Overview
According to NSFOCUS CERT’s monitoring, Microsoft released July 2021 Security Updates on July 14 to fix 117 vulnerabilities, including high-risk remote code execution and privilege escalation, in widely used products like Windows, Microsoft Office, Microsoft Edge, Visual Studio, and SharePoint Server.
In the vulnerabilities fixed by this month’s security updates, there are 13 critical vulnerabilities and 103 important ones. Nine of them are 0-day vulnerabilities, and five of them have been publicly disclosed:
- Windows Certificate Spoofing Vulnerability (CVE-2021-34492)
- Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-34473)
- Microsoft Exchange Server Privilege Escalation Vulnerability (CVE-2021-34523)
- Windows ADFS Security Feature Bypass Vulnerability (CVE-2021-33779)
- Active Directory Security Feature Bypass Vulnerability (CVE-2021-33781)
- Four of these vulnerabilities have been exploited in the wild:
- Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-34527)
- Windows Script Engine Memory Corruption Vulnerability (CVE-2021-34448)
- Windows Kernel Privilege Escalation Vulnerability (CVE-2021-31979)
- Windows Kernel Privilege Escalation Vulnerability (CVE-2021-33771)
Affected users are advised to apply patches. For details, please refer to Appendix: Vulnerability List.
NSFOCUS Remote Security Assessment System (RSAS) can detect most of the vulnerabilities (including high-risk ones such as CVE-2021-34448, CVE-2021-34473, CVE-2021-34494, CVE-2021-34458, and CVE-2021-34527) fixed by these security updates. Customers are advised to immediately update the plug-in package of their RSAS to V6.0R02F01.2401, which is available at http://update.nsfocus.com/update/listRsasDetail/v/vulsys.
Reference link: https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-Jul
Description of Major Vulnerabilities
Based on product popularity and vulnerability importance, we have selected the vulnerabilities with a huge impact from the updates for affected users.
Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-34527):
Print Spooler is a service that manages printing-related affairs in the Windows system. Domain users can remotely exploit this vulnerability to execute arbitrary code on the domain controller with SYSTEM privileges, thereby gaining control of the entire domain. The exploit of this vulnerability has been made public and taken place in the wild. NSFOCUS CERT tracked the vulnerability over the course. For details and preventive measures, please refer to: https://mp.weixin.qq.com/s/fq0QhojmcrnucJ7kDZPK1A.
For vulnerability details, visit the following link:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34527
Windows Script Engine Memory Corruption Vulnerability (CVE-2021-34448):
A memory corruption vulnerability exists in the Script Engine. An unauthenticated, remote attacker could exploit this vulnerability to trick a user into opening a crafted file or visiting a malicious website, thereby controlling the user’s computer system. Currently, the vulnerability has been found to be exploited in the wild.
For vulnerability details, visit the following link:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34448
Windows Kernel Remote Code Execution Vulnerability (CVE-2021-34458):
A remote code execution vulnerability in the Windows kernel affects the SR-IOV virtual machine system, with a CVSS base score of 9.9.
For vulnerability details, visit the following link:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34458
Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-34473):
A remote code execution vulnerability exists in the Microsoft Exchange Server. An unauthenticated, remote attacker could exploit this vulnerability to send a crafted request to the server and execute arbitrary code on the target server.
For vulnerability details, visit the following link:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34473
Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-31206):
This is one of the vulnerabilities discovered as part of this year’s Pwn2Own competition. An attacker who has successfully exploited this vulnerability could gain a certain degree of control over the server.
For vulnerability details, visit the following link:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31206
Windows DNS Server Remote Code Execution Vulnerability (CVE-2021-34494):
A remote code execution vulnerability exists in the Windows DNS server. An authenticated attacker could execute arbitrary code on the target host with SYSTEM privileges by sending a crafted request to the DNS server.
For vulnerability details, visit the following link:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34494
Windows Kernel Privilege Escalation Vulnerabilities (CVE-2021-31979/CVE-2021-33771):
Two privilege escalation vulnerabilities exist in the Windows kernel. An authenticated, local attacker could run a crafted binary file, thereby escalating the privileges of the current account on the target host. Currently, the vulnerability has been found to be exploited in the wild.
