July Patch Tuesday 2021 Fixes Massive 117 Vulnerabilities

July Patch Tuesday 2021 Fixes Massive 117 Vulnerabilities

Microsoft Releases Huge July Patch Tuesday Update

There are  13 Critical, 103 Important and 1 Moderate fixes this month for Microsoft Windows, Dynamics, Exchange Server, Microsoft Office, Windows Storage Spaces Controller, Bing, SharePoint Server, Internet Explorer (IE), Visual Studio, and Open Enclave.

Year 2 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month, with one currently Weaponized.

  1. Windows 7 – 3 Critical and 27 Important vulnerabilities fixed
  2. Windows 2008 R2 – 3 Critical and 27 Important vulnerabilities fixed

Robert Brown, Head of Customer Success for Syxsense said, “The vulnerability known as PrintNightmare is causing a lot of confusion and anxiety as patch deployment is needed urgently, but also some registry keys need to be verified also. If those keys exist then you are not safe.

There are also Weaponized vulnerabilities for Windows Kernel which need addressing urgently.”

Top July 2021 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible. 

1. CVE-2021-34527: Windows Print Spooler Remote Code Execution Vulnerability

The vulnerability exists due to improper input validation within the RpcAddPrinterDriverEx() function. A remote user can send a specially crafted request to the Windows Print Spooler and execute arbitrary code with SYSTEM privileges.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.5 / 8.8
  • Weaponiz
  • ed: Yes
  • Public Aware: Yes
  • Countermeasure: Yes 

Syxscore Risk Alert

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Yes

2. CVE-2021-31979 & CVE-2021-33771: Windows Kernel Elevation of Privilege Vulnerability

A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with elevated privileges.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8 / 8.4
  • Weaponized: Yes
  • Public Aware: Yes
  • Countermeasure: Yes 

Syxscore Risk Alert

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Yes

3. CVE-2021-34458: Windows Kernel Remote Code Execution Vulnerability

This bug impacts systems hosting virtual machines with single root input/output virtualization (SR-IOV) devices. If you have virtual machines in your environment, test and patch quickly.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8 / 8.4
  • Weaponized: Yes
  • Public Aware: Yes
  • Countermeasure: Yes 

Syxscore Risk Alert

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Yes

Syxsense Recommendations

Based on the vendor severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are publicly aware or weaponized.

