Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Microsoft August 2021 Patch Tuesday SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft August 2021 Patch Tuesday

This month we got patches for 51 vulnerabilities. Of these, 7 are critical, 2 were previously disclosed and 1 is being exploited according to Microsoft.

The exploited vulnerability is an elevation of privilege Windows Update Medic Service (CVE-2021-36948). This vulnerability requires no user interaction low privileges and has a low attack complexity. The CVSS v3 for this vulnerability is 7.80.

Among the two previously disclosed vulnerability, there is a remote code execution (RCE) affecting Windows Print Spooler (CVE-2021-36936). This vulnerability may be exploited from network, requires low privileges and no user interaction. Microsoft has released patches to fix this vulnerability on virtually all supported Windows versions and also for the unsupported Windows 7. The CVSS v3 for this vulnerability is 8.80.

The second previously disclosed vulnerability is a spoofing vulnerability affecting Windows LSA (CVE-2021-36942). This vulnerability man be exploited remotely (network), requires no privilege nor user interaction. According the the vulnerability advisory, an unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM. The security update released thsi month by Microsoft blocks the affected API calls (OpenEncryptedFileRawA) and (OpenEncryptedFileRawW) through LSARPC interface. 

Yet about LSA Spoofing vulnerability, despite affecting all Windows Servers, according to Microsoft, Domain Controllers should be prioritazed on updating process. Additionally, there are further actions (KB5005413) users need to take to protect their systems after applying the security update. The CVSS v3 for this vulnerability is 7.5, but, when chained with NTLM Relay attacks on Active Directory Certificate Services (AD CS) is 9.80. 

Finally, the highest CVSS this month (9.90) went to the Windows TCP/IP Remote Code Execution Vulnerability (CVE-2021-26424). According to the vulnerability advisory, this vulnerability may be remotely triggerable by a malicious Hyper-V guest sending an ipv6 ping to the Hyper-V host. An attacker could send a specially crafted TCPIP packet to its host utilizing the TCPIP Protocol Stack (tcpip.sys) to process packets.


See my dashboard for a more detailed breakout: https://patchtuesdaydashboard.com

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2021-26423 No No Less Likely Less Likely Important 7.5 6.5
.NET Core and Visual Studio Information Disclosure Vulnerability
CVE-2021-34485 No No Less Likely Less Likely Important 5.0 4.4
ASP.NET Core and Visual Studio Information Disclosure Vulnerability
CVE-2021-34532 No No Less Likely Less Likely Important 5.5 4.8
Azure CycleCloud Elevation of Privilege Vulnerability
CVE-2021-33762 No No Less Likely Less Likely Important 7.0 6.1
CVE-2021-36943 No No Less Likely Less Likely Important 4.0 3.5
Azure Sphere Denial of Service Vulnerability
CVE-2021-26430 No No Less Likely Less Likely Important 6.0 5.4
Azure Sphere Elevation of Privilege Vulnerability
CVE-2021-26429 No No Less Likely Less Likely Important 7.7 6.9
Azure Sphere Information Disclosure Vulnerability
CVE-2021-26428 No No Less Likely Less Likely Important 4.4 4.0
Chromium: CVE-2021-30590 Heap buffer overflow in Bookmarks
CVE-2021-30590 No No - - -    
Chromium: CVE-2021-30591 Use after free in File System API
CVE-2021-30591 No No - - -    
Chromium: CVE-2021-30592 Out of bounds write in Tab Groups
CVE-2021-30592 No No - - -    
Chromium: CVE-2021-30593 Out of bounds read in Tab Strip
CVE-2021-30593 No No - - -    
Chromium: CVE-2021-30594 Use after free in Page Info UI
CVE-2021-30594 No No - - -    
Chromium: CVE-2021-30596 Incorrect security UI in Navigation
CVE-2021-30596 No No - - -    
Chromium: CVE-2021-30597 Use after free in Browser UI
CVE-2021-30597 No No - - -    
Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability
CVE-2021-36949 No No Less Likely Less Likely Important 7.1 6.4
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2021-36950 No No Less Likely Less Likely Important 5.4 4.9
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
CVE-2021-34524 No No Less Likely Less Likely Important 8.1 7.1
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
CVE-2021-36946 No No Less Likely Less Likely Important 5.4 4.9
Microsoft Office Remote Code Execution Vulnerability
CVE-2021-34478 No No Less Likely Less Likely Important 7.8 6.8
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2021-36940 No No Less Likely Less Likely Important 7.6 6.6
Microsoft Windows Defender Elevation of Privilege Vulnerability
CVE-2021-34471 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Word Remote Code Execution Vulnerability
CVE-2021-36941 No No Less Likely Less Likely Important 7.8 6.8
Remote Desktop Client Remote Code Execution Vulnerability
CVE-2021-34535 No No More Likely More Likely Critical 8.8 7.9
Scripting Engine Memory Corruption Vulnerability
CVE-2021-34480 No No More Likely More Likely Critical 6.8 5.9
Storage Spaces Controller Elevation of Privilege Vulnerability
CVE-2021-34536 No No Less Likely Less Likely Important 7.8 6.8
Windows 10 Update Assistant Elevation of Privilege Vulnerability
CVE-2021-36945 No No Less Likely Less Likely Important 7.3 6.4
Windows Bluetooth Driver Elevation of Privilege Vulnerability
CVE-2021-34537 No No Less Likely Less Likely Important 7.8 6.8
Windows Cryptographic Primitives Library Information Disclosure Vulnerability
CVE-2021-36938 No No Unlikely Unlikely Important 5.5 4.8
Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability
CVE-2021-36927 No No Less Likely Less Likely Important 7.8 6.8
Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-34486 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-34487 No No Less Likely Less Likely Important 7.0 6.1
CVE-2021-26425 No No Less Likely Less Likely Important 7.8 6.8
Windows Graphics Component Font Parsing Remote Code Execution Vulnerability
CVE-2021-34533 No No Less Likely Less Likely Important 7.8 6.8
Windows Graphics Component Remote Code Execution Vulnerability
CVE-2021-34530 No No Less Likely Less Likely Critical 7.8 6.8
Windows LSA Spoofing Vulnerability
CVE-2021-36942 Yes No More Likely More Likely Important 7.5 7.0
Windows MSHTML Platform Remote Code Execution Vulnerability
CVE-2021-34534 No No Less Likely Less Likely Critical 6.8 5.9
Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability
CVE-2021-36937 No No Less Likely Less Likely Important 7.8 6.8
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2021-34483 No No Less Likely Less Likely Important 7.8 7.2
Windows Print Spooler Remote Code Execution Vulnerability
CVE-2021-36936 Yes No More Likely More Likely Critical 8.8 8.2
CVE-2021-36947 No No More Likely More Likely Important 8.8 8.2
Windows Recovery Environment Agent Elevation of Privilege Vulnerability
CVE-2021-26431 No No Less Likely Less Likely Important 7.8 6.8
Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
CVE-2021-26433 No No Less Likely Less Likely Important 7.5 6.5
CVE-2021-36926 No No Less Likely Less Likely Important 7.5 6.5
CVE-2021-36932 No No Less Likely Less Likely Important 7.5 6.5
CVE-2021-36933 No No Less Likely Less Likely Important 7.5 6.5
Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability
CVE-2021-26432 No No More Likely More Likely Critical 9.8 8.5
Windows TCP/IP Remote Code Execution Vulnerability
CVE-2021-26424 No No More Likely More Likely Critical 9.9 8.6
Windows Update Medic Service Elevation of Privilege Vulnerability
CVE-2021-36948 No Yes Detected Detected Important 7.8 7.2
Windows User Account Profile Picture Elevation of Privilege Vulnerability
CVE-2021-26426 No No Less Likely Less Likely Important 7.0 6.1
Windows User Profile Service Elevation of Privilege Vulnerability
CVE-2021-34484 No No Less Likely Less Likely Important 7.8 6.8

--
Renato Marinho
Morphus Labs| LinkedIn|Twitter

Renato

71 Posts
ISC Handler
Aug 10th 2021

Sign Up for Free or Log In to start participating in the conversation!