This month we got patches for 117 vulnerabilities. Of these, 13 are critical, 6 were previously disclosed and 4 are being exploited according to Microsoft.
The known Printnightmare vulnerability (CVE-2021-34527) is one of the 4 exploited. Microsoft released an out of bound emergency security fix for it (KB5004945) on July 6 but it is worth stressing the importance of applying this update. Remember to confirm if the PointAndPrint Windows registry is set to zero as well. Please, refer to the security advisory and a diary from Johannes detailing the vulnerability.
The other 3 exploited vulnerabilities comprises two elevation of privilege affecting Windows Kernel (CVE-2021-31979 and CVE-2021-33771) and a remote code execution (RCE) affecing Windows Scripting Engine.
About the previously disclosed vulnerabilities, it’s worth mentioning two affecting Microsoft Exchange Server. One RCE (CVE-2021-34473) associated to a CVSS of 9.1 – the highest this month – and an elevation of privilege vulnerability (CVE-2021-34523) witn a CVSS of 9.0.
See my dashboard for a more detailed breakout: https://patchtuesdaydashboard.com/
| Description | |||||||
|---|---|---|---|---|---|---|---|
| CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
| Active Directory Security Feature Bypass Vulnerability | |||||||
| %%cve:2021-33781%% | Yes | No | Less Likely | Less Likely | Important | 8.1 | 7.1 |
| Bowser.sys Denial of Service Vulnerability | |||||||
| %%cve:2021-34476%% | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| DirectWrite Remote Code Execution Vulnerability | |||||||
| %%cve:2021-34489%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Dynamics Business Central Remote Code Execution Vulnerability | |||||||
| %%cve:2021-34474%% | No | No | Less Likely | Less Likely | Critical | 8.0 | 7.0 |
| GDI+ Information Disclosure Vulnerability | |||||||
| %%cve:2021-34440%% | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| HEVC Video Extensions Remote Code Execution Vulnerability | |||||||
| %%cve:2021-31947%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| %%cve:2021-33775%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| %%cve:2021-33776%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| %%cve:2021-33777%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| %%cve:2021-33778%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Media Foundation Information Disclosure Vulnerability | |||||||
| %%cve:2021-33760%% | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Microsoft Bing Search Spoofing Vulnerability | |||||||
| %%cve:2021-33753%% | No | No | Less Likely | Less Likely | Important | 4.7 | 4.1 |
| Microsoft Defender Remote Code Execution Vulnerability | |||||||
| %%cve:2021-34464%% | No | No | Less Likely | Less Likely | Critical | 7.8 | 6.8 |
| %%cve:2021-34522%% | No | No | Less Likely | Less Likely | Critical | 7.8 | 6.8 |
| Microsoft Excel Remote Code Execution Vulnerability | |||||||
| %%cve:2021-34501%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| %%cve:2021-34518%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Microsoft Exchange Information Disclosure Vulnerability | |||||||
| %%cve:2021-33766%% | No | No | Less Likely | Less Likely | Important | 7.3 | 6.4 |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||||
| %%cve:2021-34523%% | Yes | No | Less Likely | Less Likely | Important | 9.0 | 7.8 |
| %%cve:2021-33768%% | No | No | Less Likely | Less Likely | Important | 8.0 | 7.0 |
| %%cve:2021-34470%% | No | No | Less Likely | Less Likely | Important | 8.0 | 7.0 |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||||
| %%cve:2021-31196%% | No | No | Less Likely | Less Likely | Important | 7.2 | 6.3 |
| %%cve:2021-31206%% | No | No | Less Likely | Less Likely | Important | 7.6 | 7.1 |
| %%cve:2021-34473%% | Yes | No | More Likely | More Likely | Critical | 9.1 | 7.9 |
| Microsoft Office Online Server Spoofing Vulnerability | |||||||
| %%cve:2021-34451%% | No | No | Less Likely | Less Likely | Important | 5.3 | 4.6 |
| Microsoft Office Security Feature Bypass Vulnerability | |||||||
| %%cve:2021-34469%% | No | No | Less Likely | Less Likely | Important | 8.2 | 7.1 |
| Microsoft SharePoint Server Information Disclosure Vulnerability | |||||||
| %%cve:2021-34519%% | No | No | Less Likely | Less Likely | Moderate | 5.3 | 4.8 |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||||
| %%cve:2021-34467%% | No | No | More Likely | More Likely | Important | 7.1 | 6.2 |
| %%cve:2021-34468%% | No | No | More Likely | More Likely | Important | 7.1 | 6.2 |
| %%cve:2021-34520%% | No | No | More Likely | More Likely | Important | 8.1 | 7.1 |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||||
| %%cve:2021-34517%% | No | No | Less Likely | Less Likely | Important | 5.3 | 4.6 |
| Microsoft Visual Studio Spoofing Vulnerability | |||||||
| %%cve:2021-34479%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Microsoft Windows Media Foundation Remote Code Execution Vulnerability | |||||||
