VERT Threat Alert: August 2021 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s August 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-959 on Wednesday, August 11th.

In-The-Wild & Disclosed CVEs

CVE-2021-36948

This privilege escalation vulnerability that affects the Windows Update Medic Service (WaasMedic) has been actively exploited. Medic Service is a feature of modern Windows operating systems that repairs and protects your Windows Update components. For example, if you disable Windows Update services, WaasMedic will restart them.

Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.

CVE-2021-36936

The print spooler has been a popular target the past few months and this month is no different. CVE-2021-36936 is yet another print spooler vulnerability. This has been publicly disclosed but not yet exploited.

Microsoft has rated this as Exploitation More Likely on the latest software release on the Exploitability Index.

CVE-2021-36942

This vulnerability was the subject of Microsoft Security Advisory ADV210003, which was released on July 23. Microsoft then released mitigation guidance on July 28. Today, we see a patch for CVE-2021-36942 aka PetitPotam, an NTLM Relay attack that targets the LSARPC interface. It could allow unauthenticated attackers to force a domain controller to authenticate against a malicious server using NTLM. The patch resolves the vulnerability by blocking the affected API calls (OpenEncryptedFileRawA and OpenEncryptedFileRawW).

Microsoft has rated this as Exploitation More Likely on the latest software release on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

Tag CVE Count CVEs
.NET Core & Visual Studio 2 CVE-2021-26423, CVE-2021-34485
Microsoft Office Word 1 CVE-2021-36941
Windows Media 1 CVE-2021-36927
Windows Cryptographic Services 1 CVE-2021-36938
Remote Desktop Client 1 CVE-2021-34535
Microsoft Dynamics 3 CVE-2021-34524, CVE-2021-36946, CVE-2021-36950
Windows Storage Spaces Controller 1 CVE-2021-34536
Microsoft Scripting Engine 1 CVE-2021-34480
Microsoft Office SharePoint 1 CVE-2021-36940
Microsoft Windows Codecs Library 1 CVE-2021-36937
ASP.NET Core & Visual Studio 1 CVE-2021-34532
Microsoft Azure Active Directory Connect 1 CVE-2021-36949
Microsoft Graphics Component 2 CVE-2021-34530, CVE-2021-34533
Windows Event Tracing 3 CVE-2021-34486, CVE-2021-34487, CVE-2021-26425
Windows Services for NFS ONCRPC XDR Driver 5 CVE-2021-26432, CVE-2021-26433, CVE-2021-36926, CVE-2021-36932, CVE-2021-36933
Windows Update Assistant 2 CVE-2021-36945, CVE-2021-26431
Windows User Profile Service 2 CVE-2021-26426, CVE-2021-34484
Microsoft Office 1 CVE-2021-34478
Windows Defender 1 CVE-2021-34471
Windows NTLM 1 CVE-2021-36942
Azure Sphere 3 CVE-2021-26428, CVE-2021-26429, CVE-2021-26430
Windows MSHTML Platform 1 CVE-2021-34534
Azure 2 CVE-2021-33762, CVE-2021-36943
Windows TCP/IP 1 CVE-2021-26424
Windows Bluetooth Service 1 CVE-2021-34537
Windows Print Spooler Components 3 CVE-2021-36936, CVE-2021-36947, CVE-2021-34483
Microsoft Edge (Chromium-based) 7 CVE-2021-30590, CVE-2021-30591, CVE-2021-30592, CVE-2021-30593, CVE-2021-30594, CVE-2021-30596, CVE-2021-30597
Windows Update 1 CVE-2021-36948

Other Information

There were no additional advisories included with the August Security Guidance.