Microsoft Patch Tuesday – July 2021

9 Zero-days Fixed - 3 Actively Exploited

Patch Tuesday is once again upon us. The Patch Tuesday, July 2021 brings us 117 fixes, 15 of which are rated as critical including a highly critical Microsoft Sharepoint Server RCE vulnerability. We've listed the most important changes below and listed all of the fixes included.

⚡ TL;DR | Go Straight to the July 2021 Patch Tuesday Audit Report

CVE-2021-34527 - PrintNightmare

PrintNightmare has been the topic of the month. The vulnerability in the Print Spooler service was disclosed in CVE-2021-1675 last month, however, it was quickly discovered there was a much larger vulnerability at hand. PrintNightmare received its own CVE code later CVE-2021-34527. This month's cumulative update also includes the out-of-band update changes Microsoft released to fix the PrintNightmare vulnerability, so if you haven't updated last week, it is critical you do now. If you're interested in a PrintNightmare specific report, check out our PrintNightmare Audit.

CVE-2021-34473- Microsoft Exchange Server RCE

A critical vulnerability in Microsoft Exchange has been fixed, with a CVSS 3.0 base score of 9.1 and the vulnerability already being publically disclosed, it is important to check if your servers have been updated. Luckily Microsoft already fixed this vulnerability in April 2021 but has decided to only disclose the vulnerability now. Regardless, it is important to check if your Exchange servers are up-to-date.

Multiple Microsoft SharePoint Server RCE Vulnerabilites

A new set of vulnerabilities that have been fixed today are in Microsoft SharePoint Server. A total of three remote code execution vulnerabilities have been fixed today, listed as CVE-2021-34520, CVE-2021-34468, and CVE-2021-34467. The most critical of the three has a CVSS base score of 8.1 with the other two sitting at a 7.1. If you have SharePoint servers in your IT environment, it is critical that you update them as soon as possible to prevent any security holes.

SQL Compact 4.0 End of Life

Today also marks the last day for SQL Compact (SQL CE) 4.0. SQL Server Compact was designed as a lighter version of the full-blown SQL Server installation. However, the product has already been discontinued by Microsoft for a while but is not officially unsupported. We have a SQL Compact audit to help you find all the SQL Compact installations in your environment so you can migrate them to a modern alternative.

Run the Patch Tuesday July 2021 Audit Report

To help manage your update progress, we've created the Patch Tuesday Audit Report that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see at a glance which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.

Critical Vulnerabilities Fixed in July 2021 Patch Tuesday

ProductSeverityCVE-Code
Windows Server 2012 R2CriticalCVE-2021-34493
Windows Server 2012 R2CriticalCVE-2021-34523
Windows 10 Version 1607 for 32-bit SystemsCriticalCVE-2021-33767
Windows 10 for x64-based SystemsCriticalCVE-2021-34522
Windows 10 for 32-bit SystemsCriticalCVE-2021-34521
Windows 10 Version 20H2 for ARM64-based SystemsCriticalCVE-2021-34474
Windows 10 Version 20H2 for 32-bit SystemsCriticalCVE-2021-34528
Windows 10 Version 20H2 for x64-based SystemsCriticalCVE-2021-34451
Windows 10 Version 2004 for x64-based SystemsCriticalCVE-2021-34470
Windows 10 Version 2004 for ARM64-based SystemsCriticalCVE-2021-34469
Windows 10 Version 1809 for 32-bit SystemsCriticalCVE-2021-34520
Windows Server 2016CriticalCVE-2021-33779
Windows Server, version 20H2 (Server Core Installation)CriticalCVE-2021-33778
Windows Server 2019 (Server Core installation)CriticalCVE-2021-33765
Windows Server 2019CriticalCVE-2021-33764

Receive the Latest Patch Tuesday Report for FREE Every Month

  • Hidden
  • This field is for validation purposes and should be left unchanged.
Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

You may also like...

Try Lansweeper for Free

Learn why Lansweeper is used by thousands of enterprises worldwide.​