September 10, 2021, Patch Tuesday Release: “Oh wow! So far this update has been totally awesome! Every single annoying flaw in the OS was fixed, and every single annoying flaw in the hardware has been fixed! I can’t even tell you how much I love it!”
With the security and stability of Microsoft’s software on the iPhone and iPad, the risks of exploding batteries while charging or flying in the air has become a major concern for many. What if there’s another flaw fixed in the upcoming Patch Tuesday? Most people would probably focus on the flaws that have been fixed, while failing to consider the other flaws that could be fixed.
Over the course of the last month, Microsoft has rolled out its annual Patch Tuesday update, which happened on August 12th. It should come as no surprise that new flaws are discovered every single month. Yet, Microsoft is still able to issue patches for all those security problems, which is a commendable feat.
Turiceanu, Vlad
Editor-in-Chief
He spent much of his time acquiring new talents and learning more about the computer industry, since he was passionate about technology, Windows, and anything that had a power button. Coming from a strong foundation in computer science,… Read more
- Microsoft published 44 security updates as part of the August 2021 Patch Tuesday event.
- Thirteen of the fixes addressed a remote code execution vulnerability, while the other eight addressed data leakage.
- The most significant fix addresses the Remote Code Execution vulnerability in Windows Print Spooler.
- Aside from Print Nightmare, Microsoft also addressed the problems caused by the Petit Potam assaults.
As you are probably aware, the Patch Tuesday release occurs every second Tuesday of the month, and it includes significant updates from the Redmond firm.
Microsoft released 44 security updates for Patch Tuesday in August, with seven of the flaws being classified critical. Three zero-days were also included in the batch, with the remaining 37 being deemed critical.
It’s also worth noting that thirteen of the fixes addressed a remote code execution vulnerability, while the remaining eight focused on information leakage.
Table of Contents
The August 2021 Patch Tuesday will address three zero-day issues.
The most significant patch in this batch tackles the Windows Print Spooler Remote Code Execution vulnerability, which has been a hot subject since its discovery in June.
The IT firm received a lot of flak from the security community for botching the delivery of fixes to fix the problem.
The affected tools are .NET Core & Visual Studio, ASP.NET Core & Visual Studio, Azure, Updates for Windows, Components of the Windows Print Spooler, Windows Media Player is a program that allows you to, Windows Defender is a program that protects your computer, Client for Remote Desktop, Microsoft Dynamics is a software program that allows you to is a software program that allows you to is a software program that allows you to, Microsoft Edge is a browser developed by Microsoft (Chromium-based), Microsoft Office is a program that allows you to create, Microsoft Word is a word processing program., SharePoint is a Microsoft Office product. and more.
Since we stated that Microsoft patched three zero-day vulnerabilities as part of this update event, here’s a rundown of what they had to deal with:
According to Microsoft’s study, the Windows Update Medic Service Elevation of Privilege vulnerability is the only one that has been exploited in the wild.
CVE-2021-36948 struck out to one of the security experts, Allan Liska, since it was similar to CVE-2020-17070, which was released in November 2020.
Obviously, it’s terrible that it’s being abused in the wild, but we found a vulnerability that was almost identical in November of 2020, but I can’t locate any indication that it was exploited. As a result, I’m curious whether this is a new target for threat actors.
CVE-2021-26424 is a serious vulnerability, according to Liska, since it’s a TCP/IP on Windows Remote Code Execution flaw that affects Windows 7 through 10 and Windows Server 2008 through 2019.
While this vulnerability has not been publicly reported or exploited in the open, Microsoft has labeled it as “Exploitation More Likely,” implying that it is very simple to attack. TCP/IP stack vulnerabilities may be difficult. A similar vulnerability, CVE-2021-24074, caused a lot of worry earlier this year, but it has yet to be exploited in the wild. Last year’s CVE-2020-16898, a similar vulnerability, was, on the other hand, exploited in the wild.
The attacks PrintNightmare and PetitPotam have been fixed by Microsoft.
The LSA spoofing flaw is linked to a Microsoft warning issued late last month on how to defend Windows domain controllers and other Windows servers against the PetitPotam NTLM Relay Attack.
The PetitPotam technique, discovered in July by French researcher Gilles Lionel, counters the NTLM Relay attack, which uses the MS-EFSRPC EfsRpcOpenFileRaw function to force Windows hosts to authenticate to other computers.
Adobe also issued two fixes for Adobe Connect and Magento, which addressed 29 CVEs. Since December 2019, Microsoft has issued the fewest amount of fixes.
