July 2021’s security patch bonanza: Windows kernel under active attack, RCEs in Exchange, DNS, hyper-v
Four Microsoft software vulnerabilities are under active attack, including the notorious Windows Print Spooler bug, a Windows kernel bug, and a scripting engine memory corruption vulnerability, Redmond said in its July 2021 security patches update — releasing fixes for 117 CVEs, 44 of which were remote code execution (RCE) bugs and 13 of which were rated critical. Adobe, meanwhile, patched 29 CVEs, with SAP, Citrix, Siemens and others all releasing fixes.
Among the latter was the fix for an unusual RCE bug in the Windows kernel that impacts Virtual Machines. Allocated CVE-2021-34458 and rated as an extremely high CVSS 9.9, it’s one to take a close look at. (Found internally by Microsoft it’s not yet under attack, but is likely to draw heightened interest from Black Hats reverse engineering patches). The bug affects systems with single root input/output virtualization (SR-IOV) devices.
As Chad McNaughton, Technical Community Manager, Automox noted, it is a network-level, low-complexity vulnerability “requiring low privileges and no user interaction… [it] allows an SR-IOV device which is assigned to a guest to potentially interfere with its PCIe siblings which are attached to other guests or to the root. In short, SR-IOV devices allow your virtual machines to share resources on a single, physical interface on your server. Those that host virtual machines from a Windows instance or manage a server that includes the required hardware with SR-IOV devices could be affected by this vulnerability and should deploy the security update within 72 hours.
Sysadmins and other folks will be pleased to know that the latest fix for CVE-2021-34527 (PrintNightmare) appears to fix a bug in an earlier hotfix that stopped several types of printer working, including those from vendor Zebra, among others.
As ever, the Zero Day Initiative (ZDI) remains an excellent port of call for IT professionals seeking a crisp round up of the CVEs and some guidance on what to prioritise for patching, and at The Stack we recommend its write-ups highly.
Some of the worse bugs below.
|CVE-2021-34527||Windows Print Spooler Remote Code Execution Vulnerability||Critical||CVSS 8.8||Exploited||RCE|
|CVE-2021-34448||Scripting Engine Memory Corruption Vulnerability||Critical||CVSS 6.8||Exploited||RCE|
|CVE-2021-31979||Windows Kernel Elevation of Privilege Vulnerability||Important||CVSS 7.8||Exploited||EoP|
|CVE-2021-33771||Windows Kernel Elevation of Privilege Vulnerability||Important||CVSS 7.8||Exploited||EoP|
|CVE-2021-34473||Microsoft Exchange Server Remote Code Execution Vulnerability||Critical||CVSS 9.1||No||RCE|
|CVE-2021-33781||Active Directory Security Feature Bypass Vulnerability||Important||CVSS 8.1||No||SFB|
|CVE-2021-34523||Microsoft Exchange Server Elevation of Privilege Vulnerability||Important||CVSS 9||No||EoP|
|CVE-2021-33779||Windows ADFS Security Feature Bypass Vulnerability||Important||CVSS 8.1||No||SFB|
|CVE-2021-34492||Windows Certificate Spoofing Vulnerability||Important||CVSS 8.1||No||Spoofing|
|CVE-2021-34474||Dynamics Business Central Remote Code Execution Vulnerability||Critical||CVSS 8||No||RCE|
|CVE-2021-34464||Microsoft Defender Remote Code Execution Vulnerability||Critical||CVSS 7.8||No||RCE|
|CVE-2021-34522||Microsoft Defender Remote Code Execution Vulnerability||Critical||CVSS 7.8||No||RCE|
|CVE-2021-34439||Microsoft Windows Media Foundation Remote Code Execution Vulnerability||Critical||CVSS 7.8||No||RCE|
|CVE-2021-34503||Microsoft Windows Media Foundation Remote Code Execution Vulnerability||Critical||CVSS 7.8||No||RCE|
|CVE-2021-34494||Windows DNS Server Remote Code Execution Vulnerability||Critical||CVSS 8.8||No||RCE|
|CVE-2021-34450||Windows Hyper-V Remote Code Execution Vulnerability||Critical||CVSS 8.5||No||RCE|
|CVE-2021-34458||Windows Kernel Remote Code Execution Vulnerability||Critical||CVSS 9.9||No||RCE|
|CVE-2021-33740||Windows Media Remote Code Execution Vulnerability||Critical||CVSS 7.8||No||RCE|
|CVE-2021-34497||Windows MSHTML Platform Remote Code Execution Vulnerability||Critical||CVSS 6.8||No||RCE|