Description:
Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. The list of security updates can be found at:
https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-Aug
Reports indicated that an elevation of privilege vulnerability in Microsoft Windows 10 and some versions of Windows Server (CVE-2021-36948) is being actively exploited and multiple vulnerabilities in Microsoft Windows and Server (CVE-2021-36936, CVE-2021-36942 and CVE-2021-36947) are also at a high risk of exploitation. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.
Affected Systems:
- Microsoft Windows 7, 8.1, RT 8.1, 10
- Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019
- Microsoft Windows Server, version 2004, version 20H2
- Microsoft Office 2019, 2019 for Mac
- Microsoft 365 Apps for Enterprise
- Microsoft SharePoint Enterprise Server 2013, 2016
- Microsoft SharePoint Server 2019
- Microsoft Visual Studio 2017, 2019, 2019 for Mac version 8.10
- Microsoft Azure Active Directory Connect, Provisioning Agent
- Microsoft Azure CycleCloud 7.9.10, 8.2.0
- Microsoft Azure Sphere
- Microsoft Dynamics 365 (on-premises) version 9.0, version 9.1
- Microsoft Dynamics 365 Business Central 2019, 2020
- Microsoft Dynamics NAV 2017, 2018
- Microsoft Malware Protection Engine
- .NET 5.0
- .NET Core 2.1, 3.1
- ASP.NET Core 2.1, 3.1, 5.0
- Remote Desktop client for Windows Desktop
- Windows Update Assistant
Impact:
Depending on the vulnerability exploited, a successful attack could lead to remote code execution, elevation of privilege, information disclosure, denial of service and spoofing.
Recommendation:
Patches for affected products are available from the Windows Update / Microsoft Update Catalog. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
More Information:
- https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-Aug
- https://www.hkcert.org/security-bulletin/microsoft-monthly-security-update-august-2021
- https://us-cert.cisa.gov/ncas/current-activity/2021/08/10/microsoft-releases-august-2021-security-updates
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26423 (to CVE-2021-26426)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26428 (to CVE-2021-26433)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33762
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34471
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34478
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34480
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34483 (to CVE-2021-34487)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34524
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34530
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34532 (to CVE-2021-34537)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36926
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36927
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36932
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36933
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36936 (to CVE-2021-36938)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36940 (to CVE-2021-36943)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36945 (to CVE-2021-36950)