For vulnerability details, visit the following links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31979
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33771
Scope of Impact
The following table lists affected products and versions that require special attention. Please view Microsoft’s security updates for other products affected by these vulnerabilities.
| CVE ID | Affected Products and Versions |
| CVE-2021-34527 | All Windows versions supported by Microsoft |
| CVE-2021-34448 | Windows Server 2012 R2 Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems |
| CVE-2021-34458 | Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server, version 20H2 (Server Core Installation) Windows Server, version 2004 (Server Core installation) Windows Server 2019 (Server Core installation) Windows Server 2019 |
| CVE-2021-34473 | Microsoft Exchange Server 2019 Cumulative Update 9 Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft Exchange Server 2019 Cumulative Update 8 Microsoft Exchange Server 2016 Cumulative Update 19 Microsoft Exchange Server 2016 Cumulative Update 20 |
| CVE-2021-31206 | Microsoft Exchange Server 2019 Cumulative Update 9 Microsoft Exchange Server 2019 Cumulative Update 10 Microsoft Exchange Server 2016 Cumulative Update 21 Microsoft Exchange Server 2016 Cumulative Update 20 Microsoft Exchange Server 2013 Cumulative Update 23 |
| CVE-2021-34494 | Windows Server, version 20H2 (Server Core Installation) Windows Server, version 2004 (Server Core installation) Windows Server 2019 (Server Core installation) Windows Server 2019 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
| CVE-2021-31979 | All Windows versions supported by Microsoft |
| CVE-2021-33771 | Windows Server, version 20H2 (Server Core Installation) Windows Server, version 2004 (Server Core installation) Windows Server 2019 (Server Core installation) Windows Server 2019 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems |
Mitigation
Patch Update
Currently, Microsoft has released security updates to fix the preceding vulnerabilities in product versions supported by Microsoft. Affected users are strongly advised to apply these updates as soon as possible. These updates are available at the following link:
https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-Jul
Note: Windows Update may fail due to network and computer environment issues. Therefore, users are advised to check whether the patches are successfully applied immediately upon installation.
Select the Start button and select Settings (N) > Security & Security > Windows Update to view the prompt message on the page. Alternatively, please view historical updates by clicking the View update history button.
If an update fails to be successfully installed, you can click the update name to open the Microsoft’s official update download page. Users are advised to click the links on the page to visit the “Microsoft Update Catalog” website to download and install independent packages.
Appendix: Vulnerability List
| Affected Product | CVE ID | Vulnerability Title | Severity |
| Windows | CVE-2021-33740 | Windows Media Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2021-34494 | Windows DNS Server Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2021-34497 | Windows MSHTML Platform Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2021-34448 | Scripting Engine Memory Corruption Vulnerability | Critical |
| Windows | CVE-2021-34450 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
| Exchange Server | CVE-2021-34473 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical |
| Microsoft Dynamics | CVE-2021-34474 | Dynamics Business Central Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2021-34439 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2021-34503 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2021-34458 | Windows Kernel Remote Code Execution Vulnerability | Critical |
| System Center | CVE-2021-34464 | Microsoft Defender Remote Code Execution Vulnerability | Critical |
| System Center | CVE-2021-34522 | Microsoft Defender Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2021-34527 | Windows Print Spooler Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2021-31183 | Windows TCP/IP Driver Denial-of-Service Vulnerability | Important |
| Exchange Server | CVE-2021-31196 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
| Exchange Server | CVE-2021-31206 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-31947 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-31961 | Windows InstallService Privilege Escalation Vulnerability | Important |
| Power BI Report Server | CVE-2021-31984 | Power BI Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-33743 | Windows Projected File System Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-33744 | Windows Secure Kernel Mode Security Feature Bypass Vulnerability | Important |
| Apps | CVE-2021-33753 | Microsoft Bing Search Spoofing Vulnerability | Important |
| Windows | CVE-2021-33755 | Windows Hyper-V Denial-of-Service Vulnerability | Important |
| Windows | CVE-2021-33757 | Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability | Important |
| Windows | CVE-2021-33758 | Windows Hyper-V Denial-of-Service Vulnerability | Important |
| Windows | CVE-2021-33759 | Windows Desktop Bridge Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-33760 | Media Foundation Information Disclosure Vulnerability | Important |
| Windows | CVE-2021-33761 | Windows Remote Access Connection Manager Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-33763 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
| Windows | CVE-2021-33765 | Windows Installer Spoofing Vulnerability | Important |
| Open Enclave SDK | CVE-2021-33767 | Open Enclave SDK Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-33771 | Windows Kernel Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-33773 | Windows Remote Access Connection Manager Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-33774 | Windows Event Tracing Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-33780 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-34441 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-34442 | Windows DNS Server Denial-of-Service Vulnerability | Important |
| Windows | CVE-2021-34491 | Win32k Information Disclosure Vulnerability | Important |
| Windows | CVE-2021-34492 | Windows Certificate Spoofing Vulnerability | Important |
| Windows | CVE-2021-34493 | Windows Partition Management Driver Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-34444 | Windows DNS Server Denial-of-Service Vulnerability | Important |
