This month we got patches for 51 vulnerabilities. Of these, 7 are critical, 2 were previously disclosed and 1 is being exploited according to Microsoft.
The exploited vulnerability is an elevation of privilege Windows Update Medic Service (CVE-2021-36948). This vulnerability requires no user interaction low privileges and has a low attack complexity. The CVSS v3 for this vulnerability is 7.80.
Among the two previously disclosed vulnerability, there is a remote code execution (RCE) affecting Windows Print Spooler (CVE-2021-36936). This vulnerability may be exploited from network, requires low privileges and no user interaction. Microsoft has released patches to fix this vulnerability on virtually all supported Windows versions and also for the unsupported Windows 7. The CVSS v3 for this vulnerability is 8.80.
The second previously disclosed vulnerability is a spoofing vulnerability affecting Windows LSA (CVE-2021-36942). This vulnerability man be exploited remotely (network), requires no privilege nor user interaction. According the the vulnerability advisory, an unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM. The security update released thsi month by Microsoft blocks the affected API calls (OpenEncryptedFileRawA) and (OpenEncryptedFileRawW) through LSARPC interface.
Yet about LSA Spoofing vulnerability, despite affecting all Windows Servers, according to Microsoft, Domain Controllers should be prioritazed on updating process. Additionally, there are further actions (KB5005413) users need to take to protect their systems after applying the security update. The CVSS v3 for this vulnerability is 7.5, but, when chained with NTLM Relay attacks on Active Directory Certificate Services (AD CS) is 9.80.
Finally, the highest CVSS this month (9.90) went to the Windows TCP/IP Remote Code Execution Vulnerability (CVE-2021-26424). According to the vulnerability advisory, this vulnerability may be remotely triggerable by a malicious Hyper-V guest sending an ipv6 ping to the Hyper-V host. An attacker could send a specially crafted TCPIP packet to its host utilizing the TCPIP Protocol Stack (tcpip.sys) to process packets.
See my dashboard for a more detailed breakout: https://patchtuesdaydashboard.com
| Description | |||||||
|---|---|---|---|---|---|---|---|
| CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
| .NET Core and Visual Studio Denial of Service Vulnerability | |||||||
| %%cve:2021-26423%% | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| .NET Core and Visual Studio Information Disclosure Vulnerability | |||||||
| %%cve:2021-34485%% | No | No | Less Likely | Less Likely | Important | 5.0 | 4.4 |
| ASP.NET Core and Visual Studio Information Disclosure Vulnerability | |||||||
| %%cve:2021-34532%% | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Azure CycleCloud Elevation of Privilege Vulnerability | |||||||
| %%cve:2021-33762%% | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| %%cve:2021-36943%% | No | No | Less Likely | Less Likely | Important | 4.0 | 3.5 |
| Azure Sphere Denial of Service Vulnerability | |||||||
| %%cve:2021-26430%% | No | No | Less Likely | Less Likely | Important | 6.0 | 5.4 |
| Azure Sphere Elevation of Privilege Vulnerability | |||||||
| %%cve:2021-26429%% | No | No | Less Likely | Less Likely | Important | 7.7 | 6.9 |
| Azure Sphere Information Disclosure Vulnerability | |||||||
| %%cve:2021-26428%% | No | No | Less Likely | Less Likely | Important | 4.4 | 4.0 |
| Chromium: CVE-2021-30590 Heap buffer overflow in Bookmarks | |||||||
| %%cve:2021-30590%% | No | No | – | – | – | ||
| Chromium: CVE-2021-30591 Use after free in File System API | |||||||
| %%cve:2021-30591%% | No | No | – | – | – | ||
| Chromium: CVE-2021-30592 Out of bounds write in Tab Groups | |||||||
| %%cve:2021-30592%% | No | No | – | – | – | ||
| Chromium: CVE-2021-30593 Out of bounds read in Tab Strip | |||||||
| %%cve:2021-30593%% | No | No | – | – | – | ||
| Chromium: CVE-2021-30594 Use after free in Page Info UI | |||||||
| %%cve:2021-30594%% | No | No | – | – | – | ||
| Chromium: CVE-2021-30596 Incorrect security UI in Navigation | |||||||
| %%cve:2021-30596%% | No | No | – | – | – | ||
| Chromium: CVE-2021-30597 Use after free in Browser UI | |||||||
| %%cve:2021-30597%% | No | No | – | – | – | ||
| Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability | |||||||
| %%cve:2021-36949%% | No | No | Less Likely | Less Likely | Important | 7.1 | 6.4 |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||||
