July 2021 Patch Tuesday Index

Don't miss a single vulnerability this Patch Tuesday. The latest patches and updates from Microsoft and multiple third-party applications can be found in July's Patch Tuesday Index below.

Microsoft ushers in the 2nd half of 2021 with a massive Patch Tuesday, releasing fixes for a total of 116 vulnerabilities, 12 of which are critical severity, and 2 that have already been exploited in the wild. July represents a dramatic shift from the relatively light releases we’ve witnessed over previous months and highlights an uptick in zero-day exploits and the urgency needed to keep pace with a growing list of threats. While the critical vulnerability within Windows Print Spooler, better known as PrintNightmare, has been at the center of attention lately due to its scope of impact and extremely high probability of exploitation, there are plenty of other critical security flaws this month that require urgent attention as well.

Adobe has also released security updates for 5 products. Products affected include Adobe Dimension, Illustrator, Framemaker, Bridge, and Acrobat & Reader. Each bulletin received Adobe Priority Rating 3, except for the bulletin relating to Acrobat & Reader which was raised to Priority Rating 2.

Earlier in the month, Mozilla released updates for Firefox 90, Firefox ESR 78.12, and Thunderbird 78.12. All three security bulletins were rated High by Mozilla.

Automox Patch Tuesday expert Justin Knapp breaks down all of July's Patch Tuesday in our Automating Patch Tuesday: July 2021 webinar.

Updated Live. Last Update 12:05 PM EST July 13, 2021.

firefox Mozilla Firefox
Product
Title
Identifier
Severity
Firefox 9 security vulnerabilities fixed in Firefox 90 MFSA 2021-28 High
Firefox ESR 3 security vulnerabilities fixed in Firefox ESR 78.12 MFSA 2021-29 High
Thunderbird 4 security vulnerabilities fixed in Thunderbird 78.12 MFSA 2021-30 High
adobe Adobe
Product
Title
Identifier
Severity
Adobe Dimension 1 security vulnerability fixed in Dimension APSB21-40 Adobe Priority 3
Dimension 5 security vulnerabilities fixed in Adobe Bridge APSB21-53 Adobe Priority 3
Adobe Acrobat and Reader 19 security vulnerabilities fixed in Adobe Acrobat and Reader APSB21-51 Adobe Priority 2
Adobe Framemaker 1 security vulnerability fixed in Adobe Framemaker APSB21-45 Adobe Priority 3
Adobe Illustrator 3 security vulnerability fixed in Adobe Illustrator APSB21-42 Adobe Priority 3
microsoft Microsoft
Product
Title
Identifier
Severity
Microsoft Scripting Engine Scripting Engine Memory Corruption Vulnerability CVE-2021-34448 Critical
Microsoft Exchange Server Microsoft Exchange Server Remote Code Execution Vulnerability CVE-2021-34473 Critical
Microsoft Windows Codecs Library Windows Media Remote Code Execution Vulnerability CVE-2021-33740 Critical
Microsoft Windows Media Foundation Microsoft Windows Media Foundation Remote Code Execution Vulnerability CVE-2021-34439 Critical
Role: Hyper-V Windows Hyper-V Remote Code Execution Vulnerability CVE-2021-34450 Critical
Windows Kernel Windows Kernel Remote Code Execution Vulnerability CVE-2021-34458 Critical
Windows Defender Microsoft Defender Remote Code Execution Vulnerability CVE-2021-34464 Critical
Dynamics Business Central Control Dynamics Business Central Remote Code Execution Vulnerability CVE-2021-34474 Critical
Role: DNS Server Windows DNS Server Remote Code Execution Vulnerability CVE-2021-34494 Critical
Windows MSHTML Platform Windows MSHTML Platform Remote Code Execution Vulnerability CVE-2021-34497 Critical
Microsoft Windows Media Foundation Microsoft Windows Media Foundation Remote Code Execution Vulnerability CVE-2021-34503 Critical
Windows Defender Microsoft Defender Remote Code Execution Vulnerability CVE-2021-34522 Critical
Microsoft Exchange Server Microsoft Exchange Server Elevation of Privilege Vulnerability CVE-2021-34523 High
Windows Active Directory Active Directory Security Feature Bypass Vulnerability CVE-2021-33779 High
Windows Active Directory Active Directory Security Feature Bypass Vulnerability CVE-2021-33781 High
Windows PFX Encryption Windows Certificate Spoofing Vulnerability CVE-2021-34492 High
Windows TCP/IP Windows TCP/IP Driver Denial of Service Vulnerability CVE-2021-31183 High
Microsoft Exchange Server Microsoft Exchange Server Remote Code Execution Vulnerability CVE-2021-31196 High
Microsoft Exchange Server Microsoft Exchange Server Remote Code Execution Vulnerability CVE-2021-31206 High
Microsoft Windows Codecs Library HEVC Video Extensions Remote Code Execution Vulnerability CVE-2021-31947 High
Windows Installer Windows InstallService Elevation of Privilege Vulnerability CVE-2021-31961 High
Windows Kernel Windows Kernel Elevation of Privilege Vulnerability CVE-2021-31979 High
Power BI Power BI Remote Code Execution Vulnerability CVE-2021-31984 High
Windows Projected File System Windows Projected File System Elevation of Privilege Vulnerability CVE-2021-33743 High
Windows Secure Kernel Mode Windows Secure Kernel Mode Security Feature Bypass Vulnerability CVE-2021-33744 High
Role: DNS Server Windows DNS Server Denial of Service Vulnerability CVE-2021-33745 High
Microsoft Windows DNS Windows DNS Server Denial of Service Vulnerability CVE-2021-33746 High
Role: DNS Server Windows DNS Snap-in Remote Code Execution Vulnerability CVE-2021-33749 High
Role: DNS Server Windows DNS Snap-in Remote Code Execution Vulnerability CVE-2021-33750 High
Windows Storage Spaces Controller Storage Spaces Controller Elevation of Privilege Vulnerability CVE-2021-33751 High
Role: DNS Server Windows DNS Snap-in Remote Code Execution Vulnerability CVE-2021-33752 High
Microsoft Bing Microsoft Bing Search Spoofing Vulnerability CVE-2021-33753 High
Microsoft Windows DNS Windows DNS Server Denial of Service Vulnerability CVE-2021-33754 High
Role: Hyper-V Windows Hyper-V Denial of Service Vulnerability CVE-2021-33755 High
