CSW Discovers its 50th Zero Day!

August: Microsoft Patches 44 Security Vulnerabilities

Posted on Aug 19, 2021 | By Pavithra Shankar

Microsoft patched 44 unique security vulnerabilities in August 2021. We analyzed these weaknesses and spotlighted the most important vulnerabilities that ought to be fixed on priority.

Microsoft Patches: Overview

This August, Microsoft patched 44 vulnerabilities discovered in 2021, including two previously disclosed bugs.

  • 13 CVEs are classified as Remote Code Execution bugs

  • 17 CVEs with Privilege Escalation capabilities

  • 8 CVEs are linked to Information Disclosure

  • 2 CVEs have Denial of Service capabilities

Zero-days

Microsoft had released patches for three zero-day vulnerabilities this month: 

CVE-2021-36948 in Windows Update Medic Service with Elevation of Privilege is the only one that has been exploited in the wild, according to Microsoft's research. It's conceivable that CVE-2021-36948 is a version of CVE-2020-17070, which was reported in November 2020, due to its exploitation status. 

RCE/PE

Microsoft has issued security fixes for two zero-day vulnerabilities found last month. 

In July, PetitPotam was released—a tool that could possibly launch a NTLM relay attack. Windows New Technology LAN Manager (NTLM) is a Microsoft authentication protocol in which the attacker intercepts authentication traffic between a client and a server on a network. 

Next is the most notable fixes in the new batch (CVE-2021-36958)—address the Windows Print Spooler Remote Code Execution vulnerability, which has been a hot subject since its discovery in June. Microsoft was also chastised by the security community for botching the distribution of fixes to fix the problem.

Severity Scores

Interestingly, seven vulnerabilities are rated critical which are classified as Remote Code Execution bugs. 

Product Analysis

This month, Windows products received a fix for 28 vulnerabilities in which 10 accounted for Remote Code Execution, 12 for Privilege Escalation possibilities, 5 classified as Information disclosure bug and 1 as Spoofing. 

Table: Microsoft August Patches 2021

CISA has issued an overall alert to address the vulnerabilities in Microsoft products. As always, we suggest patching systems as quickly as possible and monitoring your environment on a regular basis to detect systems that haven't been patched.

Test your defense to know how secure you are…