Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Here we are in August and it's Patch Tuesday once more. It's another light month with only 9 CVEs patched for vulnerabilities rated as "Critical" and 35 CVEs rated as "Important". On the Critical list, you'll Remote Code Execution vulnerabilities in Windows Graphics Engine, MSHTML Platform, NFS/OpenRPC/XDR Driver, the MS TCP/IP stack, and Windows Print Spooler. Additionally, Azure Sphere has Denial of Service and Information Disclosure vulnerabilities patched.

On the list of vulnerabilities rated as "Important," there are some additional vulnerabilities patched in the NFS/OpenRPC/XDR Driver as well as the Windows Print Spooler. You'll also see vulnerabilities patched in Microsoft Dynamics, Azure, .NET Core, and Visual Studio. Luckily only one of these vulnerabilities has been publicly disclosed prior to today's release. That is a Windows LSA Spoofing Vulnerability (CVE-2021-36942), aka "PetitPotam". So now's the time to get patching. 


Critical

Azure Sphere Denial of Service Vulnerability
CVE-2021-26430
Denial of Service

Azure Sphere Information Disclosure Vulnerability
CVE-2021-26428
Information Disclosure

Remote Desktop Client Remote Code Execution Vulnerability
CVE-2021-34535
Remote Code Execution

Scripting Engine Memory Corruption Vulnerability
CVE-2021-34480
Remote Code Execution

Windows Graphics Component Remote Code Execution Vulnerability
CVE-2021-34530
Remote Code Execution

Windows MSHTML Platform Remote Code Execution Vulnerability
CVE-2021-34534
Remote Code Execution

Windows Print Spooler Remote Code Execution Vulnerability
CVE-2021-36936
Remote Code Execution

Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability
CVE-2021-26432
Remote Code Execution

Windows TCP/IP Remote Code Execution Vulnerability
CVE-2021-26424
Remote Code Execution


Important

.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2021-26423
Denial of Service

.NET Core and Visual Studio Information Disclosure Vulnerability
CVE-2021-34485
Information Disclosure

ASP.NET Core and Visual Studio Information Disclosure Vulnerability
CVE-2021-34532
Information Disclosure

Azure CycleCloud Elevation of Privilege Vulnerability
CVE-2021-33762, CVE-2021-36943
Elevation of Privilege

Azure Sphere Elevation of Privilege Vulnerability
CVE-2021-26429
Elevation of Privilege

Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability
CVE-2021-36949
Elevation of Privilege

Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
CVE-2021-34524
Remote Code Execution

Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
CVE-2021-36946
Spoofing

Microsoft Office Remote Code Execution Vulnerability
CVE-2021-34478
Remote Code Execution

Microsoft SharePoint Server Spoofing Vulnerability
CVE-2021-36940
Spoofing

Microsoft Windows Defender Elevation of Privilege Vulnerability
CVE-2021-34471
Elevation of Privilege

Microsoft Word Remote Code Execution Vulnerability
CVE-2021-36941
Remote Code Execution

Storage Spaces Controller Elevation of Privilege Vulnerability
CVE-2021-34536
Elevation of Privilege

Windows 10 Update Assistant Elevation of Privilege Vulnerability
CVE-2021-36945
Elevation of Privilege

Windows Bluetooth Service Elevation of Privilege Vulnerability
CVE-2021-34537
Elevation of Privilege

Windows Cryptographic Primitives Library Information Disclosure Vulnerability
CVE-2021-36938
Information Disclosure

Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability
CVE-2021-36927
Elevation of Privilege

Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-26425, CVE-2021-34486, CVE-2021-34487
Elevation of Privilege

Windows Graphics Component Font Parsing Remote Code Execution Vulnerability
CVE-2021-34533
Remote Code Execution

Windows LSA Spoofing Vulnerability
CVE-2021-36942
Spoofing

Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability
CVE-2021-36937
Remote Code Execution

Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2021-34483
Elevation of Privilege

Windows Print Spooler Remote Code Execution Vulnerability
CVE-2021-36947
Remote Code Execution

Windows Recovery Environment Agent Elevation of Privilege Vulnerability
CVE-2021-26431
Elevation of Privilege

Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
CVE-2021-26433, CVE-2021-36926, CVE-2021-36932, CVE-2021-36933
Information Disclosure

Windows Update Medic Service Elevation of Privilege Vulnerability
CVE-2021-36948
Elevation of Privilege

Windows User Account Profile Picture Elevation of Privilege Vulnerability
CVE-2021-26426
Elevation of Privilege

Windows User Profile Service Elevation of Privilege Vulnerability
CVE-2021-34484
Elevation of Privilege

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2021-36950
Cross-site Scripting

About the Author

Karl Sigler is Security Research Manager, SpiderLabs Threat Intelligence at Trustwave. Karl is a 20-year infosec veteran responsible for research and analysis of current vulnerabilities, malware and threat trends at Trustwave. Follow Karl on LinkedIn.

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Latest Intelligence

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo