This month, Microsoft patched 51 vulnerabilities including three zero-day flaws including one actively exploited. Despite a declining number, many of them remain critical.
Microsoft fixed 51 vulnerabilities in its latest Patch Tuesday of August, including seven classified as critical and three zero-day vulnerabilities. There are 17 Elevation of Privilege (EoP) vulnerabilities, 13 Remote Code Execution (RCE) bugs, eight information disclosure flaws and two Denial of Service (DoS) bugs, and four are impersonation vulnerabilities. The patch, lighter than usual, represents “a 56% reduction in overall vulnerabilities compared to July and 33% fewer breaches on average for each month so far this year” according to Eric Feldman, manager product marketing at Automox, which specializes in computer security.
Among the three corrected zero days, only one of them was actively exploited. Discovered by the Microsoft Security Response Center (MSRC), the CVE-2021-36948 flaw affects the Windows Update Medic service and concerns elevation of privilege. Microsoft does not currently know how it was used in attacks. The other two publicly disclosed but not actively exploited flaws are: CVE-2021-36936 which is a remote code execution vulnerability of Windows Print Spooler (also known as PrintNightmare) and CVE-2021-36942 which concerns Windows LSA spoofing. The latter is associated with the PetitPotam NTLM relay attack vector which allows the control of domain controllers. Among the expected patches, Microsoft has released patches for PetitPotam, SeriousSAM, and various versions of Print Nightmare.
Fixes are missing
In response to the release of Microsoft’s monthly Patch Tuesdays, cybersecurity expert Christoph Falta had posted on GitHub a list of security issues that Microsoft has not yet fixed, will not fix, or require manual adjustment for. be corrected. After an update today, it reveals that Microsoft still hasn’t patched some critical flaws such as SpoolSample – which abuses a feature of MS-RPRN (the remote printing system protocol), RemotePotato0 – which can force authentication of another user session on the attacker’s machine to an attacker-controlled target, ADCS – ESC8 – which allows NTLM authentication by default as well as some versions of PrintNightmare which can be used to remote code execution as well as local elevation of privileges. The full list of vulnerabilities resolved and advisories released in the August 2021 Patch Tuesday updates is available on the MSRC site.