Patch Tuesday is an initiative by Microsoft to provide regular updates for the Windows operating system, which have to be downloaded and installed. Microsoft is expected to release a new Patch Tuesday release every month between August and December.
The release of each new major version of Windows 10 is a time of anticipation for the product’s millions of users. But there’s no doubt that Microsoft has been a little behind on fixing bugs and issues in some areas of the operating system.
Microsoft releases patches to fix 35 security issues with the Windows operating system every month. This means that there are no fewer than 44 issues that Microsoft fixes in each Patch Tuesday release. If you consider that some of those issues are minor, you can quickly see that it is a large number of issues that the company releases each month.
Turiceanu, Vlad
Editor-in-Chief
He spent much of his time acquiring new talents and learning more about the computer industry, since he was passionate about technology, Windows, and anything that had a power button. Coming from a strong foundation in computer science,… Read more
- Microsoft published 44 security updates as part of the August 2023 Patch Tuesday event.
- Thirteen of the fixes addressed a remote code execution vulnerability, while the other eight addressed data leakage.
- The most significant fix addresses the Remote Code Execution vulnerability in Windows Print Spooler.
- Aside from Print Nightmare, Microsoft also addressed the problems caused by the Petit Potam assaults.
As you are probably aware, the Patch Tuesday release occurs every second Tuesday of the month, and it includes significant updates from the Redmond firm.
Microsoft released 44 security updates for Patch Tuesday in August, with seven of the flaws being classified critical. Three zero-days were also included in the batch, with the remaining 37 being deemed critical.
It’s also worth noting that thirteen of the fixes addressed a remote code execution vulnerability, while the remaining eight focused on information leakage.
The August 2023 Patch Tuesday will address three zero-day issues.
The most significant patch in this batch tackles the Windows Print Spooler Remote Code Execution vulnerability, which has been a hot subject since its discovery in June.
The IT firm received a lot of flak from the security community for botching the delivery of fixes to fix the problem.
The affected tools are .NET Core & Visual Studio, ASP.NET Core & Visual Studio, Azure, Updates for Windows, Components of the Windows Print Spooler, Windows Media Player is a program that allows you to, Windows Defender is a program that protects your computer, Client for Remote Desktop, Microsoft Dynamics is a software program that allows you to is a software program that allows you to is a software program that allows you to, Microsoft Edge is a browser developed by Microsoft (Chromium-based), Microsoft Office is a program that allows you to create, Microsoft Word is a word processing program., SharePoint is a Microsoft Office product. and more.
Since we stated that Microsoft patched three zero-day vulnerabilities as part of this update event, here’s a rundown of what they had to deal with:
According to Microsoft’s study, the Windows Update Medic Service Elevation of Privilege vulnerability is the only one that has been exploited in the wild.
CVE-2021-36948 struck out to one of the security experts, Allan Liska, since it was similar to CVE-2020-17070, which was released in November 2023.
Obviously, it’s terrible that it’s being abused in the wild, but we found a vulnerability that was almost identical in November of 2023, but I can’t locate any indication that it was exploited. As a result, I’m curious whether this is a new target for threat actors.
CVE-2021-26424 is a serious vulnerability, according to Liska, since it’s a TCP/IP on Windows Remote Code Execution flaw that affects Windows 7 through 10 and Windows Server 2008 through 2019.
While this vulnerability has not been publicly reported or exploited in the open, Microsoft has labeled it as “Exploitation More Likely,” implying that it is very simple to attack. TCP/IP stack vulnerabilities may be difficult. A similar vulnerability, CVE-2021-24074, caused a lot of worry earlier this year, but it has yet to be exploited in the wild. Last year’s CVE-2020-16898, a similar vulnerability, was, on the other hand, exploited in the wild.
The attacks PrintNightmare and PetitPotam have been fixed by Microsoft.
The LSA spoofing flaw is linked to a Microsoft warning issued late last month on how to defend Windows domain controllers and other Windows servers against the PetitPotam NTLM Relay Attack.
The PetitPotam technique, discovered in July by French researcher Gilles Lionel, counters the NTLM Relay attack, which uses the MS-EFSRPC EfsRpcOpenFileRaw function to force Windows hosts to authenticate to other computers.
Adobe also issued two fixes for Adobe Connect and Magento, which addressed 29 CVEs. Since December 2019, Microsoft has issued the fewest amount of fixes.
