Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More
Get access to immediate incident response assistance.
Get access to immediate incident response assistance.
Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More
Here we are in August and it's Patch Tuesday once more. It's another light month with only 9 CVEs patched for vulnerabilities rated as "Critical" and 35 CVEs rated as "Important". On the Critical list, you'll Remote Code Execution vulnerabilities in Windows Graphics Engine, MSHTML Platform, NFS/OpenRPC/XDR Driver, the MS TCP/IP stack, and Windows Print Spooler. Additionally, Azure Sphere has Denial of Service and Information Disclosure vulnerabilities patched.
On the list of vulnerabilities rated as "Important," there are some additional vulnerabilities patched in the NFS/OpenRPC/XDR Driver as well as the Windows Print Spooler. You'll also see vulnerabilities patched in Microsoft Dynamics, Azure, .NET Core, and Visual Studio. Luckily only one of these vulnerabilities has been publicly disclosed prior to today's release. That is a Windows LSA Spoofing Vulnerability (CVE-2021-36942), aka "PetitPotam". So now's the time to get patching.
Critical
Azure Sphere Denial of Service Vulnerability
CVE-2021-26430
Denial of Service
Azure Sphere Information Disclosure Vulnerability
CVE-2021-26428
Information Disclosure
Remote Desktop Client Remote Code Execution Vulnerability
CVE-2021-34535
Remote Code Execution
Scripting Engine Memory Corruption Vulnerability
CVE-2021-34480
Remote Code Execution
Windows Graphics Component Remote Code Execution Vulnerability
CVE-2021-34530
Remote Code Execution
Windows MSHTML Platform Remote Code Execution Vulnerability
CVE-2021-34534
Remote Code Execution
Windows Print Spooler Remote Code Execution Vulnerability
CVE-2021-36936
Remote Code Execution
Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability
CVE-2021-26432
Remote Code Execution
Windows TCP/IP Remote Code Execution Vulnerability
CVE-2021-26424
Remote Code Execution
Important
.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2021-26423
Denial of Service
.NET Core and Visual Studio Information Disclosure Vulnerability
CVE-2021-34485
Information Disclosure
ASP.NET Core and Visual Studio Information Disclosure Vulnerability
CVE-2021-34532
Information Disclosure
Azure CycleCloud Elevation of Privilege Vulnerability
CVE-2021-33762, CVE-2021-36943
Elevation of Privilege
Azure Sphere Elevation of Privilege Vulnerability
CVE-2021-26429
Elevation of Privilege
Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability
CVE-2021-36949
Elevation of Privilege
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
CVE-2021-34524
Remote Code Execution
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
CVE-2021-36946
Spoofing
Microsoft Office Remote Code Execution Vulnerability
CVE-2021-34478
Remote Code Execution
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2021-36940
Spoofing
Microsoft Windows Defender Elevation of Privilege Vulnerability
CVE-2021-34471
Elevation of Privilege
Microsoft Word Remote Code Execution Vulnerability
CVE-2021-36941
Remote Code Execution
Storage Spaces Controller Elevation of Privilege Vulnerability
CVE-2021-34536
Elevation of Privilege
Windows 10 Update Assistant Elevation of Privilege Vulnerability
CVE-2021-36945
Elevation of Privilege
Windows Bluetooth Service Elevation of Privilege Vulnerability
CVE-2021-34537
Elevation of Privilege
Windows Cryptographic Primitives Library Information Disclosure Vulnerability
CVE-2021-36938
Information Disclosure
Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability
CVE-2021-36927
Elevation of Privilege
Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-26425, CVE-2021-34486, CVE-2021-34487
Elevation of Privilege
Windows Graphics Component Font Parsing Remote Code Execution Vulnerability
CVE-2021-34533
Remote Code Execution
Windows LSA Spoofing Vulnerability
CVE-2021-36942
Spoofing
Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability
CVE-2021-36937
Remote Code Execution
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2021-34483
Elevation of Privilege
Windows Print Spooler Remote Code Execution Vulnerability
CVE-2021-36947
Remote Code Execution
Windows Recovery Environment Agent Elevation of Privilege Vulnerability
CVE-2021-26431
Elevation of Privilege
Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
CVE-2021-26433, CVE-2021-36926, CVE-2021-36932, CVE-2021-36933
Information Disclosure
Windows Update Medic Service Elevation of Privilege Vulnerability
CVE-2021-36948
Elevation of Privilege
Windows User Account Profile Picture Elevation of Privilege Vulnerability
CVE-2021-26426
Elevation of Privilege
Windows User Profile Service Elevation of Privilege Vulnerability
CVE-2021-34484
Elevation of Privilege
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2021-36950
Cross-site Scripting
Karl Sigler is Security Research Manager, SpiderLabs Threat Intelligence at Trustwave. Karl is a 20- year infosec veteran responsible for research and analysis of current vulnerabilities, malware and threat trends at Trustwave. Follow Karl on LinkedIn.
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.
Copyright © 2024 Trustwave Holdings, Inc. All rights reserved.