Overview
According to NSFOCUS CERT’s monitoring, Microsoft released August 2021 Security Updates on August 11 to fix 46 vulnerabilities, including high-risk remote code execution and privilege escalation, in widely used products like Windows, Microsoft Office, ASP.NET Core, Visual Studio, and Azure.
This month’s security updates fix seven critical vulnerabilities and 39 important ones, including three 0-day vulnerabilities with two already published in July:
Windows Privilege Escalation Vulnerability (CVE-2021-36934)
Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-34481)
Affected users are advised to apply patches. For details, please refer to the Appendix: Vulnerability List.
NSFOCUS Remote Security Assessment System (RSAS) can detect most of the vulnerabilities (including high-risk ones such as CVE-2021-36936, CVE-2021-26424, CVE-2021-36947, CVE-2021-34534, and CVE-2021-26432) fixed by these security updates. Customers are advised to immediately update the plug-in package of their RSAS to V6.0R02F01.2405, which is available at http://update.nsfocus.com/update/listRsasDetail/v/vulsys.
Reference link: https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-Aug
Description of Major Vulnerabilities
Based on the product popularity and vulnerability importance, we present high-impact vulnerabilities covered in the updates:
Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-36936):
Print Spooler is a service to manage print jobs in the Windows system. Domain users can remotely exploit this vulnerability to execute arbitrary code on the domain controller with SYSTEM privileges, thereby gaining control of the entire domain. Details of this vulnerability has been made publicly available.
For vulnerability details, visit the following links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36936
Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-36947)
Windows Print Spooler contains a remote code execution vulnerability that allows attackers with low privileges to cause remote code execution on the target host without user interactions.
For vulnerability details, visit the following links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36947
Windows TCP/IP Remote Code Execution Vulnerability (CVE-2021-26424)
Windows TCP/IP contains a remote code execution vulnerability because a boundary error exists when tcpip.sys handles TCP/IP packets that are sent via the IPv6 protocol. A remote Hyper-V guest could cause arbitrary code execution on the target host by sending a crafted IPv6 ping to a vulnerable Hyper-V host to trigger memory corruption.
For vulnerability details, visit the following links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/ CVE-2021-26424
Windows LSA Spoofing Vulnerability (CVE-2021-36942)
Windows LSA is prone to a spoofing vulnerability which allows an unauthenticated attacker to steal the NTLM hash from the domain controller or other hosts without user interactions. Currently, details of this vulnerability has been made publicly available.
For vulnerability details, visit the following links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36942
Windows Update Medic Service Privilege Escalation Vulnerability (CVE-2021-36948)
Windows Update Medic contains a boundary error that allows attackers to obtain high-level privileges to take over devices. Currently, this vulnerability is found to be exploited in the wild.
For vulnerability details, visit the following link:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36948
Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability (CVE-2021-26432)
A vulnerability in the RPCXDR kernel driver in NFS Windows Services allows an unauthenticated remote attacker to execute arbitrary code on the target host without user interactions.
For vulnerability details, visit the following link:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26432
Remote Desktop Client Remote Code Execution Vulnerability (CVE-2021-34535)
Windows Remote Desktop Client contains a remote code execution vulnerability that allows unauthenticated attackers to authenticate in the network in the same way a user would, so as to gain system privileges.
For vulnerability details, visit the following link:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34535
Scripting Engine Memory Corruption Vulnerability (CVE-2021-34480)
Windows Scripting Engine contains a memory corruption vulnerability that allows remote attackers to cause arbitrary code execution on the target system by tricking a victim into visiting a malicious website or opening a crafted file to trigger memory corruption.
For vulnerability details, visit the following link:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/ CVE-2021-34480
Scope of Impact
The following table lists affected products and versions that require special attention. Please view Microsoft’s security updates for other products affected by these vulnerabilities.
| CVE ID | Affected Products and Versions |
| CVE-2021-36936 CVE-2021-36947 CVE-2021-26424 | Windows Server, version 20H2 (Server Core Installation) Windows Server, version 2004 (Server Core installation) Windows Server 2019 (Server Core installation) Windows Server 2019 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems |
| CVE-2021-36942 | Windows Server, version 20H2 (Server Core Installation) Windows Server, version 2004 (Server Core installation) Windows Server 2019 (Server Core installation) Windows Server 2019 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
| CVE-2021-36948 | Windows Server, version 20H2 (Server Core Installation) Windows Server, version 2004 (Server Core installation) Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems |
| CVE-2021-26432 | Windows Server, version 20H2 (Server Core Installation) Windows Server, version 2004 (Server Core installation) Windows Server 2019 (Server Core installation) Windows Server 2019 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems |
| CVE-2021-34535 | Windows Server 2019 Windows Server 2016 Windows Server 2012 R2 Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Remote Desktop client for Windows Desktop |
| CVE-2021-34480 | Windows Server 2019 Windows Server 2016 Windows Server 2012 R2 Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems |
Mitigation
Patch Update
Currently, Microsoft has released security updates to fix the preceding vulnerabilities in product versions supported by Microsoft. Affected users are strongly advised to apply these updates as soon as possible. These updates are available at the following link:
https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-Aug
Note: Windows Update may fail due to network and computer environment issues. Therefore, users are advised to check whether the patches are successfully applied immediately upon installation.
