Webinar Library
Welcome to this August Patch Tuesday newsletter. This month security updates address 88 different CVE's. Last month CVE-2021-34527 was addressed but was updated July 16th. I'm mentioning it because it is currently being exploited, it's publicly disclosed and Microsoft rates it as "Exploitation Detected". 6 CVE's are are publicly disclosed and are highlight in the chart below in orange. Of those CVE's the following four (CVE-2021-34481, CVE-2021-36934, CVE-2021-36936, CVE-2021-36942) should be given attention because they are not only publicly disclosed but also rated as "Exploitation More Likely by Microsoft. Special attention should be given to one of those four, CVE-2021-36936. Not only is that one public but it's also another fix for Windows Print Spooler. I'm sure that mention of that is enough to get your attention after last months PrintingNightmare. In addition to these, there are seven critical Remote Code Execution vulnerabilities addressed this month affecting various flavors of Windows OS's.
Patch data provided by:
Technology
Products Affected
Severity
Reference
Workaround/ Exploited / Publicly Disclosed
Vulnerability Info
Windows
Windows 7, 8.1, RT 8.1, 10
Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019 including Server Core Installations
Remote Desktop client for Windows
Windows Update Assistant
Critical
ADV210003 CVE-2021-26424 CVE-2021-26425 CVE-2021-26426 CVE-2021-26431 CVE-2021-26432 CVE-2021-26433 CVE-2021-34480 CVE-2021-34481 CVE-2021-34483 CVE-2021-34484 CVE-2021-34486 CVE-2021-34487 CVE-2021-34530 CVE-2021-34533 CVE-2021-34534 CVE-2021-34535 CVE-2021-34536 CVE-2021-34537 CVE-2021-36926 CVE-2021-36927 CVE-2021-36932 CVE-2021-36933 CVE-2021-36934 CVE-2021-36936 CVE-2021-36937 CVE-2021-36938 CVE-2021-36942 CVE-2021-36945 CVE-2021-36947 CVE-2021-36948
Workaround: No
Exploited: Yes
Public: Yes
Elevation of Privilege
Information Disclosure
Remote Code Execution
Spoofing
Azure
CycleCloud 7.9.10 & 8.2.0
Sphere
Active Directory Connect 1.6.4.0
Important
CVE-2021-36943 CVE-2021-26430 CVE-2021-26429 CVE-2021-26428 CVE-2021-33762 CVE-2021-36949
Workaround: No Exploited: No Public: No
Elevation of Privilege Denial of Service Information Disclosure
Edge
Chromium-based
CVE-2021-30541 CVE-2021-30559 CVE-2021-30560 CVE-2021-30561 CVE-2021-30562 CVE-2021-30563 CVE-2021-30564 CVE-2021-30565 CVE-2021-30566 CVE-2021-30567 CVE-2021-30568 CVE-2021-30569 CVE-2021-30571 CVE-2021-30572 CVE-2021-30573 CVE-2021-30574 CVE-2021-30575 CVE-2021-30576 CVE-2021-30577 CVE-2021-30578 CVE-2021-30579 CVE-2021-30580 CVE-2021-30581 CVE-2021-30582 CVE-2021-30583 CVE-2021-30584 CVE-2021-30585 CVE-2021-30586 CVE-2021-30587 CVE-2021-30588 CVE-2021-30589 CVE-2021-30590 CVE-2021-30591 CVE-2021-30592 CVE-2021-30593 CVE-2021-30594 CVE-2021-30596 CVE-2021-30597 CVE-2021-36928 CVE-2021-36929 CVE-2021-36931
Visual Studio
2017 15.9 and earlier
2019 16.10 and earlier
2019 Mac Version 8.10
CVE-2021-26423 CVE-2021-34485 CVE-2021-34532
Denial of Service
ASP.NET
Core 2.1, 3.1, 5.0
CVE-2021-34532
.NET
CVE-2021-26423 CVE-2021-34485
Information Disclosure, Denial of Service
Dynamics 365
Central 2019 Spring Update
On-Premises 9.0, 9.1
2020 Release Wave 1 Update 16.15
2020 Release Wave 2 Update 17.9
NAV 2017, 2018
CVE-2021-34524 CVE-2021-36946 CVE-2021-36950
Office
365 Apps for Enterprise
Office 2019, 2019 for Mac
SharePoint Enterprise 2013 SP1, 2016
SharePoint Server 2019
CVE-2021-34478 CVE-2021-36940 CVE-2021-36941
SQL Server
Power BI Report Server
CVE-2021-31984
System Center
Microsoft Malware Protection Engine
CVE-2021-34471