{"id":21003,"date":"2021-08-13T06:23:24","date_gmt":"2021-08-13T04:23:24","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=21003"},"modified":"2021-08-14T10:06:49","modified_gmt":"2021-08-14T08:06:49","slug":"microsoft-security-update-revisions-august-2021-patchday-sicherheitsfixes","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2021\/08\/13\/microsoft-security-update-revisions-august-2021-patchday-sicherheitsfixes\/","title":{"rendered":"Microsoft Security Update Revisions & August 2021 patchday security fixes"},"content":{"rendered":"

\"Sicherheit[German<\/a>]Microsoft has closed a number of vulnerabilities with updates on patchday (August 10, 2021). I have an overview that I am posting for the sake of completeness. In addition, Microsoft has distributed two security update revisions in the days in mails, which I also publish here. Maybe this is of interest for someone.<\/p>\n

<\/p>\n

Microsoft Security Update Revisions<\/h2>\n

\"\"As of August 11, Microsoft has published the following information about the Print Spooler Service vulnerability.<\/p>\n

***********************************************************************
Title: Microsoft Security Update Revisions
Issued: August 11, 2021
***********************************************************************<\/p>\n

Summary
=======<\/p>\n

The following CVE has been published to the Security Update Guide.<\/p>\n

=======================================================================<\/p>\n

* CVE-2021-36958<\/p>\n

CVE-2021-36958<\/a> | Windows Print Spooler Remote Code Execution Vulnerability
– Version: 1.0
– Reason for Revision: Information published.
– Originally posted: August 11, 2021
– Updated: N\/A
– Aggregate CVE Severity Rating: Important<\/p>\n

I had already written something about this issue in the article Windows PrintNightmare, next round with CVE-2021-36958<\/a>. The PrintNightmare vulnerabilities are already being exploited in the wild (see Ransomware gang uses PrintNightmare to attack Windows servers<\/a>). In addition, the following document has been published with references to further revisions. <\/p>\n

***********************************************************************
Title: Microsoft Security Update Revisions
Issued: August 11, 2021
***********************************************************************<\/p>\n

Summary
=======<\/p>\n

The following CVEs have undergone a major revision increment.<\/p>\n

=======================================================================<\/p>\n

* CVE-2021-34524
* CVE-2021-36949<\/p>\n

CVE-2021-34524<\/a> | Microsoft Dynamics 365 (on-premises) Remote Code Execution
   Vulnerability
– Version: 2.0
– Reason for Revision: Microsoft is announcing the availability of the security
   updates for Microsoft Dynamics 365 (on-premises) version 9.1. Customers running
   affected Dynamics software should install the update for their product to be
   protected from this vulnerability. Customers running other versions of Microsoft
   Dynamics 365 (on-premises) do not need to take any action. See the KB4618809
   for more information and download links.
– Originally posted: August 10, 2021
– Updated: August 11, 2021
– Aggregate CVE Severity Rating: Important<\/p>\n

CVE-2021-36949<\/a> | Microsoft Azure Active Directory Connect Authentication Bypass
   Vulnerability
– Version: 2.0
– Reason for Revision: The following revisions have been made: 1) In the Security
   Updates table, added Azure Active Directory Connect Provisioning Agent as it
   is also affected by this vulnerability 2) Updated FAQs.
– Originally posted: August 10, 2021
– Updated: August 10, 2021
– Aggregate CVE Severity Rating: Important<\/p>\n

***********************************************************************
Title: Microsoft Security Update Revisions
Issued: August 12, 2021
***********************************************************************<\/p>\n

Summary
=======<\/p>\n

The following CVE has undergone informational revisions.<\/p>\n

=======================================================================<\/p>\n

The following CVEs have undergone a major revision increment.<\/p>\n

CVE-2021-26423<\/a> | .NET Core and Visual Studio Denial of Service Vulnerability
– Version: 2.0
– Reason for Revision: Revised the Security Updates table to include PowerShell 7.0
   and PowerShell 7.1 because these versions of PowerShell 7 incorporate the versions
   of .NET Core that are affected by this vulnerability. See
   https:\/\/github.com\/PowerShell\/Announcements\/issues\/25<\/a> for more information.
– Originally posted: August 10, 2021
– Updated: August 12, 2021
– Aggregate CVE Severity Rating: Important<\/p>\n

* CVE-2021-34485<\/p>\n

CVE-2021-34485<\/a> | .NET Core and Visual Studio Denial of Service Vulnerability
– Version: 2.0
– Reason for Revision: Revised the Security Updates table to include PowerShell 7.0
   and PowerShell 7.1 because these versions of PowerShell 7 incorporate the versions
   of .NET Core that are affected by this vulnerability. See
   https:\/\/github.com\/PowerShell\/Announcements\/issues\/24<\/a> for more information.
– Originally posted: August 10, 2021
– Updated: August 12, 2021
– Aggregate CVE Severity Rating: Important<\/p>\n

The following CVEs have undergone informational revisions.<\/p>\n

CVE-2021-26432<\/a> | Windows Services for NFS ONCRPC XDR Driver Remote Code Execution
   Vulnerability
– Version: 1.1
– Reason for Revision: Added FAQ to provide further vulnerability details.
   This is an informational change only.
– Originally posted: August 10, 2021
– Updated: August 12, 2021
– Aggregate CVE Severity Rating: Critical<\/p>\n

CVE-2021-36934<\/a> | Windows Elevation of Privilege Vulnerability
– Version: 5.1
– Reason for Revision: Updated FAQ information. This is an informational change
   only.
– Originally posted: July 20, 2021
– Updated: August 12, 2021
– Aggregate CVE Severity Rating: Important<\/p>\n

QuaQualys August 2021 Patchday Overview <\/h2>\n

Microsoft and Adobe released security updates for various products on Patch Tuesday (August 10, 2021). Microsoft closed 51 vulnerabilities, 7 of which were critical, and 3 were 0-days. Adobe closed 29 vulnerabilities through security update. A detailed overview of the patched vulnerabilities can be found in this Qualys report<\/a>. <\/p>\n","protected":false},"excerpt":{"rendered":"

[German]Microsoft has closed a number of vulnerabilities with updates on patchday (August 10, 2021). I have an overview that I am posting for the sake of completeness. In addition, Microsoft has distributed two security update revisions in the days in … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[2659,69,195],"class_list":["post-21003","post","type-post","status-publish","format-standard","hentry","category-security","tag-patchday-8-2021","tag-security","tag-update"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/21003","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=21003"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/21003\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=21003"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=21003"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=21003"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}