Skip Navigation

July 14, 2021 |

Currently abused flaws fixed in Microsoft's July 2021 Patch Tuesday

Loading table of contents...

On 13 July 2021, Microsoft released updates to address vulnerabilities in multiple products; some of the fixed flaws have been marked as currently abused.  We recommend timely patching of these flaws.

Details

  • Microsoft's July 2021 Patch Tuesday has fixed 117 vulnerabilities; including 13 classified as Critical, three actively abused flaws, and five publicly disclosed ones.
  • The three vulnerabilities marked under active exploitation are:
    • CVE-2021-34448 - a scripting engine memory corruption flaw that could allow code execution if a user browses to a specially-crafted website.
    • CVE-2021-31979 and CVE-2021-33771 - both Windows kernel privilege escalation bugs.
  • Microsoft stated that the details for the following vulnerabilities were made public:
    • CVE-2021-34492 - a Windows Certificate Spoofing issue, CVSS:3.0 score: 8.1.
    • CVE-2021-34523 - a Microsoft Exchange Server Elevation of Privilege issue, CVSS:3.0 score: 9.
    • CVE-2021-33779 - a Windows ADFS Security Feature Bypass issue, CVSS:3.0 score: 8.1.
    • CVE-2021-33781 - an Active Directory Security Feature Bypass, CVSS:3.0 score: 8.1.
    • CVE-2021-34473 - a Microsoft Exchange Server Remote Code Execution (RCE) vulnerability that was demonstrated during Pwn2Own, a hacking competition. The CVSS:3.0 score for this flaw is 9.1 out of 10.
  • Other flaws requiring attention are:
    • CVE-2021-34458 - a Windows Kernel RCE impacting Windows instances hosting virtual machines with single root input/output virtualization devices. CVSS:3.0 score: 9.9.
    • CVE-2021-34494 - a Windows DNS Server flaw that could allow remote code execution at a privileged service level on a listening network port without user interaction. CVSS:3.0 score: 8.8.
    • CVE-2021-34514 - a Windows Kernel Elevation of Privilege Vulnerability discovered by Field Effect's Principal Security Researcher Erik Egsgard. CVSS:3.0 score: 7.8.

Recommendations

  • We recommend timely patching for the noted Microsoft vulnerabilities as publicly disclosed and exploited flaws make it more likely for unpatched systems to become targets of exploitation.
  • In order to expedite the updates, users should go to Settings > Windows Update > Check for Updates.

References