Description
Microsoft August 2021 security update released for different Microsoft products in order to patch multiple vulnerabilities. Some notable Vulnerabilities are CVE-2021-34478, CVE-2021-36926 and CVE-2021-34532. Successful exploitation of these vulnerabilities will lead to Remote Code Execution and Information Disclosure.
Affected Products:
• .NET Core & Visual Studio
• ASP .NET
• Azure
• Azure Sphere
• Microsoft Azure Active Directory Connect
• Microsoft Dynamics
• Microsoft Graphics Component
• Microsoft Office
• Microsoft Office SharePoint
• Microsoft Office Word
• Microsoft Scripting Engine
• Microsoft Windows Codecs Library
• Remote Desktop Client
• Windows Bluetooth Service
• Windows Cryptographic Services
• Windows Defender
• Windows Event Tracing
• Windows Media
• Windows MSHTML Platform
• Windows NTLM
• Windows Print Spooler Components
• Windows Services for NFS ONCRPC XDR Driver
• Windows Storage Spaces Controller
• Windows TCP/IP
• Windows Update
• Windows Update Assistant
• Windows User Profile Service
Recommendation
As always we recommend keeping systems patched to the current release level as soon as possible. As this is not always possible, run a vulnerability scan of your estate and patch critical patches on critical assets first, working down the criticality levels.
Review your open source threat intelligence to see if any of your externally facing assets have new vulnerabilities and patch as soon as possible.
References
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34478
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36926
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34532
