Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses Microsoft’s August 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-959 on Wednesday, August 11th.

In-The-Wild & Disclosed CVEs

CVE-2021-36948

This privilege escalation vulnerability that affects the Windows Update Medic Service (WaasMedic) has been actively exploited. Medic Service is a feature of modern Windows operating systems that repairs and protects your Windows Update components. For example, if you disable Windows Update services, WaasMedic will restart them.

Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.

CVE-2021-36936

The print spooler has been a popular target the past few months and this month is no different. CVE-2021-36936 is yet another print spooler vulnerability. This has been publicly disclosed but not yet exploited.

Microsoft has rated this as Exploitation More Likely on the latest software release on the Exploitability Index.

CVE-2021-36942

This vulnerability was the subject of Microsoft Security Advisory ADV210003, which was released on July 23. Microsoft then released mitigation guidance on July 28. Today, we see a patch for CVE-2021-36942 aka PetitPotam, an NTLM Relay attack that targets the LSARPC interface. It could allow unauthenticated attackers to force a domain controller to authenticate against a malicious server using NTLM. The patch resolves the vulnerability by blocking the affected API calls (OpenEncryptedFileRawA and OpenEncryptedFileRawW).

Microsoft has rated this as Exploitation More Likely on the latest software release on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

TagCVE CountCVEs
.NET Core & Visual Studio2CVE-2021-26423, CVE-2021-34485
Microsoft Office Word1CVE-2021-36941
Windows Media1CVE-2021-36927
Windows Cryptographic Services1CVE-2021-36938
Remote Desktop Client1CVE-2021-34535
Microsoft Dynamics3CVE-2021-34524, CVE-2021-36946, CVE-2021-36950
Windows Storage Spaces Controller1CVE-2021-34536
Microsoft Scripting Engine1CVE-2021-34480
Microsoft Office SharePoint1CVE-2021-36940
Microsoft Windows Codecs Library1CVE-2021-36937
ASP.NET Core & Visual Studio1CVE-2021-34532
Microsoft Azure Active Directory Connect1CVE-2021-36949
Microsoft Graphics Component2CVE-2021-34530, CVE-2021-34533
Windows Event Tracing3CVE-2021-34486, CVE-2021-34487, CVE-2021-26425
Windows Services for NFS ONCRPC XDR Driver5CVE-2021-26432, CVE-2021-26433, CVE-2021-36926, CVE-2021-36932, CVE-2021-36933
Windows Update Assistant2CVE-2021-36945, CVE-2021-26431
Windows User Profile Service2CVE-2021-26426, CVE-2021-34484
Microsoft Office1CVE-2021-34478
Windows Defender1CVE-2021-34471
Windows NTLM1CVE-2021-36942
Azure Sphere3CVE-2021-26428, CVE-2021-26429, CVE-2021-26430
Windows MSHTML Platform1CVE-2021-34534
Azure2CVE-2021-33762, CVE-2021-36943
Windows TCP/IP1CVE-2021-26424
Windows Bluetooth Service1CVE-2021-34537
Windows Print Spooler Components3CVE-2021-36936, CVE-2021-36947, CVE-2021-34483
Microsoft Edge (Chromium-based)7CVE-2021-30590, CVE-2021-30591, CVE-2021-30592, CVE-2021-30593, CVE-2021-30594, CVE-2021-30596, CVE-2021-30597
Windows Update1CVE-2021-36948

Other Information

There were no additional advisories included with the August Security Guidance.

Mastering Configuration Management Across the Modern Enterprise