corporate networks and target a wide range of downstream entities. The latest intelligence-gathering operation involved the use of MATA malware framework as well […]

Read More

[HackerNews] Apple Issues Urgent Patches for 2 Zero-Day Flaws Exploited in the Wild

All posts, HackerNews

Apple on Monday shipped out-of-band security patches to address two zero-day vulnerabilities in iOS 12.5.3 that it says are being actively exploited in the wild. <!–adsense–> The latest update, iOS 12.5.4, comes with three security fixes, including a memory corruption issue in the ASN.1 decoder (CVE-2021-30737) and two flaws concerning the WebKit browser engine that could be abused […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.