Today’s VERT Alert addresses Microsoft’s August 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-959 on Wednesday, August 11th.
In-The-Wild & Disclosed CVEs
This privilege escalation vulnerability that affects the Windows Update Medic Service (WaasMedic) has been actively exploited. Medic Service is a feature of modern Windows operating systems that repairs and protects your Windows Update components. For example, if you disable Windows Update services, WaasMedic will restart them.
Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.
The print spooler has been a popular target the past few months and this month is no different. CVE-2021-36936 is yet another print spooler vulnerability. This has been publicly disclosed but not yet exploited.
Microsoft has rated this as Exploitation More Likely on the latest software release on the Exploitability Index.
This vulnerability was the subject of Microsoft Security Advisory ADV210003, which was released on July 23. Microsoft then released mitigation guidance on July 28. Today, we see a patch for CVE-2021-36942 aka PetitPotam, an NTLM Relay attack that targets the LSARPC interface. It could allow unauthenticated attackers to force a domain controller to authenticate against a malicious server using NTLM. The patch resolves the vulnerability by blocking the affected API calls (OpenEncryptedFileRawA and OpenEncryptedFileRawW).
Microsoft has rated this as Exploitation More Likely on the latest software release on the Exploitability Index.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.
| Tag | CVE Count | CVEs |
| .NET Core & Visual Studio | 2 | CVE-2021-26423, CVE-2021-34485 |
| Microsoft Office Word | 1 | CVE-2021-36941 |
| Windows Media | 1 | CVE-2021-36927 |
| Windows Cryptographic Services | 1 | CVE-2021-36938 |
| Remote Desktop Client | 1 | CVE-2021-34535 |
| Microsoft Dynamics | 3 | CVE-2021-34524, CVE-2021-36946, CVE-2021-36950 |
| Windows Storage Spaces Controller | 1 | CVE-2021-34536 |
| Microsoft Scripting Engine | 1 | CVE-2021-34480 |
| Microsoft Office SharePoint | 1 | CVE-2021-36940 |
| Microsoft Windows Codecs Library | 1 | CVE-2021-36937 |
| ASP.NET Core & Visual Studio | 1 | CVE-2021-34532 |
| Microsoft Azure Active Directory Connect | 1 | CVE-2021-36949 |
| Microsoft Graphics Component | 2 | CVE-2021-34530, CVE-2021-34533 |
| Windows Event Tracing | 3 | CVE-2021-34486, CVE-2021-34487, CVE-2021-26425 |
| Windows Services for NFS ONCRPC XDR Driver | 5 | CVE-2021-26432, CVE-2021-26433, CVE-2021-36926, CVE-2021-36932, CVE-2021-36933 |
| Windows Update Assistant | 2 | CVE-2021-36945, CVE-2021-26431 |
| Windows User Profile Service | 2 | CVE-2021-26426, CVE-2021-34484 |
| Microsoft Office | 1 | CVE-2021-34478 |
| Windows Defender | 1 | CVE-2021-34471 |
| Windows NTLM | 1 | CVE-2021-36942 |
| Azure Sphere | 3 | CVE-2021-26428, CVE-2021-26429, CVE-2021-26430 |
| Windows MSHTML Platform | 1 | CVE-2021-34534 |
| Azure | 2 | CVE-2021-33762, CVE-2021-36943 |
| Windows TCP/IP | 1 | CVE-2021-26424 |
| Windows Bluetooth Service | 1 | CVE-2021-34537 |
| Windows Print Spooler Components | 3 | CVE-2021-36936, CVE-2021-36947, CVE-2021-34483 |
| Microsoft Edge (Chromium-based) | 7 | CVE-2021-30590, CVE-2021-30591, CVE-2021-30592, CVE-2021-30593, CVE-2021-30594, CVE-2021-30596, CVE-2021-30597 |
| Windows Update | 1 | CVE-2021-36948 |
Other Information
There were no additional advisories included with the August Security Guidance.