Click the Start button and choose Settings (N) > Security & Security > Windows Update to view the prompt message on the page. Alternatively, please view historical updates by clicking the View update history button.
If an update fails to be successfully installed, you can click the update name to open the Microsoft’s official update download page. Users are advised to click the links on the page to visit the “Microsoft Update Catalog” website to download and install independent packages.
Appendix: Vulnerability List
| Windows | CVE-2021-34480 | Scripting Engine Memory Corruption Vulnerability | Critical |
| Windows | CVE-2021-34534 | Windows MSHTML Platform Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2021-26424 | Windows TCP/IP Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2021-36936 | Windows Print Spooler Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2021-34530 | Microsoft Windows Graphics Component Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2021-34535 | Remote Desktop Client Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2021-26432 | Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability | Critical |
| Azure | CVE-2021-33762 | Azure CycleCloud Privilege Escalation Vulnerability | Important |
| Microsoft Dynamics | CVE-2021-34524 | Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2021-34478 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-34486 | Windows Event Tracing Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-34536 | Storage Spaces Controller Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-34487 | Windows Event Tracing Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-34537 | Windows Bluetooth Driver Privilege Escalation Vulnerability | Important |
| Visual Studio, .NET, .NET Core, Microsoft Visual Studio | CVE-2021-26423 | .NET Core and Visual Studio Denial-of-Service Vulnerability | Important |
| Windows | CVE-2021-26425 | Windows Event Tracing Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-26426 | Windows User Account Profile Picture Privilege Escalation Vulnerability | Important |
| Azure | CVE-2021-26428 | Azure Sphere Information Disclosure Vulnerability | Important |
| Azure | CVE-2021-26429 | Azure Sphere Privilege Escalation Vulnerability | Important |
| Azure | CVE-2021-26430 | Azure Sphere Denial-of-Service Vulnerability | Important |
| Windows | CVE-2021-36937 | Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-36938 | Windows Cryptographic Primitives Library Information Disclosure Vulnerability | Important |
| Windows | CVE-2021-36942 | Windows LSA Spoofing Vulnerability | Important |
| Microsoft Office | CVE-2021-36940 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft Office | CVE-2021-36941 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-36945 | Windows 10 Update Assistant Privilege Escalation Vulnerability | Important |
| Microsoft Dynamics | CVE-2021-36946 | Microsoft Dynamics Business Central Cross-Site Scripting Vulnerability | Important |
| Windows | CVE-2021-36947 | Windows Print Spooler Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-36948 | Windows Update Medic Service Privilege Escalation Vulnerability | Important |
| Azure | CVE-2021-36949 | Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability | Important |
| Microsoft Dynamics | CVE-2021-36950 | Microsoft Dynamics 365 (On-Premises) Cross-Site Scripting Vulnerability | Important |
| System Center | CVE-2021-34471 | Microsoft Windows Defender Privilege Escalation Vulnerability | Important |
| ASP.NET Core, Visual Studio, Microsoft Visual Studio | CVE-2021-34532 | ASP.NET Core and Visual Studio Information Disclosure Vulnerability | Important |
| Windows | CVE-2021-34533 | Windows Graphics Component Font Parsing Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-34483 | Windows Print Spooler Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-34484 | Windows User Profile Service Privilege Escalation Vulnerability | Important |
| .NET,.NET Core, Microsoft Visual Studio | CVE-2021-34485 | .NET Core and Visual Studio Information Disclosure Vulnerability | Important |
| Windows | CVE-2021-26431 | Windows Recovery Environment Agent Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-26433 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | Important |
| Windows | CVE-2021-36926 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | Important |
| Windows | CVE-2021-36927 | Windows Digital TV Tuner Device Registration Application Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-36932 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | Important |
| Windows | CVE-2021-36933 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | Important |
| Azure | CVE-2021-36943 | Azure CycleCloud Privilege Escalation Vulnerability | Important |
Statement
This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.
About NSFOCUS
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.
NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA). A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.
