August, 2021: Patch Tuesday: Printer Spooler fixes and other Public Exploitations

Welcome to this August Patch Tuesday newsletter.   This month security updates address 88 different CVE's.  Last month CVE-2021-34527 was addressed but was updated July 16th.  I'm mentioning it because it is currently being exploited, it's publicly disclosed and Microsoft rates it as "Exploitation Detected".  6 CVE's are are publicly disclosed and are highlight in the chart below in orange.  Of those CVE's the following four (CVE-2021-34481, CVE-2021-36934, CVE-2021-36936, CVE-2021-36942) should be given attention because they are not only publicly disclosed but also rated as "Exploitation More Likely by Microsoft.  Special attention should be given to one of those four, CVE-2021-36936.  Not only is that one public but it's also another fix for Windows Print Spooler.  I'm sure that mention of that is enough to get your attention after last months PrintingNightmare.  In addition to these, there are seven critical Remote Code Execution vulnerabilities addressed this month affecting various flavors of Windows OS's.  

Patch data provided by:

 LOGbinder.com

Technology

Products Affected

Severity

Reference

Workaround/ Exploited / Publicly Disclosed

Vulnerability Info

Windows

Windows 7, 8.1, RT 8.1, 10

Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019 including Server Core Installations

Remote Desktop client for Windows

Windows Update Assistant

Critical

ADV210003
CVE-2021-26424
CVE-2021-26425
CVE-2021-26426
CVE-2021-26431
CVE-2021-26432
CVE-2021-26433
CVE-2021-34480
CVE-2021-34481
CVE-2021-34483
CVE-2021-34484
CVE-2021-34486
CVE-2021-34487
CVE-2021-34530
CVE-2021-34533
CVE-2021-34534
CVE-2021-34535
CVE-2021-34536
CVE-2021-34537
CVE-2021-36926
CVE-2021-36927
CVE-2021-36932
CVE-2021-36933
CVE-2021-36934
CVE-2021-36936
CVE-2021-36937
CVE-2021-36938
CVE-2021-36942
CVE-2021-36945
CVE-2021-36947
CVE-2021-36948

Workaround: No


Exploited: Yes


Public: Yes

Elevation of Privilege

Information Disclosure

Remote Code Execution

Spoofing

Azure

CycleCloud 7.9.10 & 8.2.0

Sphere

Active Directory Connect 1.6.4.0

Important

CVE-2021-36943
CVE-2021-26430
CVE-2021-26429
CVE-2021-26428
CVE-2021-33762
CVE-2021-36949

Workaround: No
Exploited: No
Public: No

Elevation of Privilege
Denial of Service
Information Disclosure

Edge

Chromium-based

Important

CVE-2021-30541
CVE-2021-30559
CVE-2021-30560
CVE-2021-30561
CVE-2021-30562
CVE-2021-30563
CVE-2021-30564
CVE-2021-30565
CVE-2021-30566
CVE-2021-30567
CVE-2021-30568
CVE-2021-30569
CVE-2021-30571
CVE-2021-30572
CVE-2021-30573
CVE-2021-30574
CVE-2021-30575
CVE-2021-30576
CVE-2021-30577
CVE-2021-30578
CVE-2021-30579
CVE-2021-30580
CVE-2021-30581
CVE-2021-30582
CVE-2021-30583
CVE-2021-30584
CVE-2021-30585
CVE-2021-30586
CVE-2021-30587
CVE-2021-30588
CVE-2021-30589
CVE-2021-30590
CVE-2021-30591
CVE-2021-30592
CVE-2021-30593
CVE-2021-30594
CVE-2021-30596
CVE-2021-30597
CVE-2021-36928
CVE-2021-36929
CVE-2021-36931

Workaround: No
Exploited: No
Public: No

Elevation of Privilege

Information Disclosure

Visual Studio

2017 15.9 and earlier

2019 16.10 and earlier

2019 Mac Version 8.10

Important

CVE-2021-26423
CVE-2021-34485
CVE-2021-34532

Workaround: No
Exploited: No
Public: No

Denial of Service

Information Disclosure

ASP.NET

Core 2.1, 3.1, 5.0

Important

CVE-2021-34532

Workaround: No
Exploited: No
Public: No

Information Disclosure

.NET

Core 2.1, 3.1, 5.0

Important

CVE-2021-26423
CVE-2021-34485

Workaround: No
Exploited: No
Public: No

Information Disclosure,
Denial of Service

Dynamics 365

Central 2019 Spring Update

On-Premises 9.0, 9.1

2020 Release Wave 1 Update 16.15

2020 Release Wave 2 Update 17.9

NAV 2017, 2018

Important

CVE-2021-34524
CVE-2021-36946
CVE-2021-36950

Workaround: No
Exploited: No
Public: No

Remote Code Execution

Spoofing

Office

365 Apps for Enterprise

Office 2019, 2019 for Mac

SharePoint Enterprise 2013 SP1, 2016

SharePoint Server 2019

Important

CVE-2021-34478
CVE-2021-36940
CVE-2021-36941

Workaround: No
Exploited: No
Public: No

 

Remote Code Execution

Spoofing

 

SQL Server

Power BI Report Server

Important

CVE-2021-31984

Workaround: No
Exploited: No
Public: No

 

Remote Code Execution

 

System Center

Microsoft Malware Protection Engine

Important

CVE-2021-34471

Workaround: No
Exploited: No
Public: No

Elevation of Privilege