Microsoft Patch Tuesday – July 2021 - Hexafusion Blog | Hexafusion

Hexafusion Blog

Microsoft Patch Tuesday – July 2021

microsoft-patch-tuesday

9 Zero-days Fixed - 3 Actively Exploited

Patch Tuesday is once again upon us. The Patch Tuesday, July 2021 brings us 117 fixes, 15 of which are rated as critical including a highly critical Microsoft Sharepoint Server RCE vulnerability. We've listed the most important changes below and listed all of the fixes included.

CVE-2021-34527 - PrintNightmare

PrintNightmare has been the topic of the month. The vulnerability in the Print Spooler service was disclosed in CVE-2021-1675 last month, however, it was quickly discovered there was a much larger vulnerability at hand. PrintNightmare received its own CVE code later CVE-2021-34527. This month's cumulative update also includes the out-of-band update changes Microsoft released to fix the PrintNightmare vulnerability, so if you haven't updated last week, it is critical you do now. 

CVE-2021-34473- Microsoft Exchange Server RCE

A critical vulnerability in Microsoft Exchange has been fixed, with a CVSS 3.0 base score of 9.1 and the vulnerability already being publically disclosed, it is important to check if your servers have been updated. Luckily Microsoft already fixed this vulnerability in April 2021 but has decided to only disclose the vulnerability now. Regardless, it is important to check if your Exchange servers are up-to-date.

Multiple Microsoft SharePoint Server RCE Vulnerabilities

A new set of vulnerabilities that have been fixed today are in Microsoft SharePoint Server. A total of three remote code execution vulnerabilities have been fixed today, listed as CVE-2021-34520, CVE-2021-34468, and CVE-2021-34467. The most critical of the three has a CVSS base score of 8.1 with the other two sitting at a 7.1. If you have SharePoint servers in your IT environment, it is critical that you update them as soon as possible to prevent any security holes.

SQL Compact 4.0 End of Life

Today also marks the last day for SQL Compact (SQL CE) 4.0. SQL Server Compact was designed as a lighter version of the full-blown SQL Server installation. However, the product has already been discontinued by Microsoft for a while but is not officially unsupported.

Critical Vulnerabilities Fixed in July 2021 Patch Tuesday

Product

Severity

CVE-Code

Windows Server 2012 R2

Critical

CVE-2021-34493

Windows Server 2012 R2

Critical

CVE-2021-34523

Windows 10 Version 1607 for 32-bit Systems

Critical

CVE-2021-33767

Windows 10 for x64-based Systems

Critical

CVE-2021-34522

Windows 10 for 32-bit Systems

Critical

CVE-2021-34521

Windows 10 Version 20H2 for ARM64-based Systems

Critical

CVE-2021-34474

Windows 10 Version 20H2 for 32-bit Systems

Critical

CVE-2021-34528

Windows 10 Version 20H2 for x64-based Systems

Critical

CVE-2021-34451

Windows 10 Version 2004 for x64-based Systems

Critical

CVE-2021-34470

Windows 10 Version 2004 for ARM64-based Systems

Critical

CVE-2021-34469

Windows 10 Version 1809 for 32-bit Systems

Critical

CVE-2021-34520

Windows Server 2016

Critical

CVE-2021-33779

Windows Server, version 20H2 (Server Core Installation)

Critical

CVE-2021-33778

Windows Server 2019 (Server Core installation)

Critical

CVE-2021-33765

Windows Server 2019

Critical

CVE-2021-33764

Microsoft Patch Tuesday – September 2021
Kaseya VSA zero-day Attack Became The Biggest Glob...

By accepting you will be accessing a service provided by a third-party external to https://hexafusion.com/