August Patch Tuesday Commentary from Ivanti
August Patch Tuesday is much lighter than the past few months. A total of 44 vulnerabilities were resolved by Microsoft, seven of which are rated as Critical by Microsoft. The updates address vulnerabilities in the Windows OS, Office, SharePoint, and a host of development tools including .NET Core, ASP .NET, and Azure. There is one Zero Day this month and four publicly disclosed vulnerabilities. As foreshadowed by security analysts in July, there are more fixes for the Print Spooler that are amongst the list of CVEs that you will want to address in a timely manner.
Microsoft resolved a Zero Day vulnerability in Windows 10 1809 and Server 2019 and later OS versions. CVE-2021-36948 is an Elevation of Privilege vulnerability in the Windows Update Medic Service. Microsoft assigned the severity of this vulnerability as Important and CVSSv3 is 7.8.
Microsoft resolved a pair of Print Spooler vulnerabilities (CVE-2021-34481 and CVE-2021-36936) that are both marked as Publicly Disclosed. CVE-2021-34481 is actually a re-release from July Patch Tuesday. After a more complete investigation, Microsoft made an additional update to address the vulnerability more completely. Normally a public disclosure is enough to put a vulnerability at higher risk of being exploited since details of the vulnerability had been made available prior to the update being released. In this case, right on the tails of multiple known exploited print spooler vulnerabilities, including PrintNightmare (CVE-2021-34527) the risk of these publicly disclosed vulnerabilities being exploited has increased. As a threat actor investigates code for vulnerabilities, they will potentially be looking for multiple ways to exploit a weak code area. White Hat researchers were able to uncover and report these additional exploits, so we should expect threat actors to be able to identify these additional vulnerabilities as well.
On July 20th, Microsoft released details of CVE-2021-36934, which is an Elevation of Privilege vulnerability also known as HiveNightmare or SeriousSAM. The vulnerability got quite a bit of buzz in patch management forums like PatchManagement.org due to the nature of the workaround as it required deleting Volume Shadow Copies and creating a new restore point once the ACLs had been updated. Expect the buzz to turn to a grumble as the notes of the CVE outline a need to delete all shadow copies of your system volume to fully mitigate the vulnerability even after applying the security update.
An Elevation of Privilege vulnerability (CVE-2021-36948) in Windows Update Medic Service has been resolved. The vulnerability was rated as Important and affects Windows 10 1809 and Server 2019 and later OS versions. The vulnerability has been publicly disclosed putting it at higher risk of being exploited.
Mozilla has also released updates for Mozilla Firefox, Firefox ESR and Thunderbird this month. The Firefox updates resolve 11 CVEs and the update is rated as High by Mozilla.
Daily Bulletin
