SpiderLabs Blog

Patch Tuesday, August 2021 | Trustwave

Written by Karl Sigler | Aug 10, 2021 5:00:00 AM

Here we are in August and it's Patch Tuesday once more. It's another light month with only 9 CVEs patched for vulnerabilities rated as "Critical" and 35 CVEs rated as "Important". On the Critical list, you'll Remote Code Execution vulnerabilities in Windows Graphics Engine, MSHTML Platform, NFS/OpenRPC/XDR Driver, the MS TCP/IP stack, and Windows Print Spooler. Additionally, Azure Sphere has Denial of Service and Information Disclosure vulnerabilities patched.

On the list of vulnerabilities rated as "Important," there are some additional vulnerabilities patched in the NFS/OpenRPC/XDR Driver as well as the Windows Print Spooler. You'll also see vulnerabilities patched in Microsoft Dynamics, Azure, .NET Core, and Visual Studio. Luckily only one of these vulnerabilities has been publicly disclosed prior to today's release. That is a Windows LSA Spoofing Vulnerability (CVE-2021-36942), aka "PetitPotam". So now's the time to get patching. 


Critical

Azure Sphere Denial of Service Vulnerability
CVE-2021-26430
Denial of Service

Azure Sphere Information Disclosure Vulnerability
CVE-2021-26428
Information Disclosure

Remote Desktop Client Remote Code Execution Vulnerability
CVE-2021-34535
Remote Code Execution

Scripting Engine Memory Corruption Vulnerability
CVE-2021-34480
Remote Code Execution

Windows Graphics Component Remote Code Execution Vulnerability
CVE-2021-34530
Remote Code Execution

Windows MSHTML Platform Remote Code Execution Vulnerability
CVE-2021-34534
Remote Code Execution

Windows Print Spooler Remote Code Execution Vulnerability
CVE-2021-36936
Remote Code Execution

Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability
CVE-2021-26432
Remote Code Execution

Windows TCP/IP Remote Code Execution Vulnerability
CVE-2021-26424
Remote Code Execution


Important

.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2021-26423
Denial of Service

.NET Core and Visual Studio Information Disclosure Vulnerability
CVE-2021-34485
Information Disclosure

ASP.NET Core and Visual Studio Information Disclosure Vulnerability
CVE-2021-34532
Information Disclosure

Azure CycleCloud Elevation of Privilege Vulnerability
CVE-2021-33762, CVE-2021-36943
Elevation of Privilege

Azure Sphere Elevation of Privilege Vulnerability
CVE-2021-26429
Elevation of Privilege

Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability
CVE-2021-36949
Elevation of Privilege

Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
CVE-2021-34524
Remote Code Execution

Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
CVE-2021-36946
Spoofing

Microsoft Office Remote Code Execution Vulnerability
CVE-2021-34478
Remote Code Execution

Microsoft SharePoint Server Spoofing Vulnerability
CVE-2021-36940
Spoofing

Microsoft Windows Defender Elevation of Privilege Vulnerability
CVE-2021-34471
Elevation of Privilege

Microsoft Word Remote Code Execution Vulnerability
CVE-2021-36941
Remote Code Execution

Storage Spaces Controller Elevation of Privilege Vulnerability
CVE-2021-34536
Elevation of Privilege

Windows 10 Update Assistant Elevation of Privilege Vulnerability
CVE-2021-36945
Elevation of Privilege

Windows Bluetooth Service Elevation of Privilege Vulnerability
CVE-2021-34537
Elevation of Privilege

Windows Cryptographic Primitives Library Information Disclosure Vulnerability
CVE-2021-36938
Information Disclosure

Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability
CVE-2021-36927
Elevation of Privilege

Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-26425, CVE-2021-34486, CVE-2021-34487
Elevation of Privilege

Windows Graphics Component Font Parsing Remote Code Execution Vulnerability
CVE-2021-34533
Remote Code Execution

Windows LSA Spoofing Vulnerability
CVE-2021-36942
Spoofing

Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability
CVE-2021-36937
Remote Code Execution

Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2021-34483
Elevation of Privilege

Windows Print Spooler Remote Code Execution Vulnerability
CVE-2021-36947
Remote Code Execution

Windows Recovery Environment Agent Elevation of Privilege Vulnerability
CVE-2021-26431
Elevation of Privilege

Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
CVE-2021-26433, CVE-2021-36926, CVE-2021-36932, CVE-2021-36933
Information Disclosure

Windows Update Medic Service Elevation of Privilege Vulnerability
CVE-2021-36948
Elevation of Privilege

Windows User Account Profile Picture Elevation of Privilege Vulnerability
CVE-2021-26426
Elevation of Privilege

Windows User Profile Service Elevation of Privilege Vulnerability
CVE-2021-34484
Elevation of Privilege

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2021-36950
Cross-site Scripting