Patch Tuesday Update – July 2021

Patch Tuesday Update - July 2021

Patch Tuesday Update – July 2021

Patch Tuesday has come around once more, and there is no denying that this month has proven to be a busy one for system administrators everywhere. That’s courtesy of patches for 117 Common Vulnerabilities and Exposures. 13 of these CVEs are labelled “Critical”, 102 are categorised as “Important” with an additional 1 “Moderate” CVE and 1 “Low” CVE flagging this month.

Windows Print Spooler Remote Code Execution Vulnerability – CVE-2021-34527 

It is worth elaborating on CVE-2021-34527, the aptly named “PrintNightmare” Remote Code Execution vulnerability. Microsoft state that “A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations”. Microsoft has advised that patches for CVE-2021-34527 should be applied to all Windows operating systems as soon as possible. In addition, Microsoft has also stated that a registry change should be added to fully secure systems.

Scripting Engine Memory Corruption Vulnerability – CVE-2021-34448 

Microsoft has stated this Remote Code Execution vulnerability is actively being exploited in the wild. For an attacker to capitalise on this vulnerability, they would have to convince a user to visit a compromised website. The user would then have to open an infected file. If exploited, the attacker would be able to run code on the user’s system.

Other notable CVEs that Microsoft has released patches for include the elevation of privilege flaws in CVE-2021-33771 and CVE-2021-31979. Both of which are being actively exploited in the wild, and so must be patched immediately.   

3rd Party Updates

Adobe released a wealth of updates across its suite of products. Most critical is the patch for Adobe Acrobat and Reader (APSB21-51). This patch resolves 14 critical CVEs with the highest CVSS score coming in at 8.8. Adobe has labelled updates to their other products (Bridge, Dimension, Illustrator, and Framemaker) as Priority 3. This effectively means the possibility of them being exploited is less likely. Nevertheless, Adobe has advised pushing all updates out as soon as possible.  

Additional Updates to consider 

It is worth noting that Firefox, Chrome, and Oracle have all released important security updates this month also. System administrators should be working to apply updates with urgency.

– Patrick Collins, Vulnerability Management

Leave a Reply

Your email address will not be published. Required fields are marked *