Microsoft Patches 9 Zero-Days with July 2021 Update

Contents of The Article hide

3.2 Vulnerabilities That Are Not Zero-Days

4 References to Advisories, Solutions and Tools

Overview

Microsoft patches a total of 97 operating system and software flaws with July 2021 Patch Tuesday update. 9 of these vulnerabilities turn out to be zero-day vulnerabilities, and 4 of them are considered to be actively exploited in the wild.

What Is Patch Tuesday?

Patch Tuesday, a.k.a., Black Tuesday (or Update Tuesday), is an unofficial term used to refer to the scheduled updates rolled out on Tuesdays by Microsoft to fix for known bugs in the Windows operating system and the other Microsoft products.

It was introduced in 2003 to provide a routine schedule for the system administrators to plan for updates for Microsoft products. The idea was to simplify the patch management by regular schedules and save the network administrators from the hassle of unpredictable updates. With predetermined update schedules, system administrators could arrange compatibility and deployment tests before installing the updates.

About the Security Vulnerabilities

Microsoft patches several of its products with the Patch Tuesday update in July. 9 of the vulnerabilities, from a total of 97, turn out to be zero-days, and 4 of these zero-day vulnerabilities are actively exploited in the wild, according to the Microsoft update guide.

Out of these 97 vulnerabilities, 2 are rated critical and 70 are rated high in severity according to CVSS (Common Vulnerability Scoring System) scale. However, note that these initial ratings made currently by Microsoft could differ from the final severity evaluation in NVD (National Vulnerability Database).

Zero-Day Vulnerabilities

Following is a list of zero-day vulnerabilities that were detected to be actively exploited in the wild. Among these, CVE-2021-34527 Print Spooler vulnerability, a.k.a., PrintNightmare vulnerability, was patched last week with an emergency update, as it was accidentally disclosed publicly by Chinese researchers.

CVE-2021-34527 Windows Print Spooler Remote Code Execution Vulnerability
CVE-2021-31979 Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-34448 Scripting Engine Memory Corruption Vulnerability
CVE-2021-33771 Windows Kernel Elevation of Privilege Vulnerability

According to a report by Citizen Lab, two of these vulnerabilities (CVE-2021-31979 and CVE-2021-33771) were found to be exploited by a spyware that was allegedly developed by an Israeli cyber security company called Candiru. Microsoft Threat Intelligence Center (MSTIC) further shared that at least 100 human rights defenders, dissidents, journalists, activists and politicians in Palestine, Israel, Iran, Lebanon, Yemen, Spain, United Kingdom, Turkey, Armenia, and Singapore fell victims of this spyware.

The other 5 zero-day vulnerabilities that have no known exploits at the time of the patch release are as follows:

CVE-2021-33781 Azure AD Security Feature Bypass Vulnerability
CVE-2021-33779 Windows ADFS Security Feature Bypass Vulnerability
CVE-2021-34473 Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-34523 Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2021-34492 Windows Certificate Spoofing Vulnerability

Vulnerabilities That Are Not Zero-Days

The following is a list of the remaining 88 vulnerabilities that are not zero-days:

List the remaining 88 security vulnerabilities …

CVE-2021-34529 Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-34477 Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability
CVE-2021-34525 Windows DNS Server Remote Code Execution Vulnerability
CVE-2021-34522 Microsoft Defender Remote Code Execution Vulnerability
CVE-2021-34470 Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2021-34517 Microsoft SharePoint Server Spoofing Vulnerability
CVE-2021-34466 Windows Hello Security Feature Bypass Vulnerability
CVE-2021-34516 Win32k Elevation of Privilege Vulnerability
CVE-2021-34464 Microsoft Defender Remote Code Execution Vulnerability
CVE-2021-34514 Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-34440 GDI+ Information Disclosure Vulnerability
CVE-2021-34489 DirectWrite Remote Code Execution Vulnerability
CVE-2021-34488 Windows Console Driver Elevation of Privilege Vulnerability
CVE-2021-34439 Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVE-2021-34438 Windows Font Driver Host Remote Code Execution Vulnerability
CVE-2021-33788 Windows LSA Denial of Service Vulnerability
CVE-2021-33786 Windows LSA Security Feature Bypass Vulnerability
CVE-2021-33785 Windows AF_UNIX Socket Provider Denial of Service Vulnerability
CVE-2021-33784 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2021-33783 Windows SMB Information Disclosure Vulnerability
CVE-2021-33782 Windows Authenticode Spoofing Vulnerability
CVE-2021-33778 HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2021-33777 HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2021-33776 HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2021-337 7 5 HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2021-33772 Windows TCP/IP Driver Denial of Service Vulnerability
CVE-2021-33768 Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2021-33766 Microsoft Exchange Information Disclosure Vulnerability
CVE-2021-33764 Windows Key Distribution Center Information Disclosure Vulnerability
CVE-2021-33756 Windows DNS Snap-in Remote Code Execution Vulnerability
CVE-2021-33754 Windows DNS Server Remote Code Execution Vulnerability
CVE-2021-33752 Windows DNS Snap-in Remote Code Execution Vulnerability
CVE-2021-33751 Storage Spaces Controller Elevation of Privilege Vulnerability
CVE-2021-33750 Windows DNS Snap-in Remote Code Execution Vulnerability
CVE-2021-33749 Windows DNS Snap-in Remote Code Execution Vulnerability
CVE-2021-33746 Windows DNS Server Remote Code Execution Vulnerability
CVE-2021-33745 Windows DNS Server Denial of Service Vulnerability
CVE-2021-34479 Microsoft Visual Studio Spoofing Vulnerability
CVE-2021-34528 Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-34476 Bowser.sys Denial of Service Vulnerability
CVE-2021-34474 Dynamics Business Central Remote Code Execution Vulnerability
CVE-2021-34521 Raw Image Extension Remote Code Execution Vulnerability
CVE-2021-34520 Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-34469 Microsoft Office Security Feature Bypass Vulnerability
CVE-2021-34519 Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2021-34468 Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-34518 Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-34467 Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-34452 Microsoft Word Remote Code Execution Vulnerability
CVE-2021-34501 Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-34500 Windows Kernel Memory Information Disclosure Vulnerability
CVE-2021-34450 Windows Hyper-V Remote Code Execution Vulnerability
CVE-2021-34499 Windows DNS Server Denial of Service Vulnerability
CVE-2021-34449 Win32k Elevation of Privilege Vulnerability
CVE-2021-34498 Windows GDI Elevation of Privilege Vulnerability
CVE-2021-34497 Windows MSHTML Platform Remote Code Execution Vulnerability
CVE-2021-34447 Windows MSHTML Platform Remote Code Execution Vulnerability
CVE-2021-34496 Windows GDI Information Disclosure Vulnerability
CVE-2021-34446 Windows HTML Platforms Security Feature Bypass Vulnerability
CVE-2021-34445 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVE-2021-34494 Windows DNS Server Remote Code Execution Vulnerability
CVE-2021-34444 Windows DNS Server Denial of Service Vulnerability
CVE-2021-34493 Windows Partition Management Driver Elevation of Privilege Vulnerability
CVE-2021-34491 Win32k Information Disclosure Vulnerability
CVE-2021-34442 Windows DNS Server Denial of Service Vulnerability
CVE-2021-34441 Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVE-2021-33780 Windows DNS Server Remote Code Execution Vulnerability
CVE-2021-33774 Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-33773 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVE-2021-33767 Open Enclave SDK Elevation of Privilege Vulnerability
CVE-2021-33765 Windows Installer Spoofing Vulnerability
CVE-2021-33763 Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVE-2021-33761 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVE-2021-33760 Media Foundation Information Disclosure Vulnerability
CVE-2021-33759 Windows Desktop Bridge Elevation of Privilege Vulnerability
CVE-2021-33757 Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability
CVE-2021-33758 Windows Hyper-V Denial of Service Vulnerability
CVE-2021-33755 Windows Hyper-V Denial of Service Vulnerability
CVE-2021-33753 Microsoft Bing Search Spoofing Vulnerability
CVE-2021-33744 Windows Secure Kernel Mode Security Feature Bypass Vulnerability
CVE-2021-33743 Windows Projected File System Elevation of Privilege Vulnerability
CVE-2021-33740 Windows Media Remote Code Execution Vulnerability
CVE-2021-31984 Power BI Remote Code Execution Vulnerability
CVE-2021-31961 Windows InstallService Elevation of Privilege Vulnerability
CVE-2021-31947 HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2021-31206 Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-31196 Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-31183 Windows TCP/IP Driver Denial of Service Vulnerability