Patch Tuesday is once again upon us. The August 2021 edition of Patch Tuesday brings us 47 fixes, 7 of which are rated as critical with 1 actively exploited. We've listed the most important changes below.
Multiple Print Spooler Remote Code Execution Vulnerabilities Fixed
After the infamous PrintNightmare vulnerability was fixed, a second Print Spooler service vulnerability was quickly discovered. CVE-2021-34481 was disclosed on July 15 and remained unpatched until now. Microsoft recommended keeping the Print Spooler service disabled, but after today's patch, it should be once again safe to enable the Print Spooler service in your environment.
Additionally, another two Print Spooler service RCEs were detected and fixed, making it 4 RCE vulnerabilities in only 2 months' time. CVE-2021-36936 and CVE-2021-36947 were disclosed in today's patch Tuesday and both having a base CVSS 3.0 score of 8.8 are even more severe than the previous Print Spooler RCE vulnerability.
Windows Update Elevation of Privilege Vulnerability Actively Exploited
The Windows Update Medic Service also got a fix in todays' patch Tuesday. The Medic Service or WaasMedic is a background service that was added to Windows 10 in the new method Windows 10 handles the updating process. It is designed to repair the Windows Update service so that devices can continue to receive updates unhindered. Unfortunately, an elevation of privilege vulnerability was detected in this component, CVE-2021-36948 has a CVSS 3.0 score of 7.8 and has been actively exploited according to Microsoft.
Severe Hyper-v Vulnerabilties Fixed
CVE-2021-26424, a Windows TCP/IP remote code execution vulnerability that can be exploited by a malicious Hyper-V guest sending an ipv6 ping to the Hyper-V host has been fixed. An attacker could send a specially crafted TCPIP packet to its host utilizing the TCPIP Protocol Stack (tcpip.sys) to process packets which could lead to remote code execution. With a CVSS 3.0 score of 9.9, it is just short of a perfect 10 and should motivate everyone to update as soon as possible.
Another high-profile vulnerability that got fixed is PetitPotam. Listed as a Windows LSA spoofing vulnerability, CVE-2021-36942 has been included in this months' patch Tuesday so your domain controllers are a little safer again.
Run the Patch Tuesday August 2021 Audit Report
To help manage your update progress, we've created the Patch Tuesday Audit Report that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see at a glance which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.