Microsoft August 2021 Updates Fixes Critical and Zero-Day Vulnerabilities Actively Exploited

Issued: Thursday, 12 August, 2021	Last Revision: Thursday, 12 August, 2021
Vendor: Microsoft	Product: Multiple
	Severity Level: High

Summary:

Microsoft has released patches for 44 vulnerabilities, with 7 classified as Critical and 37 as Important, including 3 Zero-days with one actively exploited in the wild.

The fix for three zero-day vulnerabilities include:

CVE-2021-36948 Windows Update Medic Service Elevation of Privilege Vulnerability

CVE-2021-36942 Windows LSA Spoofing Vulnerability

CVE-2021-36936 Windows Print Spooler Remote Code Execution Vulnerability

Microsoft August 2021 has fixed problems of remote code execution, information disclosure, denial of service and spoofing vulnerabilities including PrintNightmare and PetitPotam attacks.

Products impacted by August security update included .NET Core & Visual Studio, ASP.NET Core & Visual Studio,

Azure, Windows Update, Windows Print Spooler Components, Windows Media, Windows Defender, Remote Desktop Client, Microsoft Dynamics, Microsoft Edge (Chromium-based), Microsoft Office, Microsoft Office Word, Microsoft Office SharePoint and more.

Organizations are strongly encouraged to apply patches as soon as possible, particularly patches for exploited zero day and critical vulnerabilities.

CVE	Description	CVSS3.0 Score
CVE-2021-26424	Windows TCP/IP Remote Code Execution Vulnerability	9.9
CVE-2021-26432	Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability	9.8
CVE-2021-34480	Scripting Engine Memory Corruption Vulnerability	6.8
CVE-2021-34535	Remote Desktop Client Remote Code Execution Vulnerability	8.8
CVE-2021-36936	Windows Print Spooler Remote Code Execution Vulnerability	8.8
CVE-2021-36942	Windows LSA Spoofing Vulnerability	9.8
CVE-2021-36947	Windows Print Spooler Remote Code Execution Vulnerability	8.8
CVE-2021-36948	Windows Update Medic Service Elevation of Privilege Vulnerability	7.8