| Windows | CVE-2021-34445 | Windows Remote Access Connection Manager Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-34446 | Windows HTML Platforms Security Feature Bypass Vulnerability | Important |
| Windows | CVE-2021-34496 | Windows GDI Information Disclosure Vulnerability | Important |
| Windows | CVE-2021-34447 | Windows MSHTML Platform Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-34498 | Windows GDI Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-34449 | Win32k Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-34499 | Windows DNS Server Denial-of-Service Vulnerability | Important |
| Windows | CVE-2021-34500 | Windows Kernel Memory Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2021-34501 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2021-34452 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2021-34467 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2021-34518 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2021-34468 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2021-34469 | Microsoft Office Security Feature Bypass Vulnerability | Important |
| Microsoft Office | CVE-2021-34520 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-34521 | Raw Image Extension Remote Code Execution Vulnerability | Important |
| Exchange Server | CVE-2021-34523 | Microsoft Exchange Server Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-34476 | Bowser.sys Denial-of-Service Vulnerability | Important |
| Visual Studio Code | CVE-2021-34528 | Visual Studio Code Remote Code Execution Vulnerability | Important |
| Visual Studio Code | CVE-2021-34479 | Microsoft Visual Studio Spoofing Vulnerability | Important |
| Windows | CVE-2021-31979 | Windows Kernel Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-33745 | Windows DNS Server Denial-of-Service Vulnerability | Important |
| Windows | CVE-2021-33746 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-33749 | Windows DNS Snap-in Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-33750 | Windows DNS Snap-in Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-33751 | Storage Spaces Controller Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-33752 | Windows DNS Snap-in Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-33754 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-33756 | Windows DNS Snap-in Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-33764 | Windows Key Distribution Center Information Disclosure Vulnerability | Important |
| Exchange Server | CVE-2021-33766 | Microsoft Exchange Information Disclosure Vulnerability | Important |
| Exchange Server | CVE-2021-33768 | Microsoft Exchange Server Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-33772 | Windows TCP/IP Driver Denial-of-Service Vulnerability | Important |
| Windows | CVE-2021-33775 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-33776 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-33777 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-33778 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-33779 | Windows ADFS Security Feature Bypass Vulnerability | Important |
| Windows | CVE-2021-33781 | Active Directory Security Feature Bypass Vulnerability (CVE-2021-33781) | Important |
| Windows | CVE-2021-33782 | Windows Authenticode Spoofing Vulnerability | Important |
| Windows | CVE-2021-33783 | Windows SMB Information Disclosure Vulnerability | Important |
| Windows | CVE-2021-33784 | Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-33785 | Windows AF_UNIX Socket Provider Denial-of-Service Vulnerability | Important |
| Windows | CVE-2021-33786 | Windows LSA Security Feature Bypass Vulnerability | Important |
| Windows | CVE-2021-33788 | Windows LSA Denial-of-Service Vulnerability | Important |
| Windows | CVE-2021-34438 | Windows Font Driver Host Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-34488 | Windows Console Driver Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-34489 | DirectWrite Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-34440 | GDI+ Information Disclosure Vulnerability | Important |
| Windows | CVE-2021-34490 | Windows TCP/IP Driver Denial-of-Service Vulnerability | Important |
| Microsoft Office | CVE-2021-34451 | Microsoft Office Online Server Spoofing Vulnerability | Important |
| Windows | CVE-2021-34454 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
| Windows | CVE-2021-34504 | Windows Address Book Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-34455 | Windows File History Service Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-34456 | Windows Remote Access Connection Manager Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-34457 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
| Windows | CVE-2021-34507 | Windows Remote Assistance Information Disclosure Vulnerability | Important |
| Windows | CVE-2021-34508 | Windows Kernel Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-34459 | Windows AppContainer Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-34509 | Storage Spaces Controller Information Disclosure Vulnerability | Important |
| Windows | CVE-2021-34460 | Storage Spaces Controller Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-34510 | Storage Spaces Controller Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-34511 | Windows Installer Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-34461 | Windows Container Isolation FS Filter Driver Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-34512 | Storage Spaces Controller Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-34462 | Windows AppX Deployment Extensions Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-34513 | Storage Spaces Controller Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-34514 | Windows Kernel Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-34516 | Win32k Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-34466 | Windows Hello Security Feature Bypass Vulnerability | Important |
| Microsoft Office | CVE-2021-34517 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Exchange Server | CVE-2021-34470 | Microsoft Exchange Server Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-34525 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| .NET Education Bundle SDK Install Tool,.NET Install Tool for Extension Authors | CVE-2021-34477 | Visual Studio Code .NET Runtime Privilege Escalation Vulnerability | Important |
| Visual Studio Code | CVE-2021-34529 | Visual Studio Code Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2021-34519 | Microsoft SharePoint Information Disclosure Vulnerability | Moderate |
Statement
This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.
