Microsoft patches a total of 44 operating system and software flaws (CVEs) with August 2021 Patch Tuesday updates. 2 of these vulnerabilities are publicly known at the time of the patch release, and 1 of the vulnerabilities turn out to be a zero-day actively exploited in the wild.
Patch Tuesday, a.k.a., Black Tuesday (or Update Tuesday), is an unofficial term used to refer to the scheduled updates rolled out on Tuesdays by Microsoft to fix for known bugs in the Windows operating system and the other Microsoft products.
It was introduced in 2003 to provide a routine schedule for the system administrators to plan for updates for Microsoft products. The idea was to simplify the patch management by regular schedules and save the network administrators from the hassle of unpredictable updates. With predetermined update schedules, system administrators could arrange compatibility and deployment tests before installing the updates.
About the Security Vulnerabilities
Microsoft released patches to address 44 vulnerabilities for the following products with the Patch Tuesday updates in August.
List the affected Microsoft products.
- .NET Core & Visual Studio
- ASP .NET
- Azure Sphere
- Microsoft Azure Active Directory Connect
- Microsoft Dynamics
- Microsoft Graphics Component
- Microsoft Office
- Microsoft Office SharePoint
- Microsoft Office Word
- Microsoft Scripting Engine
- Microsoft Windows Codecs Library
- Remote Desktop Client
- Windows Bluetooth Service
- Windows Cryptographic Services
- Windows Defender
- Windows Event Tracing
- Windows Media
- Windows MSHTML Platform
- Windows NTLM
- Windows Print Spooler Components
- Windows Services for NFS ONCRPC XDR Driver
- Windows Storage Spaces Controller
- Windows TCP/IP
- Windows Update
- Windows Update Assistant
- Windows User Profile Service
2 of the vulnerabilities are publicly disclosed (CVE-2021-36936, CVE-2021-36942) and 1 of the vulnerabilities is a zero-day (CVE-2021-36948) that is known to be actively exploited in the wild, according to the Microsoft update guide.
Also note that, 2 of the patched vulnerabilities (CVE-2021-26424, CVE-2021-26432) are rated as critical in severity according to CVSS (Common Vulnerability Scoring System) scale. However, these initial severity scores assigned by Microsoft could differ from the final severity evaluations made by NVD (National Vulnerability Database).
- CVE-2021-36948 Windows Update Medic Service Elevation of Privilege Vulnerability: This zero-day vulnerability (CVSS Score: 7.8) exists in the WaaSMedicSCV.exe and can allow an attacker to run malicious code with escalated privileges. As a side information, Windows Update Medic Service is a service introduced in Windows 10 to repair any damages suffered by Windows Update components so that Windows updates can function without any interruption.
Publicly Disclosed Vulnerabilities
- CVE-2021-36936 Windows Print Spooler Remote Code Execution (RCE) Vulnerability: Yet another Print Spooler RCE vulnerability (CVSS Score: 8.8) patched recently by Microsoft. As can be remembered, CVE-2021-34527 Print Spooler vulnerability, a.k.a., PrintNightmare vulnerability, was patched last month with an emergency update, as it was accidentally disclosed publicly by Chinese researchers.
- CVE-2021-36942 Windows LSA Spoofing Vulnerability: This vulnerability allows an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM ( a.k.a. NTLM Relay Attack). As a side information, NT LAN Manager (NTLM) is a challenge response authentication protocol used to authenticate a client to an Active Directory resource. A publicly known proof-of-concept (PoC), known as PetitPotam, is available for this vulnerability.
- CVE-2021-26424 Windows TCP/IP RCE Vulnerability: The most critical of all the patched vulnerabilities is a Remote Code Execution (RCE) vulnerability (CVSS Score: 9.9) that exist in the Windows TCP/IP protocol. This vulnerability allows an attacker to compromise a host machine and run arbitrary code via sending specially crafted TCP/IP packets to a vulnerable Hyper-V guest machine.
- CVE-2021-26432 Windows Services for NFS ONCRPC XDR Driver RCE Vulnerability: This is another critical RCE vulnerability with a CVSS score of 9.8 and its exploitation is evaluated as “more likely” by Microsoft.
A complete list of all the vulnerabilities can be found at Microsoft Security Update Guide.
References to Advisories, Solutions and Tools
One single vulnerability all an attacker needs.Window Snyder
Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.