VERT Threat Alert: August 2021 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s August 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-959 on Wednesday, August 11th.

In-The-Wild & Disclosed CVEs

CVE-2021-36948

This privilege escalation vulnerability that affects the Windows Update Medic Service (WaasMedic) has been actively exploited. Medic Service is a feature of modern Windows operating systems that repairs and protects your Windows Update components. For example, if you disable Windows Update services, WaasMedic will restart them.

Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.

CVE-2021-36936

The print spooler has been a popular target the past few months and this month is no different. CVE-2021-36936 is yet another print spooler vulnerability. This has been publicly disclosed but not yet exploited.

Microsoft has rated this as Exploitation More Likely on the latest software release on the Exploitability Index.

CVE-2021-36942

This vulnerability was the subject of Microsoft Security Advisory ADV210003, which was released on July 23. Microsoft then released mitigation guidance on July 28. Today, we see a patch for CVE-2021-36942 aka PetitPotam, an NTLM Relay attack that targets the LSARPC interface. It could allow unauthenticated attackers to force a domain controller to authenticate against a malicious server using NTLM. The patch resolves the vulnerability by blocking the affected API calls (OpenEncryptedFileRawA and OpenEncryptedFileRawW).

Microsoft has rated this as Exploitation More Likely on the latest software release on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

Tag CVE Count CVEs
.NET Core & Visual Studio 2 CVE-2021-26423, CVE-2021-34485
Microsoft Office Word 1 CVE-2021-36941
Windows Media 1 CVE-2021-36927
Windows Cryptographic Services 1 CVE-2021-36938
Remote Desktop Client (Read more…)

Similar Posts