Skip to content ↓ | Skip to navigation ↓

Tripwire’s July 2021 Patch Priority Index (PPI) brings together important vulnerabilities from VMware, Adobe, Oracle, and Microsoft.

First on the patch priority list this month are patches for Microsoft Print Spooler (CVE-2021-34527, CVE-2021-1675) and vSphere Client (CVE-2021-21985). Exploits for these vulnerabilities have been recently added to the Metasploit Exploit Framework. These systems should be patched as soon as possible.

Up next are patches for Adobe Reader and Acrobat that resolve 19 issues including memory leak, arbitrary code execution, arbitrary file system write, arbitrary file system read, and denial-of-service vulnerabilities.

Next is a patch for Microsoft Scripting Engine, which resolves a memory corruption vulnerability.

Next on the patch priority list this month are patches for Microsoft Excel, Office, and Word. These patches resolve three remote code execution vulnerabilities along with a security feature bypass vulnerability.

Up next on the list are patches that resolve vulnerabilities that impact Oracle Java SE, versions 7u301, 8u291, 11.0.11, 16.0.1.

Next are patches that affect components of the Windows operating systems. These patches resolve over 60 vulnerabilities including elevation of privilege, information disclosure, remote code execution, security feature bypass, denial of service, and memory corruption vulnerabilities. These vulnerabilities affect core Windows, storage spaces controller, Windows Hello, remote assistance, kernel, GDI, GDI+, Media Foundation, Font Driver, LSA, MSHTML, AF_UNIX Socket Provider, SMB, Print Spooler, and others.

Up next is are patches for Hyper-V that resolve a denial-of-service flaw and remote code execution vulnerabilities.

Lastly, administrators should focus on server-side patches for Microsoft. This is a large month for server-side patches affecting Microsoft SharePoint, Exchange, Office Online Server, Windows DNS, Active Directory, and Dynamics Business Central Control. These patches resolve several issues including remote code execution, information disclosure, spoofing, and remote code execution.

BULLETINCVE
Exploit Framework – MetasploitCVE-2021-34527, CVE-2021-21985, CVE-2021-1675, CVE-2019-5736
APSB21-51: Adobe Reader and AcrobatCVE-2021-35988, CVE-2021-35987, CVE-2021-35980, CVE-2021-28644, CVE-2021-28640, CVE-2021-28643, CVE-2021-28641, CVE-2021-28639, CVE-2021-28642, CVE-2021-28637, CVE-2021-35986, CVE-2021-28638, CVE-2021-35985, CVE-2021-35984, CVE-2021-28636, CVE-2021-28634, CVE-2021-35983, CVE-2021-35981, CVE-2021-28635
Microsoft Scripting EngineCVE-2021-34448
Microsoft Office ExcelCVE-2021-34501, CVE-2021-34518
Microsoft OfficeCVE-2021-34469, CVE-2021-34452
Oracle JavaCVE-2021-2388, CVE-2021-2369, CVE-2021-2432, CVE-2021-2341
Microsoft Windows ICVE-2021-34466, CVE-2021-33743, CVE-2021-34507, CVE-2021-34460, CVE-2021-33751, CVE-2021-34510, CVE-2021-34512, CVE-2021-34513, CVE-2021-34509, CVE-2021-34476, CVE-2021-33782, CVE-2021-33760, CVE-2021-34521, CVE-2021-33740, CVE-2021-33784, CVE-2021-34503, CVE-2021-34439, CVE-2021-34441, CVE-2021-34489, CVE-2021-34440, CVE-2021-34438, CVE-2021-34498, CVE-2021-34496, CVE-2021-33774, CVE-2021-33757, CVE-2021-34461, CVE-2021-33771, CVE-2021-31979, CVE-2021-34514, CVE-2021-34500, CVE-2021-34508, CVE-2021-34458, CVE-2021-34454, CVE-2021-34455, CVE-2021-34459
Microsoft Windows IICVE-2021-34493, CVE-2021-33759, CVE-2021-34462, CVE-2021-33788, CVE-2021-33786, CVE-2021-34497, CVE-2021-34447, CVE-2021-34504, CVE-2021-33744, CVE-2021-34449, CVE-2021-34516, CVE-2021-34491, CVE-2021-33772, CVE-2021-34490, CVE-2021-31183, CVE-2021-34527, CVE-2021-34446, CVE-2021-31961, CVE-2021-34511, CVE-2021-33765, CVE-2021-34492, CVE-2021-33773, CVE-2021-34445, CVE-2021-34456, CVE-2021-33761, CVE-2021-34457, CVE-2021-33763, CVE-2021-33785, CVE-2021-34488, CVE-2021-33783
Role: Hyper-VCVE-2021-33755, CVE-2021-33758, CVE-2021-34450
Microsoft Exchange ServerCVE-2021-33766, CVE-2021-34470, CVE-2021-34523, CVE-2021-33768, CVE-2021-31206, CVE-2021-34473, CVE-2021-31196
Microsoft Office SharePoint and Office Online ServerCVE-2021-34519, CVE-2021-34467, CVE-2021-34468, CVE-2021-34520, CVE-2021-34517, CVE-2021-34451
Microsoft Windows DNSCVE-2021-34499, CVE-2021-33746, CVE-2021-33754, CVE-2021-33745, CVE-2021-34442, CVE-2021-34444, CVE-2021-34494, CVE-2021-33780, CVE-2021-34525, CVE-2021-33749, CVE-2021-33752, CVE-2021-33750, CVE-2021-33756
Windows Active DirectoryCVE-2021-33781, CVE-2021-33764, CVE-2021-33779
Dynamics Business Central ControlCVE-2021-34474