Skip Navigation

July 14, 2021 | Security intelligence

Currently abused flaws fixed in Microsoft's July 2021 Patch Tuesday

By Elena Lapina

Loading table of contents...

Related

Loading table of contents...

On 13 July 2021, Microsoft released updates to address vulnerabilities in multiple products; some of the fixed flaws have been marked as currently abused.  We recommend timely patching of these flaws.

Details

  • Microsoft's July 2021 Patch Tuesday has fixed 117 vulnerabilities; including 13 classified as Critical, three actively abused flaws, and five publicly disclosed ones.
  • The three vulnerabilities marked under active exploitation are:
    • CVE-2021-34448 - a scripting engine memory corruption flaw that could allow code execution if a user browses to a specially-crafted website.
    • CVE-2021-31979 and CVE-2021-33771 - both Windows kernel privilege escalation bugs.
  • Microsoft stated that the details for the following vulnerabilities were made public:
    • CVE-2021-34492 - a Windows Certificate Spoofing issue, CVSS:3.0 score: 8.1.
    • CVE-2021-34523 - a Microsoft Exchange Server Elevation of Privilege issue, CVSS:3.0 score: 9.
    • CVE-2021-33779 - a Windows ADFS Security Feature Bypass issue, CVSS:3.0 score: 8.1.
    • CVE-2021-33781 - an Active Directory Security Feature Bypass, CVSS:3.0 score: 8.1.
    • CVE-2021-34473 - a Microsoft Exchange Server Remote Code Execution (RCE) vulnerability that was demonstrated during Pwn2Own, a hacking competition. The CVSS:3.0 score for this flaw is 9.1 out of 10.
  • Other flaws requiring attention are:
    • CVE-2021-34458 - a Windows Kernel RCE impacting Windows instances hosting virtual machines with single root input/output virtualization devices. CVSS:3.0 score: 9.9.
    • CVE-2021-34494 - a Windows DNS Server flaw that could allow remote code execution at a privileged service level on a listening network port without user interaction. CVSS:3.0 score: 8.8.
    • CVE-2021-34514 - a Windows Kernel Elevation of Privilege Vulnerability discovered by Field Effect's Principal Security Researcher Erik Egsgard. CVSS:3.0 score: 7.8.

Recommendations

  • We recommend timely patching for the noted Microsoft vulnerabilities as publicly disclosed and exploited flaws make it more likely for unpatched systems to become targets of exploitation.
  • In order to expedite the updates, users should go to Settings > Windows Update > Check for Updates.

References

Related Resources

Decorative Featured Image

Webinar

Strengthening Defenses: Best Practices for Securing Remote Work
Decorative Featured Image

Webinar

Strengthening Defenses: Best practices to combat phishing
Decorative Featured Image

Webinar

Cybersecurity assessments: Your fast path to a stronger defense