Don't miss a single vulnerability this Patch Tuesday. The latest patches and updates from Microsoft and multiple third-party applications can be found in August's Patch Tuesday Index below.
Fortunately, it was a lighter month than usual with only 51 vulnerabilities addressed from Microsoft, 7 of which are rated as critical, and only 1 being actively exploited in the wild. We reported on 7/23/2021 about the Windows HiveNightmare (SeriousSAM) Vulnerability that is easily exploitable and impacts Windows 10 build 1809 and up and has no current patch. Until a fix is released, Microsoft has advised administrators to employ two workarounds for risk mitigation that is outlined in our blog.
Adobe released security updates for two products. Adobe products affected include Magento and Connect, given priorities of 2 and 3 respectively.
Mozilla has released three high-rated security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.
Updated Live. Last Update 1:04 PM EST August 10, 2021.
Mozilla Firefox | |||
Product |
Title |
Identifier |
Severity |
Firefox | 11 security vulnerabilities fixed in Firefox 91 | MFSA 2021-33 | High |
Firefox ESR | 6 security vulnerabilities fixed in Firefox ESR 78.13 | MFSA 2021-34 | High |
Thunderbird | 6 security vulnerabilities fixed in Thunderbird 78.13 | MFSA 2021-35 | High |
Adobe | |||
Product |
Title |
Identifier |
Severity |
Adobe Magento | 26 security vulnerabilities fixed in Magento | APSB21-64 | Adobe Priority 2 |
Adobe Connect | 3 security vulnerabilities fixed in Connect | APSB21-66 | Adobe Priority 3 |
Microsoft | |||
Product |
Title |
Identifier |
Severity |
Windows TCP/IP | Windows TCP/IP Remote Code Execution Vulnerability | CVE-2021-26424 | Critical |
Windows Services for NFS ONCRPC XDR Driver | Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability | CVE-2021-26432 | Critical |
Microsoft Scripting Engine | Scripting Engine Memory Corruption Vulnerability | CVE-2021-34480 | Critical |
Microsoft Graphics Component | Windows Graphics Component Remote Code Execution Vulnerability | CVE-2021-34530 | Critical |
Windows MSHTML Platform | Windows MSHTML Platform Remote Code Execution Vulnerability | CVE-2021-34534 | Critical |
Remote Desktop Client | Remote Desktop Client Remote Code Execution Vulnerability | CVE-2021-34535 | Critical |
Windows Print Spooler Components | Windows Print Spooler Remote Code Execution Vulnerability | CVE-2021-36936 | Critical |
Windows Update | Windows Update Medic Service Elevation of Privilege Vulnerability | CVE-2021-36948 | High |
Windows NTLM | Windows LSA Spoofing Vulnerability | CVE-2021-36942 | High |
.NET Core & Visual Studio | .NET Core and Visual Studio Denial of Service Vulnerability | CVE-2021-26423 | High |
Windows Event Tracing | Windows Event Tracing Elevation of Privilege Vulnerability | CVE-2021-26425 | High |
Windows User Profile Service | Windows User Account Profile Picture Elevation of Privilege Vulnerability | CVE-2021-26426 | High |
Azure Sphere | Azure Sphere Information Disclosure Vulnerability | CVE-2021-26428 | High |
Azure Sphere | Azure Sphere Elevation of Privilege Vulnerability | CVE-2021-26429 | High |
Azure Sphere | Azure Sphere Denial of Service Vulnerability | CVE-2021-26430 | High |
Windows Update Assistant | Windows Recovery Environment Agent Elevation of Privilege Vulnerability | CVE-2021-26431 | High |
Windows Services for NFS ONCRPC XDR Driver | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | CVE-2021-26433 | High |
Azure | Azure CycleCloud Elevation of Privilege Vulnerability | CVE-2021-33762 | High |
Windows Defender | Microsoft Windows Defender Elevation of Privilege Vulnerability | CVE-2021-34471 | High |
Microsoft Office | Microsoft Office Remote Code Execution Vulnerability | CVE-2021-34478 | High |