This drop is mostly due to resource limitations, since Microsoft spent a significant amount of time in July reacting to events such as PrintNightmare and PetitPotam.
Updates to security patches will be released on Tuesday, August 20, 2023.
This is the full list of vulnerabilities that have been fixed and advisories that have been published in the August 2023 Patch Tuesday releases.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET Core & Visual Studio | CVE-2021-34485 | Information Disclosure Vulnerability in.NET Core and Visual Studio | Important |
| .NET Core & Visual Studio | CVE-2021-26423 | Vulnerability in.NET Core and Visual Studio for Denial of Service | Important |
| ASP.NET Core & Visual Studio | CVE-2021-34532 | Information Disclosure Vulnerability in ASP.NET Core and Visual Studio | Important |
| Azure | CVE-2021-36943 | Elevation of Privilege Vulnerability in Azure CycleCloud | Important |
| Azure | CVE-2021-33762 | Elevation of Privilege Vulnerability in Azure CycleCloud | Important |
| Sphere in Azure | CVE-2021-26428 | Vulnerability in Sphere in Azure Information Disclosure | Important |
| Sphere in Azure | CVE-2021-26430 | Vulnerability in Azure Sphere that causes a denial of service | Important |
| Azure Sphere | CVE-2021-26429 | Vulnerability in Azure Sphere Privilege Elevation | Important |
| Connect to Microsoft Azure Active Directory | CVE-2021-36949 | Vulnerability in Microsoft Azure Active Directory Connect Authentication | Important |
| Microsoft Dynamics | CVE-2021-36946 | Vulnerability in Microsoft Dynamics Business Central’s Cross-Site Scripting | Important |
| Microsoft Dynamics | CVE-2021-36950 | Microsoft Dynamics 365 is a cloud-based version of Microsoft Dynamics (on-premises) Vulnerability to Cross-Site Scripting | Important |
| Microsoft Dynamics | CVE-2021-34524 | Microsoft Dynamics 365 is a cloud-based version of Microsoft Dynamics (on-premises) Vulnerability to Remote Code Execution | Important |
| Microsoft Edge is a browser developed by Microsoft (Chromium-based) | CVE-2021-30591 | CVE-2021-30591 for chromium In the File System API, use after free. | Unknown |
| Microsoft Edge is a browser developed by Microsoft (Chromium-based) | CVE-2021-30592 | CVE-2021-30592 for chromium Write in Tab Groups while you’re out of limits. | Unknown |
| Microsoft Edge is a browser developed by Microsoft (Chromium-based) | CVE-2021-30597 | CVE-2021-30597 for chromium After that, you may use it for free in the browser UI. | Unknown |
| Microsoft Edge is a browser developed by Microsoft (Chromium-based) | CVE-2021-30594 | CVE-2021-30594 for chromium After that, under the Page Info UI, you may use it for free. | Unknown |
| Microsoft Edge is a browser developed by Microsoft (Chromium-based) | CVE-2021-30596 | CVE-2021-30596 chromium In Navigation, the security UI is incorrect. | Unknown |
| Microsoft Edge is a browser developed by Microsoft (Chromium-based) | CVE-2021-30590 | CVE-2021-30590 CVE-2021-30590 CVE-2021-30590 CVE-2021-30590 C Bookmarks heap buffer overflow | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2021-30593 | CVE-2021-30593 for chromium In Tab Strip, read out of limits. | Unknown |
| Graphics Component from Microsoft | CVE-2021-34530 | Remote Code Execution Vulnerability in the Windows Graphics Component | Critical |
| Graphics Component from Microsoft | CVE-2021-34533 | Remote Code Execution Vulnerability in the Windows Graphics Component Font Parsing | Important |
| Microsoft Office | CVE-2021-34478 | Remote Code Execution Vulnerability in Microsoft Office | Important |
| Microsoft Office SharePoint | CVE-2021-36940 | Spoofing Vulnerability in Microsoft SharePoint Server | Important |
| Microsoft Office Word | CVE-2021-36941 | Remote Code Execution Vulnerability in Microsoft Word | Important |
| Scripting Engine by Microsoft | CVE-2021-34480 | Memory Corruption Vulnerability in the Scripting Engine | Critical |
| Microsoft Windows Codecs Library is a collection of codecs for Windows. | CVE-2021-36937 | Remote Code Execution Vulnerability in Windows Media MPEG-4 Video Decoder | Important |
| Remote Desktop Client | CVE-2021-34535 | Remote Code Execution Vulnerability in the Remote Desktop Client | Critical |