This drop is mostly due to resource limitations, since Microsoft spent a significant amount of time in July reacting to events such as PrintNightmare and PetitPotam.
Updates to security patches will be released on Tuesday, August 20, 2021.
This is the full list of vulnerabilities that have been fixed and advisories that have been published in the August 2021 Patch Tuesday releases.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET Core & Visual Studio | CVE-2021-34485 | Information Disclosure Vulnerability in.NET Core and Visual Studio | Important |
| .NET Core & Visual Studio | CVE-2021-26423 | Vulnerability in.NET Core and Visual Studio for Denial of Service | Important |
| ASP.NET Core & Visual Studio | CVE-2021-34532 | Information Disclosure Vulnerability in ASP.NET Core and Visual Studio | Important |
| Azure | CVE-2021-36943 | Elevation of Privilege Vulnerability in Azure CycleCloud | Important |
| Azure | CVE-2021-33762 | Elevation of Privilege Vulnerability in Azure CycleCloud | Important |
| Sphere in Azure | CVE-2021-26428 | Vulnerability in Sphere in Azure Information Disclosure | Important |
| Sphere in Azure | CVE-2021-26430 | Vulnerability in Azure Sphere that causes a denial of service | Important |
| Azure Sphere | CVE-2021-26429 | Vulnerability in Azure Sphere Privilege Elevation | Important |
| Connect to Microsoft Azure Active Directory | CVE-2021-36949 | Vulnerability in Microsoft Azure Active Directory Connect Authentication | Important |
| Microsoft Dynamics | CVE-2021-36946 | Vulnerability in Microsoft Dynamics Business Central’s Cross-Site Scripting | Important |
| Microsoft Dynamics | CVE-2021-36950 | Microsoft Dynamics 365 is a cloud-based version of Microsoft Dynamics (on-premises) Vulnerability to Cross-Site Scripting | Important |
| Microsoft Dynamics | CVE-2021-34524 | Microsoft Dynamics 365 is a cloud-based version of Microsoft Dynamics (on-premises) Vulnerability to Remote Code Execution | Important |
| Microsoft Edge is a browser developed by Microsoft (Chromium-based) | CVE-2021-30591 | CVE-2021-30591 for chromium In the File System API, use after free. | Unknown |
| Microsoft Edge is a browser developed by Microsoft (Chromium-based) | CVE-2021-30592 | CVE-2021-30592 for chromium Write in Tab Groups while you’re out of limits. | Unknown |
| Microsoft Edge is a browser developed by Microsoft (Chromium-based) | CVE-2021-30597 | CVE-2021-30597 for chromium After that, you may use it for free in the browser UI. | Unknown |
| Microsoft Edge is a browser developed by Microsoft (Chromium-based) | CVE-2021-30594 | CVE-2021-30594 for chromium After that, under the Page Info UI, you may use it for free. | Unknown |
| Microsoft Edge is a browser developed by Microsoft (Chromium-based) | CVE-2021-30596 | CVE-2021-30596 chromium In Navigation, the security UI is incorrect. | Unknown |
| Microsoft Edge is a browser developed by Microsoft (Chromium-based) | CVE-2021-30590 | CVE-2021-30590 CVE-2021-30590 CVE-2021-30590 CVE-2021-30590 C Bookmarks heap buffer overflow | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2021-30593 | CVE-2021-30593 for chromium In Tab Strip, read out of limits. | Unknown |
| Graphics Component from Microsoft | CVE-2021-34530 | Remote Code Execution Vulnerability in the Windows Graphics Component | Critical |
| Graphics Component from Microsoft | CVE-2021-34533 | Remote Code Execution Vulnerability in the Windows Graphics Component Font Parsing | Important |
| Microsoft Office | CVE-2021-34478 | Remote Code Execution Vulnerability in Microsoft Office | Important |
| Microsoft Office SharePoint | CVE-2021-36940 | Spoofing Vulnerability in Microsoft SharePoint Server | Important |
| Microsoft Office Word | CVE-2021-36941 | Remote Code Execution Vulnerability in Microsoft Word | Important |
| Scripting Engine by Microsoft | CVE-2021-34480 | Memory Corruption Vulnerability in the Scripting Engine | Critical |
| Microsoft Windows Codecs Library is a collection of codecs for Windows. | CVE-2021-36937 | Remote Code Execution Vulnerability in Windows Media MPEG-4 Video Decoder | Important |
| Remote Desktop Client | CVE-2021-34535 | Remote Code Execution Vulnerability in the Remote Desktop Client | Critical |
| Bluetooth Service in Windows | CVE-2021-34537 | Vulnerability in the Windows Bluetooth Driver’s Privilege Escalation | Important |
| Cryptographic Services for Windows | CVE-2021-36938 | Information Disclosure Vulnerability in the Windows Cryptographic Primitives Library | Important |
| Windows Defender | CVE-2021-34471 | Microsoft Windows Defender is a security program developed by Microsoft. Privilege Vulnerability Increases | Important |
| Event tracing on Windows | CVE-2021-34486 | Elevation of Privilege Vulnerability in Event tracing on Windows | Important |
| Event tracing on Windows | CVE-2021-34487 | Elevation of Privilege Vulnerability in Windows Event Tracing | Important |
| Windows Event Tracing | CVE-2021-26425 | Elevation of Privilege Vulnerability in Windows Event Tracing | Important |
| Windows Media | CVE-2021-36927 | Elevation of Privilege Vulnerability in the Windows Digital TV Tuner Device Registration Application | Important |
| MSHTML Platform for Windows | CVE-2021-34534 | Remote Code Execution Vulnerability in the Windows MSHTML Platform | Critical |
| NTLM is a security protocol used by Windows. | CVE-2021-36942 | Vulnerability in Windows LSA Spoofing | Important |
| Components of the Windows Print Spooler | CVE-2021-34483 | Elevation of Privilege Vulnerability in Windows Print Spooler | Important |
| Components of the Windows Print Spooler | CVE-2021-36947 | Remote Code Execution Vulnerability in Windows Print Spooler | Important |
| Windows Print Spooler Components | CVE-2021-36936 | Remote Code Execution Vulnerability in Windows Print Spooler | Critical |
| NFS ONCRPC XDR Driver Windows Services | CVE-2021-36933 | Information Disclosure for NFS ONCRPC XDR Driver Windows Servicess Vulnerability | Important |
| NFS ONCRPC XDR Driver Windows Services | CVE-2021-26433 | Information Disclosure for NFS ONCRPC XDR Driver Windows Servicess Vulnerability | Important |
| NFS ONCRPC XDR Driver Windows Services | CVE-2021-36932 | Information Disclosure for Windows Services for NFS ONCRPC XDR Drivers Vulnerability | Important |
| Windows Services for NFS ONCRPC XDR Driver | CVE-2021-26432 | Remote Code Execution Vulnerability in Windows Services for NFS ONCRPC XDR Driver | Critical |
| Windows Services for NFS ONCRPC XDR Driver | CVE-2021-36926 | Information Disclosure for Windows Services for NFS ONCRPC XDR Drivers Vulnerability | Important |
| Storage Spaces Manager in Windows | CVE-2021-34536 | Elevation of Privilege Vulnerability in Storage Spaces Controller | Important |
| Windows TCP/IP | CVE-2021-26424 | Remote Code Execution Vulnerability in Windows TCP/IP | Critical |
| Windows Update | CVE-2021-36948 | Elevation of Privilege Vulnerability in the Windows Update Medic Service | Important |
| Windows Update Assistant is a program that helps you keep your computer is a program that helps you keep your computer | CVE-2021-36945 | Elevation of Privilege Vulnerability in Windows 10 Update Assistant | Important |
| Windows Update Assistant | CVE-2021-26431 | Vulnerability in the Windows Recovery Environment Agent’s Privilege Escalation | Important |
| User Profile Service in Windows | CVE-2021-34484 | User Profile Service in Windows Privilege Vulnerability Increases | Important |
| User Profile Service in Windows | CVE-2021-26426 | Picture of a Windows User Account Profile Privilege Vulnerability Increases | Important |
Other businesses’ recent security upgrades
The following are some of the other businesses that have issued updates:
What are your thoughts on Microsoft’s most recent plan of action? Let us know what you think in the comments area below.
Was this page of assistance to you?
Thank you very much!
There are insufficient details It’s difficult to comprehend Other Speak with a Professional
Start a discussion.
The August 2019 Patch Tuesday release is the first of 7 planned monthly releases by Microsoft. It contains a total of 9 security updates and 8 non-security fixes for Windows, Office, Windows Server, and Internet Explorer. In addition, this release includes an update for SQL Server, Microsoft’s database software.. Read more about microsoft patch tuesday calendar 2021 and let us know what you think.
Related Tags
This article broadly covered the following related topics:
- patch tuesday dates 2021
- patch tuesday schedule 2021
- microsoft patch tuesday schedule 2021
- patch tuesday may 2021
- microsoft patch tuesday april 2021 issues
