Microsoft has released the August 2021 edition of Patch Tuesday. The company releases patches security updates on second Tuesday of every month, making it Patch Tuesday. In August 2021 Patch Tuesday, the company released patches for 44 vulnerabilities. Of these, 7 are critical, 2 were previously disclosed and 1 is being exploited according to Microsoft.
Thirteen of the patches are remote code execution vulnerability while another eight revolved around information disclosure.
The affected tools include Azure, Windows Update, Windows Print Spooler Components, .Net 5.0, Windows Media, Windows Defender, Remote Desktop Client, Microsoft Dynamics, Microsoft Edge, Microsoft Office, Microsoft Office Word and more. One of the most important patches released include the Windows Print Spooler Remote Code Execution vulnerability, which was discovered in June.
“Today, we are addressing this risk by changing the default Point and Print driver installation and update behavior to require administrator privileges. The installation of this update with default settings will mitigate the publicly documented vulnerabilities in the Windows Print Spooler service. This change will take effect with the installation of the security updates released on August 10, 2021 for all supported versions of Windows, and is documented as CVE-2021-34481,” said the company in a blog post. The company said that the change may impact Windows print clients in scenarios where non-elevated users were previously able to add or update printers.
Other critical vulnerabilities are reportedly of the browse-and-own variety, which means that the an attacker would need to convince a user to browse to a specially crafted website.
Other critical and important zero day bugs fixed include:
Critical: CVE-2021-34480 Scripting Engine Memory Corruption Vulnerability
Critical: CVE-2021-34534 Windows MSHTML Platform Remote Code Execution Vulnerability
Critical: CVE-2021-36936 Windows Print Spooler Remote Code Execution Vulnerability
Critical: CVE-2021-26424 Windows TCP/IP Remote Code Execution Vulnerability
Important: CVE-2021-36948 Windows Update Medic Service Elevation of Privilege Vulnerability
Important: CVE-2021-36942 Windows LSA Spoofing Vulnerability
Important: CVE-2021-36936 Windows Print Spooler Remote Code Execution Vulnerability
Important: CVE-2021-34532 ASP.NET Core and Visual Studio Information Disclosure Vulnerability
Important: CVE-2021-33762 Azure CycleCloud Elevation of Privilege Vulnerability
Important: CVE-2021-30596Chromium: CVE-2021-30596 Incorrect security UI in Navigation
Important: CVE-2021-36949 Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