| Bluetooth Service in Windows | CVE-2021-34537 | Vulnerability in the Windows Bluetooth Driver’s Privilege Escalation | Important |
| Cryptographic Services for Windows | CVE-2021-36938 | Information Disclosure Vulnerability in the Windows Cryptographic Primitives Library | Important |
| Windows Defender | CVE-2021-34471 | Microsoft Windows Defender is a security program developed by Microsoft. Privilege Vulnerability Increases | Important |
| Event tracing on Windows | CVE-2021-34486 | Elevation of Privilege Vulnerability in Event tracing on Windows | Important |
| Event tracing on Windows | CVE-2021-34487 | Elevation of Privilege Vulnerability in Windows Event Tracing | Important |
| Windows Event Tracing | CVE-2021-26425 | Elevation of Privilege Vulnerability in Windows Event Tracing | Important |
| Windows Media | CVE-2021-36927 | Elevation of Privilege Vulnerability in the Windows Digital TV Tuner Device Registration Application | Important |
| MSHTML Platform for Windows | CVE-2021-34534 | Remote Code Execution Vulnerability in the Windows MSHTML Platform | Critical |
| NTLM is a security protocol used by Windows. | CVE-2021-36942 | Vulnerability in Windows LSA Spoofing | Important |
| Components of the Windows Print Spooler | CVE-2021-34483 | Elevation of Privilege Vulnerability in Windows Print Spooler | Important |
| Components of the Windows Print Spooler | CVE-2021-36947 | Remote Code Execution Vulnerability in Windows Print Spooler | Important |
| Windows Print Spooler Components | CVE-2021-36936 | Remote Code Execution Vulnerability in Windows Print Spooler | Critical |
| NFS ONCRPC XDR Driver Windows Services | CVE-2021-36933 | Information Disclosure for NFS ONCRPC XDR Driver Windows Servicess Vulnerability | Important |
| NFS ONCRPC XDR Driver Windows Services | CVE-2021-26433 | Information Disclosure for NFS ONCRPC XDR Driver Windows Servicess Vulnerability | Important |
| NFS ONCRPC XDR Driver Windows Services | CVE-2021-36932 | Information Disclosure for Windows Services for NFS ONCRPC XDR Drivers Vulnerability | Important |
| Windows Services for NFS ONCRPC XDR Driver | CVE-2021-26432 | Remote Code Execution Vulnerability in Windows Services for NFS ONCRPC XDR Driver | Critical |
| Windows Services for NFS ONCRPC XDR Driver | CVE-2021-36926 | Information Disclosure for Windows Services for NFS ONCRPC XDR Drivers Vulnerability | Important |
| Storage Spaces Manager in Windows | CVE-2021-34536 | Elevation of Privilege Vulnerability in Storage Spaces Controller | Important |
| Windows TCP/IP | CVE-2021-26424 | Remote Code Execution Vulnerability in Windows TCP/IP | Critical |
| Windows Update | CVE-2021-36948 | Elevation of Privilege Vulnerability in the Windows Update Medic Service | Important |
| Windows Update Assistant is a program that helps you keep your computer is a program that helps you keep your computer | CVE-2021-36945 | Elevation of Privilege Vulnerability in Windows 10 Update Assistant | Important |
| Windows Update Assistant | CVE-2021-26431 | Vulnerability in the Windows Recovery Environment Agent’s Privilege Escalation | Important |
| User Profile Service in Windows | CVE-2021-34484 | User Profile Service in Windows Privilege Vulnerability Increases | Important |
| User Profile Service in Windows | CVE-2021-26426 | Picture of a Windows User Account Profile Privilege Vulnerability Increases | Important |
Other businesses’ recent security upgrades
The following are some of the other businesses that have issued updates:
What are your thoughts on Microsoft’s most recent plan of action? Let us know what you think in the comments area below.
Was this page of assistance to you?
Thank you very much!
There are insufficient details It’s difficult to comprehend Other Speak with a Professional
Start a discussion.
This blog is focused on taking the time to update Microsoft Windows to the newest version, so that our customers can have the best possible experience.. Read more about patch tuesday calendar 2023 and let us know what you think.
Related Tags
This article broadly covered the following related topics:
- latest windows 10 update problems 2023
- microsoft patch tuesday dates 2023
- microsoft patch tuesday schedule 2023
- april 2023 patch tuesday
- patch tuesday may 2023