Role: DNS Server Windows DNS Snap-in Remote Code Execution Vulnerability CVE-2021-33756 High
Windows Security Account Manager Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability CVE-2021-33757 High
Role: Hyper-V Windows Hyper-V Denial of Service Vulnerability CVE-2021-33758 High
Windows Desktop Bridge Windows Desktop Bridge Elevation of Privilege Vulnerability CVE-2021-33759 High
Microsoft Windows Codecs Library Media Foundation Information Disclosure Vulnerability CVE-2021-33760 High
Windows Remote Access Connection Manager Windows Remote Access Connection Manager Elevation of Privilege Vulnerability CVE-2021-33761 High
Windows Remote Access Connection Manager Windows Remote Access Connection Manager Information Disclosure Vulnerability CVE-2021-33763 High
Windows Key Distribution Center Windows Key Distribution Center Information Disclosure Vulnerability CVE-2021-33764 High
Windows Installer Windows Installer Spoofing Vulnerability CVE-2021-33765 High
Microsoft Exchange Server Microsoft Exchange Information Disclosure Vulnerability CVE-2021-33766 High
OpenEnclave Open Enclave SDK Elevation of Privilege Vulnerability CVE-2021-33767 High
Microsoft Exchange Server Microsoft Exchange Server Elevation of Privilege Vulnerability CVE-2021-33768 High
Windows Kernel Windows Kernel Elevation of Privilege Vulnerability CVE-2021-33771 High
Windows TCP/IP Windows TCP/IP Driver Denial of Service Vulnerability CVE-2021-33772 High
Windows Remote Access Connection Manager Windows Remote Access Connection Manager Elevation of Privilege Vulnerability CVE-2021-33773 High
Windows Event Tracing Windows Event Tracing Elevation of Privilege Vulnerability CVE-2021-33774 High
Microsoft Windows Codecs Library HEVC Video Extensions Remote Code Execution Vulnerability CVE-2021-33775 High
Microsoft Windows Codecs Library HEVC Video Extensions Remote Code Execution Vulnerability CVE-2021-33776 High
Microsoft Windows Codecs Library HEVC Video Extensions Remote Code Execution Vulnerability CVE-2021-33777 High
Microsoft Windows Codecs Library HEVC Video Extensions Remote Code Execution Vulnerability CVE-2021-33778 High
Role: DNS Server Windows DNS Server Remote Code Execution Vulnerability CVE-2021-33780 High
Windows Authenticode Windows Authenticode Spoofing Vulnerability CVE-2021-33782 High
Windows SMB Windows SMB Information Disclosure Vulnerability CVE-2021-33783 High
Windows Cloud Files Mini Filter Driver Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability CVE-2021-33784 High
Windows AF_UNIX Socket Provider Windows AF_UNIX Socket Provider Denial of Service Vulnerability CVE-2021-33785 High
Windows Local Security Authority Subsystem Service Windows LSA Security Feature Bypass Vulnerability CVE-2021-33786 High
Windows Local Security Authority Subsystem Service Windows LSA Denial of Service Vulnerability CVE-2021-33788 High
Microsoft Graphics Component Windows Font Driver Host Remote Code Execution Vulnerability CVE-2021-34438 High
Microsoft Graphics Component GDI+ Information Disclosure Vulnerability CVE-2021-34440 High
Microsoft Windows Media Foundation Microsoft Windows Media Foundation Remote Code Execution Vulnerability CVE-2021-34441 High
Microsoft Windows DNS Windows DNS Server Denial of Service Vulnerability CVE-2021-34442 High
Role: DNS Server Windows DNS Server Denial of Service Vulnerability CVE-2021-34444 High
Windows Remote Access Connection Manager Windows Remote Access Connection Manager Elevation of Privilege Vulnerability CVE-2021-34445 High
Windows HTML Platform Windows HTML Platform Security Feature Bypass Vulnerability CVE-2021-34446 High
Windows MSHTML Platform Windows MSHTML Platform Remote Code Execution Vulnerability CVE-2021-34447 High
Windows Win32K Win32k Elevation of Privilege Vulnerability CVE-2021-34449 High
Microsoft Office Microsoft Office Online Server Spoofing Vulnerability CVE-2021-34451 High
Microsoft Office Microsoft Word Remote Code Execution Vulnerability CVE-2021-34452 High
Windows Shell Windows Remote Access Connection Manager Information Disclosure Vulnerability CVE-2021-34454 High
Windows File History Service Windows File History Service Elevation of Privilege Vulnerability CVE-2021-34455 High
Windows Remote Access Connection Manager Windows Remote Access Connection Manager Elevation of Privilege Vulnerability CVE-2021-34456 High
