44 flaws fixed through the August 2021 Patch Tuesday release

0
27

Patch Tuesday is an initiative by Microsoft to provide regular updates for the Windows operating system, which have to be downloaded and installed. Microsoft is expected to release a new Patch Tuesday release every month between August and December.

The release of each new major version of Windows 10 is a time of anticipation for the product’s millions of users. But there’s no doubt that Microsoft has been a little behind on fixing bugs and issues in some areas of the operating system.

Microsoft releases patches to fix 35 security issues with the Windows operating system every month. This means that there are no fewer than 44 issues that Microsoft fixes in each Patch Tuesday release. If you consider that some of those issues are minor, you can quickly see that it is a large number of issues that the company releases each month.

Windows-11-performs-great-on-foldable-touch-screen-devices

Turiceanu, Vlad

Editor-in-Chief

He spent much of his time acquiring new talents and learning more about the computer industry, since he was passionate about technology, Windows, and anything that had a power button. Coming from a strong foundation in computer science,… Read more

  • Microsoft published 44 security updates as part of the August 2021 Patch Tuesday event.
  • Thirteen of the fixes addressed a remote code execution vulnerability, while the other eight addressed data leakage. 
  • The most significant fix addresses the Remote Code Execution vulnerability in Windows Print Spooler.
  • Aside from Print Nightmare, Microsoft also addressed the problems caused by the Petit Potam assaults.

44-flaws-fixed-through-the-August-2021-Patch-Tuesday-release

As you are probably aware, the Patch Tuesday release occurs every second Tuesday of the month, and it includes significant updates from the Redmond firm.

Microsoft released 44 security updates for Patch Tuesday in August, with seven of the flaws being classified critical. Three zero-days were also included in the batch, with the remaining 37 being deemed critical. 

It’s also worth noting that thirteen of the fixes addressed a remote code execution vulnerability, while the remaining eight focused on information leakage. 

The August 2021 Patch Tuesday will address three zero-day issues.

The most significant patch in this batch tackles the Windows Print Spooler Remote Code Execution vulnerability, which has been a hot subject since its discovery in June.

The IT firm received a lot of flak from the security community for botching the delivery of fixes to fix the problem. 

The affected tools are .NET Core & Visual Studio, ASP.NET Core & Visual Studio, Azure, Updates for Windows, Components of the Windows Print Spooler, Windows Media Player is a program that allows you to, Windows Defender is a program that protects your computer, Client for Remote Desktop, Microsoft Dynamics is a software program that allows you to is a software program that allows you to is a software program that allows you to, Microsoft Edge is a browser developed by Microsoft (Chromium-based), Microsoft Office is a program that allows you to create, Microsoft Word is a word processing program., SharePoint is a Microsoft Office product. and more.

Since we stated that Microsoft patched three zero-day vulnerabilities as part of this update event, here’s a rundown of what they had to deal with:

According to Microsoft’s study, the Windows Update Medic Service Elevation of Privilege vulnerability is the only one that has been exploited in the wild.

CVE-2021-36948 struck out to one of the security experts, Allan Liska, since it was similar to CVE-2020-17070, which was released in November 2020.

Obviously, it’s terrible that it’s being abused in the wild, but we found a vulnerability that was almost identical in November of 2020, but I can’t locate any indication that it was exploited. As a result, I’m curious whether this is a new target for threat actors.

CVE-2021-26424 is a serious vulnerability, according to Liska, since it’s a TCP/IP on Windows Remote Code Execution flaw that affects Windows 7 through 10 and Windows Server 2008 through 2019.

While this vulnerability has not been publicly reported or exploited in the open, Microsoft has labeled it as “Exploitation More Likely,” implying that it is very simple to attack. TCP/IP stack vulnerabilities may be difficult. A similar vulnerability, CVE-2021-24074, caused a lot of worry earlier this year, but it has yet to be exploited in the wild. Last year’s CVE-2020-16898, a similar vulnerability, was, on the other hand, exploited in the wild.

The attacks PrintNightmare and PetitPotam have been fixed by Microsoft.

The LSA spoofing flaw is linked to a Microsoft warning issued late last month on how to defend Windows domain controllers and other Windows servers against the PetitPotam NTLM Relay Attack.

The PetitPotam technique, discovered in July by French researcher Gilles Lionel, counters the NTLM Relay attack, which uses the MS-EFSRPC EfsRpcOpenFileRaw function to force Windows hosts to authenticate to other computers.

