Microsoft August Security Updates for Multiple High-Risk Product Vulnerabilities

Microsoft August Security Updates for Multiple High-Risk Product Vulnerabilities

agosto 27, 2021 | Jie Ji

Overview

According to NSFOCUS CERT’s monitoring, Microsoft released August 2021 Security Updates on August 11 to fix 46 vulnerabilities, including high-risk remote code execution and privilege escalation, in widely used products like Windows, Microsoft Office, ASP.NET Core, Visual Studio, and Azure.

This month’s security updates fix seven critical vulnerabilities and 39 important ones, including three 0-day vulnerabilities with two already published in July:

Windows Privilege Escalation Vulnerability (CVE-2021-36934)

Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-34481)

Affected users are advised to apply patches. For details, please refer to the Appendix: Vulnerability List.

NSFOCUS Remote Security Assessment System (RSAS) can detect most of the vulnerabilities (including high-risk ones such as CVE-2021-36936, CVE-2021-26424, CVE-2021-36947, CVE-2021-34534, and CVE-2021-26432) fixed by these security updates. Customers are advised to immediately update the plug-in package of their RSAS to V6.0R02F01.2405, which is available at http://update.nsfocus.com/update/listRsasDetail/v/vulsys.

Reference link: https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-Aug

Description of Major Vulnerabilities

Based on the product popularity and vulnerability importance, we present high-impact vulnerabilities covered in the updates:

Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-36936):

Print Spooler is a service to manage print jobs in the Windows system. Domain users can remotely exploit this vulnerability to execute arbitrary code on the domain controller with SYSTEM privileges, thereby gaining control of the entire domain. Details of this vulnerability has been made publicly available.

For vulnerability details, visit the following links:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36936

Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-36947)

Windows Print Spooler contains a remote code execution vulnerability that allows attackers with low privileges to cause remote code execution on the target host without user interactions.

For vulnerability details, visit the following links:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36947

Windows TCP/IP Remote Code Execution Vulnerability (CVE-2021-26424)

Windows TCP/IP contains a remote code execution vulnerability because a boundary error exists when tcpip.sys handles TCP/IP packets that are sent via the IPv6 protocol. A remote Hyper-V guest could cause arbitrary code execution on the target host by sending a crafted IPv6 ping to a vulnerable Hyper-V host to trigger memory corruption.

For vulnerability details, visit the following links:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/ CVE-2021-26424

Windows LSA Spoofing Vulnerability (CVE-2021-36942)

Windows LSA is prone to a spoofing vulnerability which allows an unauthenticated attacker to steal the NTLM hash from the domain controller or other hosts without user interactions. Currently, details of this vulnerability has been made publicly available.

For vulnerability details, visit the following links:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36942

Windows Update Medic Service Privilege Escalation Vulnerability (CVE-2021-36948)

Windows Update Medic contains a boundary error that allows attackers to obtain high-level privileges to take over devices. Currently, this vulnerability is found to be exploited in the wild.

For vulnerability details, visit the following link:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36948

Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability (CVE-2021-26432)

A vulnerability in the RPCXDR kernel driver in NFS Windows Services allows an unauthenticated remote attacker to execute arbitrary code on the target host without user interactions.

For vulnerability details, visit the following link:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26432

Remote Desktop Client Remote Code Execution Vulnerability (CVE-2021-34535)

Windows Remote Desktop Client contains a remote code execution vulnerability that allows unauthenticated attackers to authenticate in the network in the same way a user would, so as to gain system privileges.

For vulnerability details, visit the following link:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34535

Scripting Engine Memory Corruption Vulnerability (CVE-2021-34480)

Windows Scripting Engine contains a memory corruption vulnerability that allows remote attackers to cause arbitrary code execution on the target system by tricking a victim into visiting a malicious website or opening a crafted file to trigger memory corruption.

For vulnerability details, visit the following link:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/ CVE-2021-34480

Scope of Impact

The following table lists affected products and versions that require special attention. Please view Microsoft’s security updates for other products affected by these vulnerabilities.

CVE IDAffected Products and Versions
CVE-2021-36936
CVE-2021-36947
CVE-2021-26424
Windows Server, version 20H2 (Server Core Installation)
Windows Server, version 2004 (Server Core installation)
Windows Server 2019  (Server Core installation)
Windows Server 2019
Windows Server 2016  (Server Core installation)
Windows Server 2016
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
CVE-2021-36942Windows Server, version 20H2 (Server Core Installation)
Windows Server, version 2004 (Server Core installation)
Windows Server 2019  (Server Core installation)
Windows Server 2019
Windows Server 2016  (Server Core installation)
Windows Server 2016
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
CVE-2021-36948Windows Server, version 20H2 (Server Core Installation)
Windows Server, version 2004 (Server Core installation)
Windows Server 2019  (Server Core installation)
Windows Server 2019
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2021-26432Windows Server, version 20H2 (Server Core Installation)
Windows Server, version 2004 (Server Core installation)
Windows Server 2019  (Server Core installation)
Windows Server 2019
Windows Server 2016  (Server Core installation)
Windows Server 2016
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
CVE-2021-34535Windows Server 2019
Windows Server 2016
Windows Server 2012 R2
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems Remote Desktop client for Windows Desktop
CVE-2021-34480Windows Server 2019
Windows Server 2016
Windows Server 2012 R2
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems

Mitigation

Patch Update

Currently, Microsoft has released security updates to fix the preceding vulnerabilities in product versions supported by Microsoft. Affected users are strongly advised to apply these updates as soon as possible. These updates are available at the following link:

https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-Aug

Note: Windows Update may fail due to network and computer environment issues. Therefore, users are advised to check whether the patches are successfully applied immediately upon installation.