Windows Print Spooler Components | Windows Print Spooler Elevation of Privilege Vulnerability | CVE-2021-34483 | High |
Windows User Profile Service | Windows User Profile Service Elevation of Privilege Vulnerability | CVE-2021-34484 | High |
.NET Core & Visual Studio | .NET Core and Visual Studio Information Disclosure Vulnerability | CVE-2021-34485 | High |
Windows Event Tracing | Windows Event Tracing Elevation of Privilege Vulnerability | CVE-2021-34486 | High |
Windows Event Tracing | Windows Event Tracing Elevation of Privilege Vulnerability | CVE-2021-34487 | High |
Microsoft Dynamics | Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability | CVE-2021-34524 | High |
ASP .NET | ASP.NET Core and Visual Studio Information Disclosure Vulnerability | CVE-2021-34532 | High |
Microsoft Graphics Component | Windows Graphics Component Font Parsing Remote Code Execution Vulnerability | CVE-2021-34533 | High |
Windows Storage Spaces Controller | Storage Spaces Controller Elevation of Privilege Vulnerability | CVE-2021-34536 | High |
Windows Bluetooth Service | Windows Bluetooth Service Elevation of Privilege Vulnerability | CVE-2021-34537 | High |
Windows Services for NFS ONCRPC XDR Driver | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | CVE-2021-36926 | High |
Windows Media | Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability | CVE-2021-36927 | High |
Windows Services for NFS ONCRPC XDR Driver | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | CVE-2021-36932 | High |
Windows Services for NFS ONCRPC XDR Driver | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | CVE-2021-36933 | High |
Microsoft Windows Codecs Library | Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability | CVE-2021-36937 | High |
Windows Cryptographic Services | Windows Cryptographic Primitives Library Information Disclosure Vulnerability | CVE-2021-36938 | High |
Microsoft Office SharePoint | Microsoft SharePoint Server Spoofing Vulnerability | CVE-2021-36940 | High |
Microsoft Office Word | Microsoft Word Remote Code Execution Vulnerability | CVE-2021-36941 | High |
Azure | Azure CycleCloud Elevation of Privilege Vulnerability | CVE-2021-36943 | High |
Windows Update Assistant | Windows 10 Update Assistant Elevation of Privilege Vulnerability | CVE-2021-36945 | High |
Microsoft Dynamics | Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | CVE-2021-36946 | High |
Windows Print Spooler Components | Windows Print Spooler Remote Code Execution Vulnerability | CVE-2021-36947 | High |
Microsoft Azure Active Directory Connect | Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability | CVE-2021-36949 | High |
Microsoft Dynamics | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | CVE-2021-36950 | High |
Microsoft Edge (Chromium-based) | Chromium: CVE-2021-30590 Heap buffer overflow in Bookmarks | CVE-2021-30590 | Unknown |
Microsoft Edge (Chromium-based) | Chromium: CVE-2021-30591 Use after free in File System API | CVE-2021-30591 | Unknown |
Microsoft Edge (Chromium-based) | Chromium: CVE-2021-30592 Out of bounds write in Tab Groups | CVE-2021-30592 | Unknown |
Microsoft Edge (Chromium-based) | Chromium: CVE-2021-30593 Out of bounds read in Tab Strip | CVE-2021-30593 | Unknown |
Microsoft Edge (Chromium-based) | Chromium: CVE-2021-30594 Use after free in Page Info UI | CVE-2021-30594 | Unknown |
Microsoft Edge (Chromium-based) | Chromium: CVE-2021-30596 Incorrect security UI in Navigation | CVE-2021-30596 | Unknown |
Microsoft Edge (Chromium-based) | Chromium: CVE-2021-30597 Use after free in Browser UI | CVE-2021-30597 | Unknown |
About Automox Automated Patch Management
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, macOS, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.