August 2021 Patch Tuesday Index

Don't miss a single vulnerability this Patch Tuesday. The latest patches and updates from Microsoft and multiple third-party applications can be found in August's Patch Tuesday Index below.

Fortunately, it was a lighter month than usual with only 51 vulnerabilities addressed from Microsoft, 7 of which are rated as critical, and only 1 being actively exploited in the wild. We reported on 7/23/2021 about the Windows HiveNightmare (SeriousSAM) Vulnerability that is easily exploitable and impacts Windows 10 build 1809 and up and has no current patch. Until a fix is released, Microsoft has advised administrators to employ two workarounds for risk mitigation that is outlined in our blog.

Adobe released security updates for two products. Adobe products affected include Magento and Connect, given priorities of 2 and 3 respectively.

Mozilla has released three high-rated security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

Updated Live. Last Update 1:04 PM EST August 10, 2021.

firefox Mozilla Firefox
Product

Title

Identifier

Severity

Firefox 11 security vulnerabilities fixed in Firefox 91 MFSA 2021-33 High
Firefox ESR 6 security vulnerabilities fixed in Firefox ESR 78.13 MFSA 2021-34 High
Thunderbird 6 security vulnerabilities fixed in Thunderbird 78.13 MFSA 2021-35 High
adobe Adobe
Product

Title

Identifier

Severity

Adobe Magento 26 security vulnerabilities fixed in Magento APSB21-64 Adobe Priority 2
Adobe Connect 3 security vulnerabilities fixed in Connect APSB21-66 Adobe Priority 3
microsoft Microsoft
Product

Title

Identifier

Severity

Windows TCP/IP Windows TCP/IP Remote Code Execution Vulnerability CVE-2021-26424 Critical
Windows Services for NFS ONCRPC XDR Driver Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability CVE-2021-26432 Critical
Microsoft Scripting Engine Scripting Engine Memory Corruption Vulnerability CVE-2021-34480 Critical
Microsoft Graphics Component Windows Graphics Component Remote Code Execution Vulnerability CVE-2021-34530 Critical
Windows MSHTML Platform Windows MSHTML Platform Remote Code Execution Vulnerability CVE-2021-34534 Critical
Remote Desktop Client Remote Desktop Client Remote Code Execution Vulnerability CVE-2021-34535 Critical
Windows Print Spooler Components Windows Print Spooler Remote Code Execution Vulnerability CVE-2021-36936 Critical
Windows Update Windows Update Medic Service Elevation of Privilege Vulnerability CVE-2021-36948 High
Windows NTLM Windows LSA Spoofing Vulnerability CVE-2021-36942 High
.NET Core & Visual Studio .NET Core and Visual Studio Denial of Service Vulnerability CVE-2021-26423 High
Windows Event Tracing Windows Event Tracing Elevation of Privilege Vulnerability CVE-2021-26425 High
Windows User Profile Service Windows User Account Profile Picture Elevation of Privilege Vulnerability CVE-2021-26426 High
Azure Sphere Azure Sphere Information Disclosure Vulnerability CVE-2021-26428 High
Azure Sphere Azure Sphere Elevation of Privilege Vulnerability CVE-2021-26429 High
Azure Sphere Azure Sphere Denial of Service Vulnerability CVE-2021-26430 High
Windows Update Assistant Windows Recovery Environment Agent Elevation of Privilege Vulnerability CVE-2021-26431 High
Windows Services for NFS ONCRPC XDR Driver Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability CVE-2021-26433 High
Azure Azure CycleCloud Elevation of Privilege Vulnerability CVE-2021-33762 High
Windows Defender Microsoft Windows Defender Elevation of Privilege Vulnerability CVE-2021-34471 High
Microsoft Office Microsoft Office Remote Code Execution Vulnerability CVE-2021-34478 High
Windows Print Spooler Components Windows Print Spooler Elevation of Privilege Vulnerability CVE-2021-34483 High
Windows User Profile Service Windows User Profile Service Elevation of Privilege Vulnerability CVE-2021-34484 High
.NET Core & Visual Studio .NET Core and Visual Studio Information Disclosure Vulnerability CVE-2021-34485 High
Windows Event Tracing Windows Event Tracing Elevation of Privilege Vulnerability CVE-2021-34486 High
Windows Event Tracing Windows Event Tracing Elevation of Privilege Vulnerability CVE-2021-34487 High
Microsoft Dynamics Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability CVE-2021-34524 High
ASP .NET ASP.NET Core and Visual Studio Information Disclosure Vulnerability CVE-2021-34532 High
Microsoft Graphics Component Windows Graphics Component Font Parsing Remote Code Execution Vulnerability CVE-2021-34533 High
Windows Storage Spaces Controller Storage Spaces Controller Elevation of Privilege Vulnerability CVE-2021-34536 High
Windows Bluetooth Service Windows Bluetooth Service Elevation of Privilege Vulnerability CVE-2021-34537 High
Windows Services for NFS ONCRPC XDR Driver Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability CVE-2021-36926 High
Windows Media Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability CVE-2021-36927 High
Windows Services for NFS ONCRPC XDR Driver Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability CVE-2021-36932 High
Windows Services for NFS ONCRPC XDR Driver Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability CVE-2021-36933 High
Microsoft Windows Codecs Library Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability CVE-2021-36937 High
Windows Cryptographic Services Windows Cryptographic Primitives Library Information Disclosure Vulnerability CVE-2021-36938 High
Microsoft Office SharePoint Microsoft SharePoint Server Spoofing Vulnerability CVE-2021-36940 High
Microsoft Office Word Microsoft Word Remote Code Execution Vulnerability CVE-2021-36941 High
Azure Azure CycleCloud Elevation of Privilege Vulnerability CVE-2021-36943 High
Windows Update Assistant Windows 10 Update Assistant Elevation of Privilege Vulnerability CVE-2021-36945 High
Microsoft Dynamics Microsoft Dynamics Business Central Cross-site Scripting Vulnerability CVE-2021-36946 High
Windows Print Spooler Components Windows Print Spooler Remote Code Execution Vulnerability CVE-2021-36947 High
Microsoft Azure Active Directory Connect Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability CVE-2021-36949 High
Microsoft Dynamics Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability CVE-2021-36950 High
Microsoft Edge (Chromium-based) Chromium: CVE-2021-30590 Heap buffer overflow in Bookmarks CVE-2021-30590 Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-30591 Use after free in File System API CVE-2021-30591 Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-30592 Out of bounds write in Tab Groups CVE-2021-30592 Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-30593 Out of bounds read in Tab Strip CVE-2021-30593 Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-30594 Use after free in Page Info UI CVE-2021-30594 Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-30596 Incorrect security UI in Navigation CVE-2021-30596 Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-30597 Use after free in Browser UI CVE-2021-30597 Unknown




About Automox Automated Patch Management

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, macOS, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.