Reference Description Vendor Severity CVSS Score Countermeasure Public Weaponised Syxsense Recommended
CVE-2021-34527 Windows Print Spooler Remote Code Execution Vulnerability Critical 8.8 Yes Yes Yes Yes
CVE-2021-31979 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No Yes Yes
CVE-2021-33771 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No Yes Yes
CVE-2021-34448 Scripting Engine Memory Corruption Vulnerability Critical 6.8 No No Yes Yes
CVE-2021-34473 Microsoft Exchange Server Remote Code Execution Vulnerability Critical 9.1 No Yes No Yes
CVE-2021-34523 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 9 No Yes No Yes
CVE-2021-33781 Active Directory Security Feature Bypass Vulnerability Important 8.1 No Yes No Yes
CVE-2021-33779 Windows ADFS Security Feature Bypass Vulnerability Important 8.1 No Yes No Yes
CVE-2021-34492 Windows Certificate Spoofing Vulnerability Important 8.1 No Yes No Yes
CVE-2021-34458 Windows Kernel Remote Code Execution Vulnerability Critical 9.9 No No No Yes
CVE-2021-34494 Windows DNS Server Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-33780 Windows DNS Server Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-34525 Windows DNS Server Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-33749 Windows DNS Snap-in Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-33750 Windows DNS Snap-in Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-33752 Windows DNS Snap-in Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-33756 Windows DNS Snap-in Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-34450 Windows Hyper-V Remote Code Execution Vulnerability Critical 8.5 No No No Yes
CVE-2021-34469 Microsoft Office Security Feature Bypass Vulnerability Important 8.2 No No No Yes
CVE-2021-33767 Open Enclave SDK Elevation of Privilege Vulnerability Important 8.2 No No No Yes
CVE-2021-34520 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.1 No No No Yes
CVE-2021-33786 Windows LSA Security Feature Bypass Vulnerability Important 8.1 No No No Yes
CVE-2021-34474 Dynamics Business Central Remote Code Execution Vulnerability Critical 8 No No No Yes
CVE-2021-33768 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 8 No No No Yes
CVE-2021-34470 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 8 No No No Yes
CVE-2021-33746 Windows DNS Server Remote Code Execution Vulnerability Important 8 No No No Yes
CVE-2021-33754 Windows DNS Server Remote Code Execution Vulnerability Important 8 No No No Yes
CVE-2021-34446 Windows HTML Platform Security Feature Bypass Vulnerability Important 8 No No No Yes
CVE-2021-34464 Microsoft Defender Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-34522 Microsoft Defender Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-34439 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-34503 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-33740 Windows Media Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-34497 Windows MSHTML Platform Remote Code Execution Vulnerability Critical 6.8 No No No Yes
CVE-2021-34489 DirectWrite Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-31947 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-33775 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-33776 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-33777 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-33778 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34501 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34518 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34479 Microsoft Visual Studio Spoofing Vulnerability Important 7.8 No No No
CVE-2021-34441 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34452 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34521 Raw Image Extension Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34460 Storage Spaces Controller Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34510 Storage Spaces Controller Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34512 Storage Spaces Controller Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34513 Storage Spaces Controller Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34477 Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34528 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34529 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34516 Win32k Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34504 Windows Address Book Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34459 Windows App Container Elevation Of Privilege Vulnerability Important 7.8 No No No
CVE-2021-33784 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34488 Windows Console Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34461 Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-33759 Windows Desktop Bridge Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34455 Windows File History Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34438 Windows Font Driver Host Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34498 Windows GDI Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34511 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34514 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34508 Windows Kernel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-33743 Windows Projected File System Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-33761 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-33773 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34445 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34456 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-33758 Windows Hyper-V Denial of Service Vulnerability Important 7.7 No No No
CVE-2021-31206 Microsoft Exchange Server Remote Code Execution Vulnerability Important 7.6 No No No
CVE-2021-31984 Power BI Remote Code Execution Vulnerability Important 7.6 No No No
CVE-2021-34476 Bowser.sys Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-33785 Windows AF_UNIX Socket Provider Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-34442 Windows DNS Server Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-33788 Windows LSA Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-31183 Windows TCP/IP Driver Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-33772 Windows TCP/IP Driver Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-34490 Windows TCP/IP Driver Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-33766 Microsoft Exchange Information Disclosure Vulnerability Important 7.3 No No No
CVE-2021-31196 Microsoft Exchange Server Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2021-34467 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 7.1 No No No
CVE-2021-34468 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 7.1 No No No
CVE-2021-33751 Storage Spaces Controller Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-34449 Win32k Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-34462 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-33774 Windows Event Tracing Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-34447 Windows MSHTML Platform Remote Code Execution Vulnerability Important 6.8 No No No
CVE-2021-34493 Windows Partition Management Driver Elevation of Privilege Vulnerability Important 6.7 No No No
CVE-2021-33745 Windows DNS Server Denial of Service Vulnerability Important 6.5 No No No
CVE-2021-34444 Windows DNS Server Denial of Service Vulnerability Important 6.5 No No No
CVE-2021-34499 Windows DNS Server Denial of Service Vulnerability Important 6.5 No No No
CVE-2021-34507 Windows Remote Assistance Information Disclosure Vulnerability Important 6.5 No No No
CVE-2021-33755 Windows Hyper-V Denial of Service Vulnerability Important 6.3 No No No
CVE-2021-34500 Windows Kernel Memory Information Disclosure Vulnerability Important 6.3 No No No
CVE-2021-33765 Windows Installer Spoofing Vulnerability Important 6.2 No No No
CVE-2021-31961 Windows Install Service Elevation of Privilege Vulnerability Important 6.1 No No No
CVE-2021-33764 Windows Key Distribution Center Information Disclosure Vulnerability Important 5.9 No No No
CVE-2021-34466 Windows Hello Security Feature Bypass Vulnerability

Recent Posts

Topics

Related Posts

If Vulnerabilities Can Take Down Even the Most Prepared, What Can You Do?

If Vulnerabilities Can Take Down Even the Most Prepared, What Can You Do?

April 20, 2024
April 2024 Patch Tuesday: Microsoft releases 147 fixes this month including 3 Critical Threats.

April 2024 Patch Tuesday: Microsoft releases 147 fixes this month including 3 Critical Threats.

April 9, 2024
Automating Patch and Vulnerability Management for Compliance Success

Automating Patch and Vulnerability Management for Compliance Success

March 21, 2024
March 2024 Patch Tuesday: Microsoft releases 59 fixes this month including 2 Critical Threats and 2 with CVSS Score of 9.0 or Above

March 2024 Patch Tuesday: Microsoft releases 59 fixes this month including 2 Critical Threats and 2 with CVSS Score of 9.0 or Above

March 12, 2024