9 Zero-days Fixed - 3 Actively Exploited
Patch Tuesday is once again upon us. The Patch Tuesday, July 2021 brings us 117 fixes, 15 of which are rated as critical including a highly critical Microsoft Sharepoint Server RCE vulnerability. We've listed the most important changes below and listed all of the fixes included.
CVE-2021-34527 - PrintNightmare
PrintNightmare has been the topic of the month. The vulnerability in the Print Spooler service was disclosed in CVE-2021-1675 last month, however, it was quickly discovered there was a much larger vulnerability at hand. PrintNightmare received its own CVE code later CVE-2021-34527. This month's cumulative update also includes the out-of-band update changes Microsoft released to fix the PrintNightmare vulnerability, so if you haven't updated last week, it is critical you do now.
CVE-2021-34473- Microsoft Exchange Server RCE
A critical vulnerability in Microsoft Exchange has been fixed, with a CVSS 3.0 base score of 9.1 and the vulnerability already being publically disclosed, it is important to check if your servers have been updated. Luckily Microsoft already fixed this vulnerability in April 2021 but has decided to only disclose the vulnerability now. Regardless, it is important to check if your Exchange servers are up-to-date.
A new set of vulnerabilities that have been fixed today are in Microsoft SharePoint Server. A total of three remote code execution vulnerabilities have been fixed today, listed as CVE-2021-34520, CVE-2021-34468, and CVE-2021-34467. The most critical of the three has a CVSS base score of 8.1 with the other two sitting at a 7.1. If you have SharePoint servers in your IT environment, it is critical that you update them as soon as possible to prevent any security holes.
SQL Compact 4.0 End of Life
Today also marks the last day for SQL Compact (SQL CE) 4.0. SQL Server Compact was designed as a lighter version of the full-blown SQL Server installation. However, the product has already been discontinued by Microsoft for a while but is not officially unsupported.
Critical Vulnerabilities Fixed in July 2021 Patch Tuesday
|
Product |
Severity |
CVE-Code |
|---|---|---|
|
Windows Server 2012 R2 |
Critical |
|
|
Windows Server 2012 R2 |
Critical |
|
|
Windows 10 Version 1607 for 32-bit Systems |
Critical |
|
|
Windows 10 for x64-based Systems |
Critical |
|
|
Windows 10 for 32-bit Systems |
Critical |
|
|
Windows 10 Version 20H2 for ARM64-based Systems |
Critical |
|
|
Windows 10 Version 20H2 for 32-bit Systems |
Critical |
|
|
Windows 10 Version 20H2 for x64-based Systems |
Critical |
|
|
Windows 10 Version 2004 for x64-based Systems |
Critical |
|
|
Windows 10 Version 2004 for ARM64-based Systems |
Critical |
|
|
Windows 10 Version 1809 for 32-bit Systems |
Critical |
|
|
Windows Server 2016 |
Critical |
|
|
Windows Server, version 20H2 (Server Core Installation) |
Critical |
|
|
Windows Server 2019 (Server Core installation) |
Critical |
|
|
Windows Server 2019 |
Critical |