Windows Remote Access Connection Manager Windows Remote Access Connection Manager Information Disclosure Vulnerability CVE-2021-34457 High
Windows AppContainer Windows AppContainer Elevation Of Privilege Vulnerability CVE-2021-34459 High
Windows Storage Spaces Controller Storage Spaces Controller Elevation of Privilege Vulnerability CVE-2021-34460 High
Windows Kernel Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability CVE-2021-34461 High
Windows AppX Deployment Extensions Windows AppX Deployment Extensions Elevation of Privilege Vulnerability CVE-2021-34462 High
Windows Hello Windows Hello Security Feature Bypass Vulnerability CVE-2021-34466 High
Microsoft Office SharePoint Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2021-34467 High
Microsoft Office SharePoint Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2021-34468 High
Microsoft Office Microsoft Office Security Feature Bypass Vulnerability CVE-2021-34469 High
Microsoft Exchange Server Microsoft Exchange Server Elevation of Privilege Vulnerability CVE-2021-34470 High
Common Internet File System Bowser.sys Denial of Service Vulnerability CVE-2021-34476 High
Visual Studio Code - .NET Runtime Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability CVE-2021-34477 High
Visual Studio Code Microsoft Visual Studio Spoofing Vulnerability CVE-2021-34479 High
Windows Console Driver Windows Console Driver Elevation of Privilege Vulnerability CVE-2021-34488 High
Microsoft Graphics Component DirectWrite Remote Code Execution Vulnerability CVE-2021-34489 High
Windows TCP/IP Windows TCP/IP Driver Denial of Service Vulnerability CVE-2021-34490 High
Windows Win32K Win32k Information Disclosure Vulnerability CVE-2021-34491 High
Windows Partition Management Driver Windows Partition Management Driver Elevation of Privilege Vulnerability CVE-2021-34493 High
Microsoft Graphics Component Windows GDI Information Disclosure Vulnerability CVE-2021-34496 High
Microsoft Graphics Component Windows GDI Elevation of Privilege Vulnerability CVE-2021-34498 High
Microsoft Windows DNS Windows DNS Server Denial of Service Vulnerability CVE-2021-34499 High
Role: Hyper-V Windows Hyper-V Information Disclosure Vulnerability CVE-2021-34500 High
Microsoft Office Excel Microsoft Excel Remote Code Execution Vulnerability CVE-2021-34501 High
Windows Address Book Windows Address Book Remote Code Execution Vulnerability CVE-2021-34504 High
Windows Remote Assistance Windows Remote Assistance Information Disclosure Vulnerability CVE-2021-34507 High
Windows Kernel Windows Kernel Remote Code Execution Vulnerability CVE-2021-34508 High
Windows Storage Spaces Controller Storage Spaces Controller Information Disclosure Vulnerability CVE-2021-34509 High
Windows Storage Spaces Controller Storage Spaces Controller Elevation of Privilege Vulnerability CVE-2021-34510 High
Windows Installer Windows Installer Elevation of Privilege Vulnerability CVE-2021-34511 High
Windows Storage Spaces Controller Storage Spaces Controller Elevation of Privilege Vulnerability CVE-2021-34512 High
Windows Storage Spaces Controller Storage Spaces Controller Elevation of Privilege Vulnerability CVE-2021-34513 High
Windows Kernel Windows Kernel Elevation of Privilege Vulnerability CVE-2021-34514 High
Windows Win32K Win32k Elevation of Privilege Vulnerability CVE-2021-34516 High
Microsoft Office SharePoint Microsoft SharePoint Server Spoofing Vulnerability CVE-2021-34517 High
Microsoft Office Excel Microsoft Excel Remote Code Execution Vulnerability CVE-2021-34518 High
Microsoft Office SharePoint Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2021-34520 High
Microsoft Windows Codecs Library Raw Image Extension Remote Code Execution Vulnerability CVE-2021-34521 High
Role: DNS Server Windows DNS Server Remote Code Execution Vulnerability CVE-2021-34525 High
Visual Studio Code Visual Studio Code Remote Code Execution Vulnerability CVE-2021-34528 High
Visual Studio Code Visual Studio Code Remote Code Execution Vulnerability CVE-2021-34529 High
Microsoft Office SharePoint Microsoft SharePoint Server Information Disclosure Vulnerability CVE-2021-34519 Medium



About Automox Automated Patch Management

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, macOS, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.