Microsoft August 2021 Security Updates Address 44 CVEs

Contents of The Article hide

1 Overview

2 What Is Patch Tuesday?

3 About the Security Vulnerabilities

3.1 Zero-Day Vulnerability

3.2 Publicly Disclosed Vulnerabilities

3.3 Critical Vulnerabilities

4 References to Advisories, Solutions and Tools

Overview

Microsoft patches a total of 44 operating system and software flaws (CVEs) with August 2021 Patch Tuesday updates. 2 of these vulnerabilities are publicly known at the time of the patch release, and 1 of the vulnerabilities turn out to be a zero-day actively exploited in the wild.

What Is Patch Tuesday?

Patch Tuesday, a.k.a., Black Tuesday (or Update Tuesday), is an unofficial term used to refer to the scheduled updates rolled out on Tuesdays by Microsoft to fix for known bugs in the Windows operating system and the other Microsoft products.

It was introduced in 2003 to provide a routine schedule for the system administrators to plan for updates for Microsoft products. The idea was to simplify the patch management by regular schedules and save the network administrators from the hassle of unpredictable updates. With predetermined update schedules, system administrators could arrange compatibility and deployment tests before installing the updates.

About the Security Vulnerabilities

Microsoft released patches to address 44 vulnerabilities for the following products with the Patch Tuesday updates in August.

List the affected Microsoft products.

.NET Core & Visual Studio
ASP .NET
Azure
Azure Sphere
Microsoft Azure Active Directory Connect
Microsoft Dynamics
Microsoft Graphics Component
Microsoft Office
Microsoft Office SharePoint
Microsoft Office Word
Microsoft Scripting Engine
Microsoft Windows Codecs Library
Remote Desktop Client
Windows Bluetooth Service
Windows Cryptographic Services
Windows Defender
Windows Event Tracing
Windows Media
Windows MSHTML Platform
Windows NTLM
Windows Print Spooler Components
Windows Services for NFS ONCRPC XDR Driver
Windows Storage Spaces Controller
Windows TCP/IP
Windows Update
Windows Update Assistant
Windows User Profile Service

2 of the vulnerabilities are publicly disclosed (CVE-2021-36936, CVE-2021-36942) and 1 of the vulnerabilities is a zero-day (CVE-2021-36948) that is known to be actively exploited in the wild, according to the Microsoft update guide.

Also note that, 2 of the patched vulnerabilities (CVE-2021-26424, CVE-2021-26432) are rated as critical in severity according to CVSS (Common Vulnerability Scoring System) scale. However, these initial severity scores assigned by Microsoft could differ from the final severity evaluations made by NVD (National Vulnerability Database).

Zero-Day Vulnerability

CVE-2021-36948 Windows Update Medic Service Elevation of Privilege Vulnerability: This zero-day vulnerability (CVSS Score: 7.8) exists in the WaaSMedicSCV.exe and can allow an attacker to run malicious code with escalated privileges. As a side information, Windows Update Medic Service is a service introduced in Windows 10 to repair any damages suffered by Windows Update components so that Windows updates can function without any interruption.

Publicly Disclosed Vulnerabilities

CVE-2021-36936 Windows Print Spooler Remote Code Execution (RCE) Vulnerability: Yet another Print Spooler RCE vulnerability (CVSS Score: 8.8) patched recently by Microsoft. As can be remembered, CVE-2021-34527 Print Spooler vulnerability, a.k.a., PrintNightmare vulnerability, was patched last month with an emergency update, as it was accidentally disclosed publicly by Chinese researchers.
CVE-2021-36942 Windows LSA Spoofing Vulnerability: This vulnerability allows an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM ( a.k.a. NTLM Relay Attack). As a side information, NT LAN Manager (NTLM) is a challenge response authentication protocol used to authenticate a client to an Active Directory resource. A publicly known proof-of-concept (PoC), known as PetitPotam, is available for this vulnerability.

Critical Vulnerabilities

CVE-2021-26424 Windows TCP/IP RCE Vulnerability: The most critical of all the patched vulnerabilities is a Remote Code Execution (RCE) vulnerability (CVSS Score: 9.9) that exist in the Windows TCP/IP protocol. This vulnerability allows an attacker to compromise a host machine and run arbitrary code via sending specially crafted TCP/IP packets to a vulnerable Hyper-V guest machine.
CVE-2021-26432 Windows Services for NFS ONCRPC XDR Driver RCE Vulnerability: This is another critical RCE vulnerability with a CVSS score of 9.8 and its exploitation is evaluated as “more likely” by Microsoft.

A complete list of all the vulnerabilities can be found at Microsoft Security Update Guide.