Coming Soon...

Q-CERT website is currently under maintenance. We should be back shortly. Thank you for yor patience.

Microsoft July Update Fixes Multiple Zero-Days Exploited

Issued: 
Wednesday, 14 July, 2021
Last Revision: 
Wednesday, 14 July, 2021
Vendor: 
Microsoft
Product: 
Multiple
Severity Level: 
High
Summary: 
Microsoft has released patches for 117 vulnerabilities, with 13 classified as Critical, 103 Important, and 1 as Moderate. This includes 9 zero-days vulnerabilities, with 3 actively exploited in the wild, excluding CVE-2121-34527(PrintNightnare). Microsoft has released out of band patch for CVE-2121-34527 and same has been already communicated to entities for necessary action.
 
Microsoft July 2021 patches has fixed remote code execution (RCE), privilege escalation, information disclosure, memory corruption, denial-of-service, security feature bypass and spoofing issues.
 
Products impacted by July’21 security update include Microsoft Office, .NET Core & Visual Studio, the Edge browser, Windows Cryptographic Services, SharePoint, Outlook, and Excel.
 
Organizations are strongly encouraged to apply patches for all impacted products in their environment as soon as possible, prioritizing patches for exploited and critical vulnerabilities. 
 

Description

CVE

CVSS v3.0

Scripting Engine Memory Corruption Vulnerability

CVE-2021-34448

6.8

Windows Kernel Elevation of Privilege Vulnerability

CVE-2021-31979

7.8

Windows Kernel Elevation of Privilege Vulnerability

CVE-2021-33771

7.8

Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2021-34473

9.1

Active Directory Security Feature Bypass Vulnerability

CVE-2021-33781

8.1

Microsoft Exchange Server Elevation of Privilege

CVE-2021-34523

9.0

Windows ADFS Security Feature Bypass Vulnerability

CVE-2021-33779

8.1

Windows Certificate Spoofing Vulnerability

CVE-2021-34492

8.1

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2021-34467

7.1

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2021-34468

7.1

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2021-34520

8.1

 

 
Recommendation: 

Microsoft has released patches to address these vulnerabilities and recommends organizations to urgently mitigate them.

References: 
https://msrc.microsoft.com/update-guide/
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34448
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31979
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33771
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33781
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33781
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33779
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34492
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34467
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34468
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34468