High Threat Security Alert (A21-07-04): Multiple Vulnerabilities in Microsoft Products (July 2021)


 

Published on: 14 July 2021

  
  

Description:

Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. The list of security updates can be found at:

https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-Jul

Reports indicated that multiple vulnerabilities in Microsoft Windows and Server (CVE-2021-34527, CVE-2021-34448, CVE-2021-33771 and CVE-2021-31979) are being actively exploited. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • Microsoft Windows 7, 8.1, RT 8.1, 10
  • Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019
  • Microsoft Windows Server, version 1909, version 2004, version 20H2
  • Microsoft Office 2013, 2013 RT, 2016, 2019, 2019 for Mac
  • Microsoft Office Online Server
  • Microsoft Office Web Apps Server 2013
  • Microsoft Excel 2013, 2013 RT, 2016
  • Microsoft Word 2016
  • Microsoft 365 Apps for Enterprise
  • Microsoft Exchange Server 2013, 2016, 2019
  • Microsoft SharePoint Foundation 2013
  • Microsoft SharePoint Enterprise Server 2013, 2016
  • Microsoft SharePoint Server 2019
  • .NET Education Bundle SDK Install Tool, Install Tool for Extension Authors
  • HEVC Video Extensions
  • Microsoft Dynamics 365 Business Central 2020, 2021
  • Microsoft Bing Search for Android
  • Microsoft Malware Protection Engine
  • Open Enclave SDK
  • Power BI Report Server
  • Visual Studio Code

 

Impact:

Depending on the vulnerability exploited, a successful attack could lead to remote code execution, elevation of privilege, information disclosure, denial of service, security feature bypass, spoofing and defense in depth.

 

Recommendation:

Patches for affected products are available from the Windows Update / Microsoft Update Catalog. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-Jul
  • https://www.hkcert.org/security-bulletin/microsoft-monthly-security-update-july-2021
  • https://us-cert.cisa.gov/ncas/current-activity/2021/07/13/microsoft-releases-july-2021-security-updates
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31183
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31196
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31206
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31947
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31961
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31979
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31984
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33740
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33743 (to CVE-2021-33746)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33749 (to CVE-2021-33761)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33763 (to CVE-2021-33768)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33771 (to CVE-2021-33786)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33788
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34438 (to CVE-2021-34442)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34444 (to CVE-2021-34452)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34454 (to CVE-2021-34462)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34464
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34466 (to CVE-2021-34470)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34473
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34474
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34476
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34477
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34479
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34488 (to CVE-2021-34494)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34496 (to CVE-2021-34501)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34503
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34504
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34507 (to CVE-2021-34514)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34516 (to CVE-2021-34523)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34525
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34528
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34529

 



Tag: Microsoft , Windows , Windows Server , Microsoft Office , Office Online Server , Microsoft Office Web Apps , Excel , Word , Microsoft 365 Apps , Exchange Server , SharePoint , .NET Education Bundle SDK Install Tool , .NET Install Tool for Extension Authors , HEVC Video Extensions , Dynamics 365 , Microsoft Bing , Microsoft Malware Protection Engine , Open Enclave SDK , Power BI Report , Visual Studio Code
Tags