High Threat Security Alert (A21-08-06): Multiple Vulnerabilities in Microsoft Products (August 2021)

Description:

Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. The list of security updates can be found at:

https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-Aug

Reports indicated that an elevation of privilege vulnerability in Microsoft Windows 10 and some versions of Windows Server (CVE-2021-36948) is being actively exploited and multiple vulnerabilities in Microsoft Windows and Server (CVE-2021-36936, CVE-2021-36942 and CVE-2021-36947) are also at a high risk of exploitation. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

Affected Systems:

• Microsoft Windows 7, 8.1, RT 8.1, 10
• Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019
• Microsoft Windows Server, version 2004, version 20H2
• Microsoft Office 2019, 2019 for Mac
• Microsoft 365 Apps for Enterprise
• Microsoft SharePoint Enterprise Server 2013, 2016
• Microsoft SharePoint Server 2019
• Microsoft Visual Studio 2017, 2019, 2019 for Mac version 8.10
• Microsoft Azure Active Directory Connect, Provisioning Agent
• Microsoft Azure CycleCloud 7.9.10, 8.2.0
• Microsoft Azure Sphere
• Microsoft Dynamics 365 (on-premises) version 9.0, version 9.1
• Microsoft Dynamics 365 Business Central 2019, 2020
• Microsoft Dynamics NAV 2017, 2018
• Microsoft Malware Protection Engine
• .NET 5.0
• .NET Core 2.1, 3.1
• ASP.NET Core 2.1, 3.1, 5.0
• Remote Desktop client for Windows Desktop
• Windows Update Assistant

Impact:

Depending on the vulnerability exploited, a successful attack could lead to remote code execution, elevation of privilege, information disclosure, denial of service and spoofing.

Recommendation:

Patches for affected products are available from the Windows Update / Microsoft Update Catalog. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

More Information:

• https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-Aug
• https://www.hkcert.org/security-bulletin/microsoft-monthly-security-update-august-2021
• https://us-cert.cisa.gov/ncas/current-activity/2021/08/10/microsoft-releases-august-2021-security-updates
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26423 (to CVE-2021-26426)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26428 (to CVE-2021-26433)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33762
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34471
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34478
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34480
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34483 (to CVE-2021-34487)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34524
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34530
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34532 (to CVE-2021-34537)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36926
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36927
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36932
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36933
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36936 (to CVE-2021-36938)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36940 (to CVE-2021-36943)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36945 (to CVE-2021-36950)