July 2021 Patch Tuesday: Actively Exploited CVE-2021-34448 Fixed
Microsoft Windows July 2021 Patch Tuesday just rolled out, patching 12 critical security vulnerabilities in a total of 116 issues. It is noteworthy that three of the issues addressed this month were actively exploited in the wild.
These bugs include a critical scripting engine memory corruption issue known as CVE-2021-34448, and two Windows kernel elevation-of-privilege flaws, CVE-2021-31979, CVE-2021-33771, both rated as important in severity. Overall, patches this month include Windows, Microsoft Office, SharePoint Server, and Exchange Server.
An Update for the PrintNightmare Vulnerability
This month, Microsoft also released an update for the so-called PrintNightmare vulnerability that could enable remote execution attacks. First disclosed in April, the PrintNightmare bug turned out to be more severe than previously thought. The company first released an out-of-base fix to address the bug, although there are suspicions the bug could still be exploited.
Here’s more about the PrintNightmare bug: CVE-2021-1675/ CVE-2021-34527 is a critical Windows vulnerability with an available proof-of-concept that could enable remote attackers execute code. The PoC code was shared on GitHub, and taken down within a few hours. However, these few hours were enough for the code to be copied. It was initially addressed in June 2021 Patch Tuesday as an insignificant elevation-of-privilege issue.
However, security researchers from Tencent and NSFOCUS TIANJI Lab discovered that the CVE-2021-1675 bug could be deployed in RCE attacks, automatically changing its status to critical.
Other Critical Issues Fixed in July 2021 Patch Tuesday: CVE-2021-34448, CVE-2021-34473, CVE-2021-34464
In addition to the print spooler bug, Microsoft fixed another actively exploited issue.
CVE-2021-34448 is a memory corruption flaw located in the Scripting Engine. The bug can be triggered when the user opens a specially crafted file, either attached to an email or a compromised website, according to Cisco Talos.
Another critical flaw this July is CVE-2021-34473, which resides in Microsoft Exchange Server. “This vulnerability was already patched in Microsoft’s April security update but was mistakenly not disclosed. Users who already installed the April 2021 update are already protected from this vulnerability, though it is worth noting that this issue was part of a series of zero-days in Exchange Server used in a wide-ranging APT attack,” Cisco Talos said.
The last critical vulnerability is located in Microsoft Defender and is known under the CVE-2021-34464 identifier. The flaw could lead to remote code execution attacks. It should be mentioned that no action is needed to resolve the issue, as the update will install automatically.
Important Vulnerabilities Also Fixed
Three other vulnerabilities that deserve attention were discovered in the SharePoint Server, potentially allowing for RCE attacks. All three bugs, known as CVE-2021-34520, CVE-2021-34467 and CVE-2021-34468 are rated as important in terms of their impact. However, since exploitation is quite likely with these three, they should not be overlooked, Microsoft said.
The rest of the important flaws fixed in July 2021 Patch Tuesday are the following:
- CVE-2021-34449
- CVE-2021-33780
- CVE-2021-33771
- CVE-2021-31979
A complete list of all issues fixed this month is available on Microsoft’s dedicated page.
We remind you how important it is to apply any updates as soon as they are made available by the vendor.