Microsoft and Adobe Patch Tuesday (August 2021) – Microsoft 51 Vulnerabilities with 7 Critical, Adobe 29 Vulnerabilities

Microsoft Patch Tuesday – August 2021

Microsoft patched 51 vulnerabilities in their August 2021 Patch Tuesday release, and 7 of them are rated as critical severity. Three 0-day vulnerability patches were included in the release.

Critical Microsoft Vulnerabilities Patched

CVE-2021-36942 – Windows LSA Spoofing Vulnerability

An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM. A malicious user can use this attack to take complete control over windows domain Per Microsoft, this vulnerability affects all servers, but domain controllers should be prioritized in terms of applying security updates.

CVE-2021-34481 – Windows Print Spooler Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. This Patch Tuesday Microsoft released security updates to address this vulnerability and should be prioritized.

Three 0-Day Vulnerabilities Patched

CVE-2021-36936 – Windows Print Spooler Remote Code Execution Vulnerability

CVE-2021-36942 – Windows LSA Spoofing Vulnerability

CVE-2021-36948 – Windows Update Medic Service Elevation of Privilege Vulnerability – This has been actively exploited, per Microsoft.

Adobe Patch Tuesday – August 2021

Adobe addressed 29 CVEs this Patch Tuesday impacting Adobe Connect and Magento product. The patches for Magento are labeled with Adobe severity rating as Priority 2, while the remaining patches are set to Priority 3.

Webinar Series: This Month in Patches

To help customers leverage the seamless integration between Qualys VMDR and Patch Management and reduce the median time to remediate critical vulnerabilities, the Qualys Research team is hosting a monthly webinar series This Month in Patches.

We discuss some of the key vulnerabilities disclosed in the past month and how to patch them:

  • Microsoft Patch Tuesday, August 2021
  • Adobe Patch Tuesday, August 2021

Join us live or watch on demand!

About Patch Tuesday

Patch Tuesday QIDs are published at Security Alerts, typically late in the evening of Patch Tuesday, followed shortly after by PT dashboards.