Adobe also issued two fixes for Adobe Connect and Magento, which addressed 29 CVEs. Since December 2019, Microsoft has issued the fewest amount of fixes.

This drop is mostly due to resource limitations, since Microsoft spent a significant amount of time in July reacting to events such as PrintNightmare and PetitPotam.

Updates to security patches will be released on Tuesday, August 20, 2021.

This is the full list of vulnerabilities that have been fixed and advisories that have been published in the August 2021 Patch Tuesday releases.

Tag CVE ID CVE Title Severity
.NET Core & Visual Studio CVE-2021-34485 Information Disclosure Vulnerability in.NET Core and Visual Studio Important
.NET Core & Visual Studio CVE-2021-26423 Vulnerability in.NET Core and Visual Studio for Denial of Service Important
ASP.NET Core & Visual Studio CVE-2021-34532 Information Disclosure Vulnerability in ASP.NET Core and Visual Studio Important
Azure CVE-2021-36943 Elevation of Privilege Vulnerability in Azure CycleCloud Important
Azure CVE-2021-33762 Elevation of Privilege Vulnerability in Azure CycleCloud Important
Sphere in Azure CVE-2021-26428 Vulnerability in Sphere in Azure Information Disclosure Important
Sphere in Azure CVE-2021-26430 Vulnerability in Azure Sphere that causes a denial of service Important
Azure Sphere CVE-2021-26429 Vulnerability in Azure Sphere Privilege Elevation Important
Connect to Microsoft Azure Active Directory CVE-2021-36949 Vulnerability in Microsoft Azure Active Directory Connect Authentication Important
Microsoft Dynamics CVE-2021-36946 Vulnerability in Microsoft Dynamics Business Central’s Cross-Site Scripting Important
Microsoft Dynamics CVE-2021-36950 Microsoft Dynamics 365 is a cloud-based version of Microsoft Dynamics (on-premises) Vulnerability to Cross-Site Scripting Important
Microsoft Dynamics CVE-2021-34524 Microsoft Dynamics 365 is a cloud-based version of Microsoft Dynamics (on-premises) Vulnerability to Remote Code Execution Important
Microsoft Edge is a browser developed by Microsoft (Chromium-based) CVE-2021-30591 CVE-2021-30591 for chromium In the File System API, use after free. Unknown
Microsoft Edge is a browser developed by Microsoft (Chromium-based) CVE-2021-30592 CVE-2021-30592 for chromium Write in Tab Groups while you’re out of limits. Unknown
Microsoft Edge is a browser developed by Microsoft (Chromium-based) CVE-2021-30597 CVE-2021-30597 for chromium After that, you may use it for free in the browser UI. Unknown
Microsoft Edge is a browser developed by Microsoft (Chromium-based) CVE-2021-30594 CVE-2021-30594 for chromium After that, under the Page Info UI, you may use it for free. Unknown
Microsoft Edge is a browser developed by Microsoft (Chromium-based) CVE-2021-30596 CVE-2021-30596 chromium In Navigation, the security UI is incorrect. Unknown
Microsoft Edge is a browser developed by Microsoft (Chromium-based) CVE-2021-30590 CVE-2021-30590 CVE-2021-30590 CVE-2021-30590 CVE-2021-30590 C Bookmarks heap buffer overflow Unknown
Microsoft Edge (Chromium-based) CVE-2021-30593 CVE-2021-30593 for chromium In Tab Strip, read out of limits. Unknown
Graphics Component from Microsoft CVE-2021-34530 Remote Code Execution Vulnerability in the Windows Graphics Component Critical
Graphics Component from Microsoft CVE-2021-34533 Remote Code Execution Vulnerability in the Windows Graphics Component Font Parsing Important
Microsoft Office CVE-2021-34478 Remote Code Execution Vulnerability in Microsoft Office Important
Microsoft Office SharePoint CVE-2021-36940 Spoofing Vulnerability in Microsoft SharePoint Server Important
Microsoft Office Word CVE-2021-36941 Remote Code Execution Vulnerability in Microsoft Word Important
Scripting Engine by Microsoft CVE-2021-34480 Memory Corruption Vulnerability in the Scripting Engine Critical
Microsoft Windows Codecs Library is a collection of codecs for Windows. CVE-2021-36937 Remote Code Execution Vulnerability in Windows Media MPEG-4 Video Decoder Important
Remote Desktop Client CVE-2021-34535 Remote Code Execution Vulnerability in the Remote Desktop Client Critical
