Vulristics Microsoft Patch Tuesday July 2021: Zero-days EoP in Kernel and RCE in...
source link: https://avleonov.com/2021/07/15/vulristics-microsoft-patch-tuesday-july-2021-zero-days-eop-in-kernel-and-rce-in-scripting-engine-rces-in-kernel-dns-server-exchange-and-hyper-v/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Vulristics Microsoft Patch Tuesday July 2021: Zero-days EoP in Kernel and RCE in Scripting Engine, RCEs in Kernel, DNS Server, Exchange and Hyper-V
Hello everyone! For the past 9 months, I’ve been doing Microsoft Patch Tuesday reviews quarterly. Now I think it would be better to review the July Patch Tuesday while the topic is still fresh. And that will save us some time in the next Last Week’s Security news episode. So, July Patch Tuesday, 116 vulnerabilities.
The 2 most critical are the Windows Kernel Elevation of Privilege Vulnerabilities (CVE-2021-31979, CVE-2021-33771). These vulnerabilities are critical because they are used in real attacks according to Microsoft’s Threat Intelligence Center and Security Response Center. Tenable: “A local, authenticated attacker could exploit these vulnerabilities to run processes with elevated permissions. Similar zero-day vulnerabilities were patched in April 2020, which were observed under active exploitation by Google Project Zero.”
Another vulnerability with a sign of exploitation in the wild is Scripting Engine Memory Corruption Vulnerability (CVE-2021-34448). ZDI: “The vulnerability allows an attacker to execute their code on an affected system if a user browses to a specially crafted website. The code execution would occur at the logged-on user level. This is also a case where CVSS doesn’t quite offer a true glimpse of the threat. Microsoft lists the attack complexity as high, which knocks this from a high severity (>8) to a medium severity (6.8). However, if there are already active attacks, does complexity matter? Regardless, treat this as critical since it could allow code execution on every supported version of Windows.”
A rare Windows Kernel Remote Code Execution Vulnerability (CVE-2021-34458). ZDI “This bug impacts systems hosting virtual machines with single root input/output virtualization (SR-IOV) devices. It’s not clear how widespread this configuration is, but considering this bug rates as a CVSS 9.9, it’s not one to ignore. If you have virtual machines in your environment, test and patch quickly.”
Next most critical 3 Remote Code Executions in Windows DNS Server (CVE-2021-33780, CVE-2021-34494, CVE-2021-34525). User interaction is not required for the exploitation. Tenable: “Based on the scores provided, exploitation of these flaws would require a low privileged account, presumably with the ability to send crafted DNS requests across the network, to target an affected DNS Server.”
RCE in Microsoft Exchange Server (CVE-2021-31206). It was disclosed during the last Pwn2Own contest. Nothing else is known about it. It is not yet clear whether this will be the second ProxyLogon. And there’s a funny thing about Exchange as well. ZDI: “The real surprise in this month’s Exchange patches are the three bugs patched in April but not documented until today.” So, you understand, right? You are trying to figure out, based on the analysis of the CVE list, whether it is worth installing a particular patch. But it turns out that the information about what exactly fixes this patch is incomplete. Therefore, if possible, just install all patches regularly, rather than trying to choose what to install and what not.
And finally “Exploitation Less Likely” RCE vulnerability in Windows Hyper-V (CVE-2021-34450). Tenable: “It would allow an attacker who is authenticated to a guest virtual machine (VM) to send crafted requests to execute arbitrary code on the host machine (…) it is important to consider that malware variants commonly look to escape VMs and infect the host machine”.
Hi! My name is Alexander and I am an Information Security Automation specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
Recommend
-
9
I am doing this episode about July vulnerabilities already in August. There are 2 reasons for this. First of all, July Microsoft Patch Tuesday was published in the middle of the month, as late as possible. Secondly, in the second half of July...
-
10
09Feb 21 Microsoft Patch Tuesday, February 2021 Edition Microsoft today rolled out updates to plug at least 56 security holes in its Windows operating systems an...
-
11
Vulristics: Beyond Microsoft Patch Tuesdays, Analyzing Arbitrary CVEs Leave a reply
-
4
Vulristics: Microsoft Patch Tuesdays Q1 2021 Leave a reply Hello everyone! It has been 3 months si...
-
10
Vulristics: Microsoft Patch Tuesdays Q2 2021 Leave a reply Hello everyone! Let’s now talk about Mi...
-
13
Windows 10 July Patch Tuesday (KB5015807) is out — here's what's new and what's broken...
-
11
Microsoft Patch Tuesday July 2022: propaganda report, CSRSS EoP, RPC RCE, Edge, Azure Site Recovery
-
6
Apple & Microsoft Patch Tuesday, July 2023 Edition – Krebs on Security Microsoft Corp. today released software updates to quash 130 security bugs in its Windows
-
7
Hello everyone! This episode will be about Microsoft Patch Tuesday for July 2023, including vulnerabilities that were added between June and July Patch Tuesdays. Alternative video link (for Russia):
-
3
October 2023: back to Positive Technologies, Vulristics updates, Linux Patch Wednesday, Microsoft Patch Tuesday, PhysTech VM lecture
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK