Directors still experiencing the fallout from the PrintNightmare bug should contend with just one of the greater Patch Tuesday releases this yr.
For July Patch Tuesday, Microsoft sent security updates for 116 distinctive CVEs, like a few Windows zero-days and 5 general public disclosures, in a return to the triple-digit releases that were being additional commonplace in 2020. In spite of the significant number of vulnerabilities, admins can use the cumulative update to Windows systems to get rid of the most major threats with out much too considerably work.
“The fantastic news is all a few of the zero-days and a few out of 5 of the general public disclosures are all in the working method,” stated Chris Goettl, senior director of products management for security products and solutions at Ivanti. “If directors manage that July OS update, they will consider care of all those bugs in the just one update this thirty day period.”
Microsoft plugs a few Windows zero-days
Two of the a few zero-days for July Patch Tuesday are elevation-of-privilege vulnerabilities. Attackers who now have a foothold in the environment typically use these bugs to spring an exploit to obtain complete method entry.
CVE-2021-31979 is an elevation-of-privilege bug in the Windows kernel. The vulnerability is rated crucial and influences all supported Windows desktop and client systems. This bug also influences Windows Server 2008/R2 and Windows 7 systems, which remaining prolonged assist. Microsoft, even so, continues to suitable security difficulties for those systems for buyers who subscribe to the Prolonged Safety Updates program.
CVE-2021-33771 is also an elevation-of-privilege vulnerability in the Windows kernel rated crucial. It differs from the other CVE in that it only influences desktop systems commencing with Windows eight.one and afterwards variations, and server systems commencing with Windows Server 2012 and afterwards variations.
After a thriving phishing attempt to obtain entry to a user’s system, a proficient threat actor could wield just one of these elevation-of-privilege bugs in their assault chain to entire the takeover, Goettl stated.
The third Windows zero-day is a scripting motor memory corruption vulnerability (CVE-2021-34448) rated essential for all supported Windows systems. End users can bring about the exploit if they click on on malicious articles hosted on a web site, or click on on a connection in an email and then open a specifically crafted file.
“There is normal phishing attacks and then there is certainly effectively-crafted phishing attacks. ninety seven% of users simply cannot spot a effectively-crafted phishing assault,” Goettl stated.
Fixes sent for general public disclosures
Two of the general public disclosures relate to difficulties with the Active Directory system, which handles user authentication and other resource entry capabilities.
CVE-2021-33779 is an Active Directory Federation Companies security characteristic bypass vulnerability rated crucial for Windows Server 2016 and afterwards variations. The patch strengthens the encryption of major refresh tokens employed for single indicator-on with Azure Active Directory accounts.
CVE-2021-33781 is an Active Directory security characteristic bypass vulnerability rated crucial for Windows 10 and Windows 2019 and afterwards variations. In accordance to Microsoft, the update adds quite a few security-related fixes and enhancements, like revisions to the functionality behind the verification of usernames and passwords.
The third publicly disclosed bug, CVE-2021-34492 is a Windows certificate spoofing vulnerability rated important that influences Windows 7 and up for desktop systems and Windows Server 2008 and up for servers.
“Tricking the working method to make it consider that the certificate you’re signing some thing with is legitimate when it is really not, so you can bypass a good deal of security abilities, is really concerning,” Goettl stated.
Many vulnerabilities corrected for Exchange Server
After a short respite very last thirty day period, Microsoft’s on-premises messaging system, Exchange Server, returned to the spotlight with corrections for 7 vulnerabilities. Having said that, Microsoft’s notes counsel the corporation patched a few of the bugs in April but didn’t involve them in the Safety Update Tutorial until finally this thirty day period. These bugs are:
- CVE-2021-33766 — an info disclosure vulnerability rated crucial for supported variations of Exchange Server.
- CVE-2021-34523 — an elevation-of-privilege vulnerability rated crucial for supported Exchange Server variations. Info for this bug experienced been publicly disclosed.
- CVE-2021-34473 — a remote-code execution vulnerability rated essential for supported variations of Exchange. Info for this flaw experienced been publicly disclosed.
“This is an informational adjust only,” the corporation wrote in its launch notes for the a few CVEs. “Shoppers who have now installed the April 2021 update do not have to have to consider any even more action.”
The adhering to CVEs are new for Exchange Server in April Patch Tuesday:
- CVE-2021-31206 is a remote-code execution vulnerability rated crucial for supported Exchange Server variations. This bug surfaced in the once-a-year Pwn2Own contest in April. Goettl advisable directors prioritize this security update due to the visibility of the exploit at the hacking party, which could have drawn threat actors’ consideration.
- CVE-2021-31196 is a remote-code execution vulnerability rated crucial for supported variations of Exchange.
- CVE-2021-33768 is an elevation-of-privilege bug rated crucial. Microsoft’s notes show the assault vector is adjacent, which means an exploit simply cannot appear right from the net but from a protocol tied to the focus on method, this kind of as Bluetooth or “protected VPN to an administrative network zone.”
- CVE-2021-34470 is an elevation-of-privilege bug rated crucial with the exact same assault vector as CVE-2021-33768. Microsoft stated admins who take care of Exchange Server 2016 or Exchange Server 2019 will see downloads for these variations in the June cumulative update due to a schema adjust.
Multiple Windows DNS server corrections issued
Directors will also want to concentrate on prompt patch deployment for any Area Title Method (DNS) servers in their environments.
Microsoft unveiled fixes for thirteen CVEs related to this important server part. Of all the vulnerabilities, CVE-2021-33780 has just one of the maximum CVSS rating at eight.eight with an evaluation of “Exploitation Far more Very likely.” While only rated as crucial, the bug does not demand user conversation and influences all supported Windows Server variations.
A lot of admins cannot wake up from PrintNightmare ordeal
Microsoft’s security staff unveiled two website posts to supply clarity on PrintNightmare, the vulnerability for which the corporation issued out-of-band updates on July 6 and July 7.
PrintNightmare is the title given to CVE-2021-34527, a remote-code execution vulnerability in the Windows print spooler that influences all supported server and desktop systems, like Windows 7 and Windows Server 2008. Preliminary confusion stemmed from IT pros who conflated this vulnerability with an additional print spooler bug, CVE-2021-1675, that experienced been corrected on June Patch Tuesday. Microsoft unveiled eight revisions to the PrintNightmare CVE and manufactured an intensive FAQ segment to resolve any misunderstandings.
“The security updates unveiled on and after July 6, 2021 incorporate protections for a remote code execution exploit in the Windows Print Spooler services recognised as ‘PrintNightmare,’ documented in CVE-2021-34527, as effectively as for CVE-2021-1675,” the corporation wrote.
Microsoft stated implementing the patch on your own will not mitigate the challenge. Admins should also make the adhering to additions to the Windows registry:
- HKEY_Community_MACHINESOFTWAREPoliciesMicrosoftWindows NTPrintersPointAndPrint
- NoWarningNoElevationOnInstall = (DWORD) or not described (default placing)
- UpdatePromptSettings = (DWORD) or not described (default placing)
The corporation presented two possibilities in addition to the registry fix: disable the print spooler services or disable inbound remote printing by means of Group Plan. Each and every workaround will disable the printing functionality on the method.