Bluetooth Service in Windows CVE-2021-34537 Vulnerability in the Windows Bluetooth Driver’s Privilege Escalation Important
Cryptographic Services for Windows CVE-2021-36938 Information Disclosure Vulnerability in the Windows Cryptographic Primitives Library Important
Windows Defender CVE-2021-34471 Microsoft Windows Defender is a security program developed by Microsoft. Privilege Vulnerability Increases Important
Event tracing on Windows CVE-2021-34486 Elevation of Privilege Vulnerability in Event tracing on Windows Important
Event tracing on Windows CVE-2021-34487 Elevation of Privilege Vulnerability in Windows Event Tracing Important
Windows Event Tracing CVE-2021-26425 Elevation of Privilege Vulnerability in Windows Event Tracing Important
Windows Media CVE-2021-36927 Elevation of Privilege Vulnerability in the Windows Digital TV Tuner Device Registration Application Important
MSHTML Platform for Windows CVE-2021-34534 Remote Code Execution Vulnerability in the Windows MSHTML Platform Critical
NTLM is a security protocol used by Windows. CVE-2021-36942 Vulnerability in Windows LSA Spoofing Important
Components of the Windows Print Spooler CVE-2021-34483 Elevation of Privilege Vulnerability in Windows Print Spooler Important
Components of the Windows Print Spooler CVE-2021-36947 Remote Code Execution Vulnerability in Windows Print Spooler Important
Windows Print Spooler Components CVE-2021-36936 Remote Code Execution Vulnerability in Windows Print Spooler Critical
NFS ONCRPC XDR Driver Windows Services CVE-2021-36933 Information Disclosure for NFS ONCRPC XDR Driver Windows Servicess Vulnerability Important
NFS ONCRPC XDR Driver Windows Services CVE-2021-26433 Information Disclosure for NFS ONCRPC XDR Driver Windows Servicess Vulnerability Important
NFS ONCRPC XDR Driver Windows Services CVE-2021-36932 Information Disclosure for Windows Services for NFS ONCRPC XDR Drivers Vulnerability Important
Windows Services for NFS ONCRPC XDR Driver CVE-2021-26432 Remote Code Execution Vulnerability in Windows Services for NFS ONCRPC XDR Driver Critical
Windows Services for NFS ONCRPC XDR Driver CVE-2021-36926 Information Disclosure for Windows Services for NFS ONCRPC XDR Drivers Vulnerability Important
Storage Spaces Manager in Windows CVE-2021-34536 Elevation of Privilege Vulnerability in Storage Spaces Controller Important
Windows TCP/IP CVE-2021-26424 Remote Code Execution Vulnerability in Windows TCP/IP Critical
Windows Update CVE-2021-36948 Elevation of Privilege Vulnerability in the Windows Update Medic Service Important
Windows Update Assistant is a program that helps you keep your computer is a program that helps you keep your computer CVE-2021-36945 Elevation of Privilege Vulnerability in Windows 10 Update Assistant Important
Windows Update Assistant CVE-2021-26431 Vulnerability in the Windows Recovery Environment Agent’s Privilege Escalation Important
User Profile Service in Windows CVE-2021-34484 User Profile Service in Windows Privilege Vulnerability Increases Important
User Profile Service in Windows CVE-2021-26426 Picture of a Windows User Account Profile Privilege Vulnerability Increases Important

Other businesses’ recent security upgrades

The following are some of the other businesses that have issued updates:

What are your thoughts on Microsoft’s most recent plan of action? Let us know what you think in the comments area below.

Was this page of assistance to you?

Thank you very much!

There are insufficient details It’s difficult to comprehend Other Speak with a Professional

Start a discussion.

This blog is focused on taking the time to update Microsoft Windows to the newest version, so that our customers can have the best possible experience.. Read more about patch tuesday calendar 2021 and let us know what you think.

Related Tags

This article broadly covered the following related topics:

  • latest windows 10 update problems 2021
  • microsoft patch tuesday dates 2021
  • microsoft patch tuesday schedule 2021
  • april 2021 patch tuesday
  • patch tuesday may 2021

LEAVE A REPLY

Please enter your comment!
Please enter your name here

61  +    =  71