| %%cve:2021-34441%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| %%cve:2021-34439%% | No | No | Less Likely | Less Likely | Critical | 7.8 | 6.8 |
| %%cve:2021-34503%% | No | No | Less Likely | Less Likely | Critical | 7.8 | 6.8 |
| Microsoft Word Remote Code Execution Vulnerability | |||||||
| %%cve:2021-34452%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Open Enclave SDK Elevation of Privilege Vulnerability | |||||||
| %%cve:2021-33767%% | No | No | Less Likely | Less Likely | Important | 8.2 | 7.1 |
| Power BI Remote Code Execution Vulnerability | |||||||
| %%cve:2021-31984%% | No | No | Less Likely | Less Likely | Important | 7.6 | 6.6 |
| Raw Image Extension Remote Code Execution Vulnerability | |||||||
| %%cve:2021-34521%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Scripting Engine Memory Corruption Vulnerability | |||||||
| %%cve:2021-34448%% | No | Yes | Detected | Detected | Critical | 6.8 | 6.3 |
| Storage Spaces Controller Elevation of Privilege Vulnerability | |||||||
| %%cve:2021-33751%% | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| %%cve:2021-34460%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| %%cve:2021-34510%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| %%cve:2021-34512%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| %%cve:2021-34513%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Storage Spaces Controller Information Disclosure Vulnerability | |||||||
| %%cve:2021-34509%% | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability | |||||||
| %%cve:2021-34477%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Visual Studio Code Remote Code Execution Vulnerability | |||||||
| %%cve:2021-34528%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| %%cve:2021-34529%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Win32k Elevation of Privilege Vulnerability | |||||||
| %%cve:2021-34449%% | No | No | More Likely | More Likely | Important | 7.0 | 6.1 |
| %%cve:2021-34516%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Win32k Information Disclosure Vulnerability | |||||||
| %%cve:2021-34491%% | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Windows ADFS Security Feature Bypass Vulnerability | |||||||
| %%cve:2021-33779%% | Yes | No | Less Likely | Less Likely | Important | 8.1 | 7.1 |
| Windows AF_UNIX Socket Provider Denial of Service Vulnerability | |||||||
| %%cve:2021-33785%% | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| Windows Address Book Remote Code Execution Vulnerability | |||||||
| %%cve:2021-34504%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows AppContainer Elevation Of Privilege Vulnerability | |||||||
| %%cve:2021-34459%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | |||||||
| %%cve:2021-34462%% | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| Windows Authenticode Spoofing Vulnerability | |||||||
| %%cve:2021-33782%% | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Windows Certificate Spoofing Vulnerability | |||||||
| %%cve:2021-34492%% | Yes | No | Less Likely | Less Likely | Important | 8.1 | 7.1 |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |||||||
| %%cve:2021-33784%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Console Driver Elevation of Privilege Vulnerability | |||||||
| %%cve:2021-34488%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | |||||||
| %%cve:2021-34461%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows DNS Server Denial of Service Vulnerability | |||||||
| %%cve:2021-34442%% | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| %%cve:2021-34444%% | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| %%cve:2021-34499%% | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| %%cve:2021-33745%% | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| Windows DNS Server Remote Code Execution Vulnerability | |||||||
| %%cve:2021-33780%% | No | No | More Likely | More Likely | Important | 8.8 | 7.7 |
| %%cve:2021-34494%% | No | No | Less Likely | Less Likely | Critical | 8.8 | 7.7 |
| %%cve:2021-33746%% | No | No | Less Likely | Less Likely | Important | 8.0 | 7.0 |
| %%cve:2021-33754%% | No | No | Less Likely | Less Likely | Important | 8.0 | 7.0 |
| %%cve:2021-34525%% | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| Windows DNS Snap-in Remote Code Execution Vulnerability | |||||||
| %%cve:2021-33749%% | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| %%cve:2021-33750%% | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| %%cve:2021-33752%% | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| %%cve:2021-33756%% | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| Windows Desktop Bridge Elevation of Privilege Vulnerability | |||||||
| %%cve:2021-33759%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Event Tracing Elevation of Privilege Vulnerability | |||||||
| %%cve:2021-33774%% | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| Windows File History Service Elevation of Privilege Vulnerability | |||||||