| %%cve:2021-36950%% | No | No | Less Likely | Less Likely | Important | 5.4 | 4.9 |
| Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability | |||||||
| %%cve:2021-34524%% | No | No | Less Likely | Less Likely | Important | 8.1 | 7.1 |
| Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | |||||||
| %%cve:2021-36946%% | No | No | Less Likely | Less Likely | Important | 5.4 | 4.9 |
| Microsoft Office Remote Code Execution Vulnerability | |||||||
| %%cve:2021-34478%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||||
| %%cve:2021-36940%% | No | No | Less Likely | Less Likely | Important | 7.6 | 6.6 |
| Microsoft Windows Defender Elevation of Privilege Vulnerability | |||||||
| %%cve:2021-34471%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Microsoft Word Remote Code Execution Vulnerability | |||||||
| %%cve:2021-36941%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Remote Desktop Client Remote Code Execution Vulnerability | |||||||
| %%cve:2021-34535%% | No | No | More Likely | More Likely | Critical | 8.8 | 7.9 |
| Scripting Engine Memory Corruption Vulnerability | |||||||
| %%cve:2021-34480%% | No | No | More Likely | More Likely | Critical | 6.8 | 5.9 |
| Storage Spaces Controller Elevation of Privilege Vulnerability | |||||||
| %%cve:2021-34536%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows 10 Update Assistant Elevation of Privilege Vulnerability | |||||||
| %%cve:2021-36945%% | No | No | Less Likely | Less Likely | Important | 7.3 | 6.4 |
| Windows Bluetooth Driver Elevation of Privilege Vulnerability | |||||||
| %%cve:2021-34537%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Cryptographic Primitives Library Information Disclosure Vulnerability | |||||||
| %%cve:2021-36938%% | No | No | Unlikely | Unlikely | Important | 5.5 | 4.8 |
| Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability | |||||||
| %%cve:2021-36927%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Event Tracing Elevation of Privilege Vulnerability | |||||||
| %%cve:2021-34486%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| %%cve:2021-34487%% | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| %%cve:2021-26425%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Graphics Component Font Parsing Remote Code Execution Vulnerability | |||||||
| %%cve:2021-34533%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Graphics Component Remote Code Execution Vulnerability | |||||||
| %%cve:2021-34530%% | No | No | Less Likely | Less Likely | Critical | 7.8 | 6.8 |
| Windows LSA Spoofing Vulnerability | |||||||
| %%cve:2021-36942%% | Yes | No | More Likely | More Likely | Important | 7.5 | 7.0 |
| Windows MSHTML Platform Remote Code Execution Vulnerability | |||||||
| %%cve:2021-34534%% | No | No | Less Likely | Less Likely | Critical | 6.8 | 5.9 |
| Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability | |||||||
| %%cve:2021-36937%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||||
| %%cve:2021-34483%% | No | No | Less Likely | Less Likely | Important | 7.8 | 7.2 |
| Windows Print Spooler Remote Code Execution Vulnerability | |||||||
| %%cve:2021-36936%% | Yes | No | More Likely | More Likely | Critical | 8.8 | 8.2 |
| %%cve:2021-36947%% | No | No | More Likely | More Likely | Important | 8.8 | 8.2 |
| Windows Recovery Environment Agent Elevation of Privilege Vulnerability | |||||||
| %%cve:2021-26431%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | |||||||
| %%cve:2021-26433%% | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| %%cve:2021-36926%% | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| %%cve:2021-36932%% | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| %%cve:2021-36933%% | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability | |||||||
| %%cve:2021-26432%% | No | No | More Likely | More Likely | Critical | 9.8 | 8.5 |
| Windows TCP/IP Remote Code Execution Vulnerability | |||||||
| %%cve:2021-26424%% | No | No | More Likely | More Likely | Critical | 9.9 | 8.6 |
| Windows Update Medic Service Elevation of Privilege Vulnerability | |||||||
| %%cve:2021-36948%% | No | Yes | Detected | Detected | Important | 7.8 | 7.2 |
| Windows User Account Profile Picture Elevation of Privilege Vulnerability | |||||||
| %%cve:2021-26426%% | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| Windows User Profile Service Elevation of Privilege Vulnerability | |||||||
| %%cve:2021-34484%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
—
Renato Marinho
Morphus Labs| LinkedIn|Twitter
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
