Microsoft has released the July 2021 Security updates that includes patches for 117 vulnerabilities, 13 of those rated Critical. The updates also include fixes for 3 zero-day bugs exploited in the wild.
A remote attacker could exploit some of these vulnerabilities to take control of unpatched systems.
In all, the Microsoft security updates address vulnerabilities in the following products:
- Common Internet File System
- Dynamics Business Central Control
- Microsoft Bing
- Microsoft Dynamics
- Microsoft Exchange Server
- Microsoft Graphics Component
- Microsoft Office
- Microsoft Office Excel
- Microsoft Office SharePoint
- Microsoft Scripting Engine
- Microsoft Windows Codecs Library
- Microsoft Windows DNS
- Microsoft Windows Media Foundation
- OpenEnclave
- Power BI
- Role: DNS Server
- Role: Hyper-V
- Visual Studio Code
- Visual Studio Code – .NET Runtime
- Visual Studio Code – Maven for Java Extension
- Windows Active Directory
- Windows Address Book
- Windows AF_UNIX Socket Provider
- Windows AppContainer
- Windows AppX Deployment Extensions
- Windows Authenticode
- Windows Cloud Files Mini Filter Driver
- Windows Console Driver
- Windows Defender
- Windows Desktop Bridge
- Windows Event Tracing
- Windows File History Service
- Windows Hello
- Windows HTML Platform
- Windows Installer
- Windows Kernel
- Windows Key Distribution Center
- Windows Local Security Authority Subsystem Service
- Windows MSHTML Platform
- Windows Partition Management Driver
- Windows PFX Encryption
- Windows Print Spooler Components
- Windows Projected File System
- Windows Remote Access Connection Manager
- Windows Remote Assistance
- Windows Secure Kernel Mode
- Windows Security Account Manager
- Windows Shell
- Windows SMB
- Windows Storage Spaces Controller
- Windows TCP/IP
- Windows Win32K
Zero-day vulnerabilities
The following zero-day vulnerabilities that have known public exploits were fixed in this month’s patches (along with base CVSS score):
- CVE-2021-31979: Windows Kernel Elevation of Privilege Vulnerability (6.8)
- CVE-2021-33771: Windows Kernel Elevation of Privilege Vulnerability (7.8)
- CVE-2021-34448: Remote Code Execution Scripting Engine Memory Corruption Vulnerability (7.8).
Microsoft rated CVE-2021-34448 as Critical severity and confirmed “exploitation was detected” for each of these vulnerabilities. This was on top of the previously issued out-of-band patch issued for the PrintNightmare vulnerability CVE-2021-34527 exploited in the wild.
Critical RCE vulnerabilities
In addition, Microsoft addressed 13 Critical remote code execution (RCE) vulnerabilities, to include the previously mentioned zero-day CVE-2021-34448, on Microsoft Dynamics 365 Business Central, Exchange Server, Malware Protection Engine, Windows 10, Windows Server and older Windows desktop versions.
The 13 patched Critical RCE vulnerabilities include:
- CVE-2021-33740: Windows Media Remote Code Execution Vulnerability
- CVE-2021-34439: Microsoft Windows Media Foundation Remote Code Execution Vulnerability
- CVE-2021-34448: Scripting Engine Memory Corruption Vulnerability*
- CVE-2021-34450: Windows Hyper-V Remote Code Execution Vulnerability
- CVE-2021-34458: Windows Kernel Remote Code Execution Vulnerability
- CVE-2021-34464: Microsoft Defender Remote Code Execution Vulnerability
- CVE-2021-34473: Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2021-34474: Dynamics Business Central Remote Code Execution Vulnerability
- CVE-2021-34494: Windows DNS Server Remote Code Execution Vulnerability
- CVE-2021-34497: Windows DNS Server Remote Code Execution Vulnerability
- CVE-2021-34503: Microsoft Windows Media Foundation Remote Code Execution Vulnerability
- CVE-2021-34522: Microsoft Defender Remote Code Execution Vulnerability
- CVE-2021-34527: Windows Print Spooler Remote Code Execution Vulnerability (“PrintNightmare”)*
It is important to note that CVE’s highlighted in bold (*) have known exploits in the wild as previously noted above.
Moreover, Microsoft provided an out-of-band patch for PrintNightmare CVE-2021-34527 on July 6. The PrintNightmare vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations.
As a result, an attacker could exploit and run arbitrary code with SYSTEM privileges. Moreover, actors could then install programs, create new accounts, and view, change, or delete data on affected systems.
Other security updates
In addition to the Critical RCEs and zero-days, Microsoft also patched over 100 Important rated vulnerabilities across multiple products to include: Denial of Service, Elevation of Privilege, Information Disclosure, Security Feature Bypass and Spoofing.
Readers can review the July 2021 Security Updates Release Notes and also download more vulnerability and patch details via Microsoft’s Security Update Guide. On related note, also check out the latest Adobe security updates for multiple other Adobe products.
Related Articles
- Microsoft patches PrintNightmare vulnerability
- PrintNightmare: Windows Print Spooler service RCE vulnerability exploit code
- Zloader trojan bypasses Microsoft Office malware-protection defenses
- Microsoft June 2021 Security Updates includes fixes for 6 zero-day vulnerabilities
- Microsoft uncovers NOBELIUM ‘sophisticated email-based attack’
- FBI removes malicious web shells from hundreds of compromised Microsoft Exchange servers
- Microsoft: New analysis of Exchange Server vulnerabilities and cyberattacks
- Microsoft open sources CodeQL queries to scan for Solarwinds-like Solorigate activity