| %%cve:2021-34455%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Font Driver Host Remote Code Execution Vulnerability | |||||||
| %%cve:2021-34438%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows GDI Elevation of Privilege Vulnerability | |||||||
| %%cve:2021-34498%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows GDI Information Disclosure Vulnerability | |||||||
| %%cve:2021-34496%% | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Windows HTML Platforms Security Feature Bypass Vulnerability | |||||||
| %%cve:2021-34446%% | No | No | Less Likely | Less Likely | Important | 8.0 | 7.0 |
| Windows Hello Security Feature Bypass Vulnerability | |||||||
| %%cve:2021-34466%% | No | No | Less Likely | Less Likely | Important | 5.7 | 5.0 |
| Windows Hyper-V Denial of Service Vulnerability | |||||||
| %%cve:2021-33755%% | No | No | Less Likely | Less Likely | Important | 6.3 | 5.5 |
| %%cve:2021-33758%% | No | No | Less Likely | Less Likely | Important | 7.7 | 6.7 |
| Windows Hyper-V Remote Code Execution Vulnerability | |||||||
| %%cve:2021-34450%% | No | No | Less Likely | Less Likely | Critical | 8.5 | 7.4 |
| Windows InstallService Elevation of Privilege Vulnerability | |||||||
| %%cve:2021-31961%% | No | No | Less Likely | Less Likely | Important | 6.1 | 5.3 |
| Windows Installer Elevation of Privilege Vulnerability | |||||||
| %%cve:2021-34511%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Installer Spoofing Vulnerability | |||||||
| %%cve:2021-33765%% | No | No | Less Likely | Less Likely | Important | 6.2 | 5.4 |
| Windows Kernel Elevation of Privilege Vulnerability | |||||||
| %%cve:2021-33771%% | No | Yes | Detected | Detected | Important | 7.8 | 7.2 |
| %%cve:2021-31979%% | No | Yes | Detected | Detected | Important | 7.8 | 7.2 |
| %%cve:2021-34514%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Kernel Memory Information Disclosure Vulnerability | |||||||
| %%cve:2021-34500%% | No | No | Less Likely | Less Likely | Important | 6.3 | 5.5 |
| Windows Kernel Remote Code Execution Vulnerability | |||||||
| %%cve:2021-34458%% | No | No | Less Likely | Less Likely | Critical | 9.9 | 8.6 |
| %%cve:2021-34508%% | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| Windows Key Distribution Center Information Disclosure Vulnerability | |||||||
| %%cve:2021-33764%% | No | No | Less Likely | Less Likely | Important | 5.9 | 5.2 |
| Windows LSA Denial of Service Vulnerability | |||||||
| %%cve:2021-33788%% | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| Windows LSA Security Feature Bypass Vulnerability | |||||||
| %%cve:2021-33786%% | No | No | Less Likely | Less Likely | Important | 8.1 | 7.1 |
| Windows MSHTML Platform Remote Code Execution Vulnerability | |||||||
| %%cve:2021-34447%% | No | No | Less Likely | Less Likely | Important | 6.8 | 5.9 |
| %%cve:2021-34497%% | No | No | Less Likely | Less Likely | Critical | 6.8 | 5.9 |
| Windows Media Remote Code Execution Vulnerability | |||||||
| %%cve:2021-33740%% | No | No | Less Likely | Less Likely | Critical | 7.8 | 6.8 |
| Windows Partition Management Driver Elevation of Privilege Vulnerability | |||||||
| %%cve:2021-34493%% | No | No | Less Likely | Less Likely | Important | 6.7 | 5.8 |
| Windows Print Spooler Remote Code Execution Vulnerability | |||||||
| %%cve:2021-34527%% | Yes | Yes | Detected | Detected | Critical | 8.8 | 8.2 |
| Windows Projected File System Elevation of Privilege Vulnerability | |||||||
| %%cve:2021-33743%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | |||||||
| %%cve:2021-33761%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| %%cve:2021-33773%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| %%cve:2021-34445%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| %%cve:2021-34456%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | |||||||
| %%cve:2021-33763%% | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| %%cve:2021-34454%% | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| %%cve:2021-34457%% | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Windows Remote Assistance Information Disclosure Vulnerability | |||||||
| %%cve:2021-34507%% | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| Windows SMB Information Disclosure Vulnerability | |||||||
| %%cve:2021-33783%% | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| Windows Secure Kernel Mode Security Feature Bypass Vulnerability | |||||||
| %%cve:2021-33744%% | No | No | Less Likely | Less Likely | Important | 5.3 | 4.6 |
| Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability | |||||||
| %%cve:2021-33757%% | No | No | Less Likely | Less Likely | Important | 5.3 | 4.6 |
| Windows TCP/IP Driver Denial of Service Vulnerability | |||||||
| %%cve:2021-31183%% | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| %%cve:2021-33772%% | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| %%cve:2021-34490%% | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
—
Renato Marinho
Morphus Labs| LinkedIn|Twitter
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
