Microsoft fixed a total of 44 vulnerabilities during this month’s patch Tuesday, seven of which were rated as ‘Critical.’
While it was a much lighter Patch Tuesday than the past few months, the tech giant released several high-priority fixes.
These included new patches released to “more completely” address two publicly disclosed Print Spooler vulnerabilities, CVE-2021-34481 and CVE-2021-36936. Chris Goettl, senior director of product management at Ivanti, explained that these fixes should be an especially high priority in light of the public disclosure.
“In this case, right on the tails of multiple known exploited print spooler vulnerabilities, including PrintNightmare (CVE-2021-34527), the risk of these publicly disclosed vulnerabilities being exploited has increased,” he said.
“As a threat actor investigates code for vulnerabilities, they will potentially be looking for multiple ways to exploit a weak code area. White Hat researchers were able to uncover and report these additional exploits, so we should expect threat actors to be able to identify these additional vulnerabilities as well.”
Microsoft also published details of an elevation of privilege vulnerability, CVE-2021-36934, on July 20th. Adam Bunn, lead software engineer at Rapid7, said administrators should prioritize taking action on this vulnerability, which he warned requires significant workarounds. He explained, “With a public proof-of-concept having been available for some time, administrators should prioritize taking action on CVE-2021-36934. Remediation for this vulnerability requires volume shadow copies for system files to be deleted. This is due to the nature of the vulnerability, as the files with the vulnerable permissions could be restored from a backup and accessed even after the patch is installed. Microsoft indicates they took caution not to delete users’ backups, but the trade-off is that customers will need to do the chore themselves.”
Bunn believes another high priority for patching teams should be CVE-2021-36942, one of the vulnerabilities exploited in the PetitPotam attack. “After applying this update, there are additional configurations required in order to protect systems from other attack vectors using registry keys,” he added.
A resolution was also released for an elevation of Privilege vulnerability (CVE-2021-36948) in Windows Update Medic Service, which Microsoft rated as ‘Important.’ This affects Windows 10 1809 and Server 2019 and later OS versions and has been publicly disclosed, which Goettl noted puts it “at higher risk of being exploited.”
There was a fix for a zero day in Windows 10 1809 and Server 2019 and later OS versions, CVE-2021-36948. This elevation of privilege vulnerability in the Windows Update Medic Service was assigned as ‘Important’ by Microsoft.
Additionally, there were several updates released by Mozilla for Mozilla Firefox, Firefox ESR and Thunderbird this month. The Firefox updates are rated ‘High’, resolving 11 CVEs.