Click the Start button and choose Settings (N) > Security & Security > Windows Update to view the prompt message on the page. Alternatively, please view historical updates by clicking the View update history button.

If an update fails to be successfully installed, you can click the update name to open the Microsoft’s official update download page. Users are advised to click the links on the page to visit the “Microsoft Update Catalog” website to download and install independent packages.

Appendix: Vulnerability List

WindowsCVE-2021-34480Scripting Engine Memory Corruption VulnerabilityCritical
WindowsCVE-2021-34534Windows MSHTML Platform Remote Code Execution VulnerabilityCritical
WindowsCVE-2021-26424Windows TCP/IP Remote Code Execution VulnerabilityCritical
WindowsCVE-2021-36936Windows Print Spooler Remote Code Execution VulnerabilityCritical
WindowsCVE-2021-34530Microsoft Windows Graphics Component Remote Code Execution VulnerabilityCritical
WindowsCVE-2021-34535Remote Desktop Client Remote Code Execution VulnerabilityCritical
WindowsCVE-2021-26432Windows Services for NFS ONCRPC XDR Driver Remote Code Execution VulnerabilityCritical
AzureCVE-2021-33762Azure CycleCloud Privilege Escalation VulnerabilityImportant
Microsoft DynamicsCVE-2021-34524Microsoft Dynamics 365 (on-premises) Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-34478Microsoft Office Remote Code Execution VulnerabilityImportant
WindowsCVE-2021-34486Windows Event Tracing Privilege Escalation VulnerabilityImportant
WindowsCVE-2021-34536Storage Spaces Controller Privilege Escalation VulnerabilityImportant
WindowsCVE-2021-34487Windows Event Tracing Privilege Escalation VulnerabilityImportant
WindowsCVE-2021-34537Windows Bluetooth Driver Privilege Escalation VulnerabilityImportant
Visual Studio, .NET, .NET Core, Microsoft Visual StudioCVE-2021-26423.NET Core and Visual Studio Denial-of-Service VulnerabilityImportant
WindowsCVE-2021-26425Windows Event Tracing Privilege Escalation VulnerabilityImportant
WindowsCVE-2021-26426Windows User Account Profile Picture Privilege Escalation VulnerabilityImportant
AzureCVE-2021-26428Azure Sphere Information Disclosure VulnerabilityImportant
AzureCVE-2021-26429Azure Sphere Privilege Escalation VulnerabilityImportant
AzureCVE-2021-26430Azure Sphere Denial-of-Service VulnerabilityImportant
WindowsCVE-2021-36937Windows Media MPEG-4 Video Decoder Remote Code Execution VulnerabilityImportant
WindowsCVE-2021-36938Windows Cryptographic Primitives Library Information Disclosure VulnerabilityImportant
WindowsCVE-2021-36942Windows LSA Spoofing VulnerabilityImportant
Microsoft OfficeCVE-2021-36940Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft OfficeCVE-2021-36941Microsoft Word Remote Code Execution VulnerabilityImportant
WindowsCVE-2021-36945Windows 10 Update Assistant Privilege Escalation VulnerabilityImportant
Microsoft DynamicsCVE-2021-36946Microsoft Dynamics Business Central Cross-Site Scripting VulnerabilityImportant
WindowsCVE-2021-36947Windows Print Spooler Remote Code Execution VulnerabilityImportant
WindowsCVE-2021-36948Windows Update Medic Service Privilege Escalation VulnerabilityImportant
AzureCVE-2021-36949Microsoft Azure Active Directory Connect Authentication Bypass VulnerabilityImportant
Microsoft DynamicsCVE-2021-36950Microsoft Dynamics 365 (On-Premises) Cross-Site Scripting VulnerabilityImportant
System CenterCVE-2021-34471Microsoft Windows Defender Privilege Escalation VulnerabilityImportant
ASP.NET Core, Visual Studio, Microsoft Visual StudioCVE-2021-34532ASP.NET Core and Visual Studio Information Disclosure VulnerabilityImportant
WindowsCVE-2021-34533Windows Graphics Component Font Parsing Remote Code Execution VulnerabilityImportant
WindowsCVE-2021-34483Windows Print Spooler Privilege Escalation VulnerabilityImportant
WindowsCVE-2021-34484Windows User Profile Service Privilege Escalation VulnerabilityImportant
.NET,.NET Core, Microsoft Visual StudioCVE-2021-34485.NET Core and Visual Studio Information Disclosure VulnerabilityImportant
WindowsCVE-2021-26431Windows Recovery Environment Agent Privilege Escalation VulnerabilityImportant
WindowsCVE-2021-26433Windows Services for NFS ONCRPC XDR Driver Information Disclosure VulnerabilityImportant
WindowsCVE-2021-36926Windows Services for NFS ONCRPC XDR Driver Information Disclosure VulnerabilityImportant
WindowsCVE-2021-36927Windows Digital TV Tuner Device Registration Application Privilege Escalation VulnerabilityImportant
WindowsCVE-2021-36932Windows Services for NFS ONCRPC XDR Driver Information Disclosure VulnerabilityImportant
WindowsCVE-2021-36933Windows Services for NFS ONCRPC XDR Driver Information Disclosure VulnerabilityImportant
AzureCVE-2021-36943Azure CycleCloud Privilege Escalation VulnerabilityImportant

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.

NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA). A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.