[SANS ISC] Microsoft August 2021 Patch Tuesday, (Tue, Aug 10th)

This month we got patches for 51 vulnerabilities. Of these, 7 are critical, 2 were previously disclosed and 1 is being exploited according to Microsoft.

The exploited vulnerability is an elevation of privilege Windows Update Medic Service (CVE-2021-36948). This vulnerability requires no user interaction low privileges and has a low attack complexity. The CVSS v3 for this vulnerability is 7.80.

Among the two previously disclosed vulnerability, there is a remote code execution (RCE) affecting Windows Print Spooler (CVE-2021-36936). This vulnerability may be exploited from network, requires low privileges and no user interaction. Microsoft has released patches to fix this vulnerability on virtually all supported Windows versions and also for the unsupported Windows 7. The CVSS v3 for this vulnerability is 8.80.

The second previously disclosed vulnerability is a spoofing vulnerability affecting Windows LSA (CVE-2021-36942). This vulnerability man be exploited remotely (network), requires no privilege nor user interaction. According the the vulnerability advisory, an unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM. The security update released thsi month by Microsoft blocks the affected API calls (OpenEncryptedFileRawA) and (OpenEncryptedFileRawW) through LSARPC interface. 

Yet about LSA Spoofing vulnerability, despite affecting all Windows Servers, according to Microsoft, Domain Controllers should be prioritazed on updating process. Additionally, there are further actions (KB5005413) users need to take to protect their systems after applying the security update. The CVSS v3 for this vulnerability is 7.5, but, when chained with NTLM Relay attacks on Active Directory Certificate Services (AD CS) is 9.80. 

Finally, the highest CVSS this month (9.90) went to the Windows TCP/IP Remote Code Execution Vulnerability (CVE-2021-26424). According to the vulnerability advisory, this vulnerability may be remotely triggerable by a malicious Hyper-V guest sending an ipv6 ping to the Hyper-V host. An attacker could send a specially crafted TCPIP packet to its host utilizing the TCPIP Protocol Stack (tcpip.sys) to process packets.

See my dashboard for a more detailed breakout: https://patchtuesdaydashboard.com

Description

CVE
Disclosed
Exploited
Exploitability (old versions)
current version
Severity
CVSS Base (AVG)
CVSS Temporal (AVG)

.NET Core and Visual Studio Denial of Service Vulnerability

%%cve:2021-26423%%
No
No
Less Likely
Less Likely
Important
7.5
6.5

.NET Core and Visual Studio Information Disclosure Vulnerability

%%cve:2021-34485%%
No
No
Less Likely
Less Likely
Important
5.0
4.4

ASP.NET Core and Visual Studio Information Disclosure Vulnerability

%%cve:2021-34532%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

Azure CycleCloud Elevation of Privilege Vulnerability

%%cve:2021-33762%%
No
No
Less Likely
Less Likely
Important
7.0
6.1

%%cve:2021-36943%%
No
No
Less Likely
Less Likely
Important
4.0
3.5

Azure Sphere Denial of Service Vulnerability

%%cve:2021-26430%%
No
No
Less Likely
Less Likely
Important
6.0
5.4

Azure Sphere Elevation of Privilege Vulnerability

%%cve:2021-26429%%
No
No
Less Likely
Less Likely
Important
7.7
6.9

Azure Sphere Information Disclosure Vulnerability

%%cve:2021-26428%%
No
No
Less Likely
Less Likely
Important
4.4
4.0

Chromium: CVE-2021-30590 Heap buffer overflow in Bookmarks

%%cve:2021-30590%%
No
No



 
 

Chromium: CVE-2021-30591 Use after free in File System API

%%cve:2021-30591%%
No
No



 
 

Chromium: CVE-2021-30592 Out of bounds write in Tab Groups

%%cve:2021-30592%%
No
No



 
 

Chromium: CVE-2021-30593 Out of bounds read in Tab Strip

%%cve:2021-30593%%
No
No



 
 

Chromium: CVE-2021-30594 Use after free in Page Info UI

%%cve:2021-30594%%
No
No



 
 

Chromium: CVE-2021-30596 Incorrect security UI in Navigation

%%cve:2021-30596%%
No
No



 
 

Chromium: CVE-2021-30597 Use after free in Browser UI

%%cve:2021-30597%%
No
No



 
 

Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability

%%cve:2021-36949%%
No
No
Less Likely
Less Likely
Important
7.1
6.4

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

%%cve:2021-36950%%
No
No
Less Likely
Less Likely
Important
5.4
4.9

Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability

%%cve:2021-34524%%
No
No
Less Likely
Less Likely
Important
8.1
7.1

Microsoft Dynamics Business Central Cross-site Scripting Vulnerability

%%cve:2021-36946%%
No
No
Less Likely
Less Likely
Important
5.4
4.9

Microsoft Office Remote Code Execution Vulnerability

%%cve:2021-34478%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Microsoft SharePoint Server Spoofing Vulnerability

%%cve:2021-36940%%
No
No
Less Likely
Less Likely
Important
7.6
6.6

Microsoft Windows Defender Elevation of Privilege Vulnerability

%%cve:2021-34471%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Microsoft Word Remote Code Execution Vulnerability

%%cve:2021-36941%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Remote Desktop Client Remote Code Execution Vulnerability

%%cve:2021-34535%%
No
No
More Likely
More Likely
Critical
8.8
7.9

Scripting Engine Memory Corruption Vulnerability

%%cve:2021-34480%%
No
No
More Likely
More Likely
Critical
6.8
5.9

Storage Spaces Controller Elevation of Privilege Vulnerability

%%cve:2021-34536%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows 10 Update Assistant Elevation of Privilege Vulnerability

%%cve:2021-36945%%
No
No
Less Likely
Less Likely
Important
7.3
6.4

Windows Bluetooth Driver Elevation of Privilege Vulnerability

%%cve:2021-34537%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows Cryptographic Primitives Library Information Disclosure Vulnerability

%%cve:2021-36938%%
No
No
Unlikely
Unlikely
Important
5.5
4.8

Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability

%%cve:2021-36927%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows Event Tracing Elevation of Privilege Vulnerability

%%cve:2021-34486%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-34487%%
No
No
Less Likely
Less Likely
Important
7.0
6.1

%%cve:2021-26425%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows Graphics Component Font Parsing Remote Code Execution Vulnerability

%%cve:2021-34533%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows Graphics Component Remote Code Execution Vulnerability

%%cve:2021-34530%%
No
No
Less Likely
Less Likely
Critical
7.8
6.8

Windows LSA Spoofing Vulnerability

%%cve:2021-36942%%
Yes
No
More Likely
More Likely
Important
7.5
7.0

Windows MSHTML Platform Remote Code Execution Vulnerability

%%cve:2021-34534%%
No
No
Less Likely
Less Likely
Critical
6.8
5.9

Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability

%%cve:2021-36937%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows Print Spooler Elevation of Privilege Vulnerability

%%cve:2021-34483%%
No
No
Less Likely
Less Likely
Important
7.8
7.2

Windows Print Spooler Remote Code Execution Vulnerability

%%cve:2021-36936%%
Yes
No
More Likely
More Likely
Critical
8.8
8.2

%%cve:2021-36947%%
No
No
More Likely
More Likely
Important
8.8
8.2

Windows Recovery Environment Agent Elevation of Privilege Vulnerability

%%cve:2021-26431%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability

%%cve:2021-26433%%
No
No
Less Likely
Less Likely
Important
7.5
6.5

%%cve:2021-36926%%
No
No
Less Likely
Less Likely
Important
7.5
6.5

%%cve:2021-36932%%
No
No
Less Likely
Less Likely
Important
7.5
6.5

%%cve:2021-36933%%
No
No
Less Likely
Less Likely
Important
7.5
6.5

Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability

%%cve:2021-26432%%
No
No
More Likely
More Likely
Critical
9.8
8.5

Windows TCP/IP Remote Code Execution Vulnerability

%%cve:2021-26424%%
No
No
More Likely
More Likely
Critical
9.9
8.6

Windows Update Medic Service Elevation of Privilege Vulnerability

%%cve:2021-36948%%
No
Yes
Detected
Detected
Important
7.8
7.2

Windows User Account Profile Picture Elevation of Privilege Vulnerability

%%cve:2021-26426%%
No
No
Less Likely
Less Likely
Important
7.0
6.1

Windows User Profile Service Elevation of Privilege Vulnerability

%%cve:2021-34484%%
No
No
Less Likely
Less Likely
Important
7.8
6.8


Renato Marinho
Morphus Labs| LinkedIn|Twitter

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Source: Read More (SANS Internet Storm Center, InfoCON: green)

You might be interested in …

[HackerNews] IndigoZebra APT Hacking Campaign Targets the Afghan Government

All posts, HackerNews

Cybersecurity researchers are warning of ongoing attacks coordinated by a suspected Chinese-speaking threat actor targeting the Afghanistan government as part of an espionage campaign that may have had its provenance as far back as 2014. Israeli cybersecurity firm Check Point Research attributed the intrusions to a hacking group tracked under the moniker “IndigoZebra,” with past […]

Read More

[SecurityWeek] Yubico Launches New Security Key With USB-C and NFC

All posts, Security Week

Yubico on Tuesday announced the launch of Security Key C NFC, a new hardware security key that includes NFC capabilities in a USB-C form factor. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[HackerNews] How to Mitigate Microsoft Windows 10, 11 SeriousSAM Vulnerability

All posts, HackerNews

Microsoft Windows 10 and Windows 11 users are at risk of a new unpatched vulnerability that was recently disclosed publicly. As we reported last week, the vulnerability — SeriousSAM — allows attackers with low-level permissions to access Windows system files to perform a Pass-the-Hash (and potentially Silver Ticket) attack.  Attackers can exploit this vulnerability to […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.