ID CVE-2021-34494 Type cve Reporter secure@microsoft.com Modified 2021-07-19T18:04:00
Description
Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33746, CVE-2021-33754, CVE-2021-33780, CVE-2021-34525.
{"id": "CVE-2021-34494", "bulletinFamily": "NVD", "title": "CVE-2021-34494", "description": "Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33746, CVE-2021-33754, CVE-2021-33780, CVE-2021-34525.", "published": "2021-07-14T18:15:00", "modified": "2021-07-19T18:04:00", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34494", "reporter": "secure@microsoft.com", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34494"], "cvelist": ["CVE-2021-34494"], "immutableFields": [], "type": "cve", "lastseen": "2021-07-20T07:49:23", "edition": 2, "viewCount": 89, "enchantments": {"dependencies": {"references": [{"type": "mscve", "idList": ["MS:CVE-2021-34494"]}, {"type": "krebs", "idList": ["KREBS:831FD0B726B800B2995A68BA50BD8BE3"]}, {"type": "avleonov", "idList": ["AVLEONOV:BAA1E4E49B508F98138C7EBA9B9C07E6"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:12BC089A56EB28CFD168EC09B070733D"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:42218FB85F05643E0B2C2C7D259EFEB5"]}, {"type": "thn", "idList": ["THN:9FD8A70F9C17C3AF089A104965E48C95"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_JUL_5004305.NASL", "SMB_NT_MS21_JUL_5004294.NASL", "SMB_NT_MS21_JUL_5004237.NASL", "SMB_NT_MS21_JUL_5004307.NASL", "SMB_NT_MS21_JUL_5004298.NASL", "SMB_NT_MS21_JUL_5004238.NASL", "SMB_NT_MS21_JUL_5004244.NASL"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:4B35B23167A9D5E016537F6A81E4E9D4"]}], "modified": "2021-07-20T07:49:23", "rev": 2}, "score": {"value": 3.6, "vector": "NONE", "modified": "2021-07-20T07:49:23", "rev": 2}, "twitter": {"counter": 10, "tweets": [{"link": "https://twitter.com/threatintelctr/status/1416231336516349953", "text": " NEW: CVE-2021-33780 Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33746, CVE-2021-33754, CVE-2021-34494, CVE-2021-34525. Severity: HIGH https://t.co/9gAaeeNAjS?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1416231336516349953", "text": " NEW: CVE-2021-33780 Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33746, CVE-2021-33754, CVE-2021-34494, CVE-2021-34525. Severity: HIGH https://t.co/9gAaeeNAjS?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1416231335530729475", "text": " NEW: CVE-2021-33754 Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33746, CVE-2021-33780, CVE-2021-34494, CVE-2021-34525. Severity: HIGH https://t.co/eb4ZsC7LRy?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1416231335530729475", "text": " NEW: CVE-2021-33754 Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33746, CVE-2021-33780, CVE-2021-34494, CVE-2021-34525. Severity: HIGH https://t.co/eb4ZsC7LRy?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1416231335585255424", "text": " NEW: CVE-2021-33746 Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33754, CVE-2021-33780, CVE-2021-34494, CVE-2021-34525. Severity: HIGH https://t.co/OFzYX9OJYi?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1416231335585255424", "text": " NEW: CVE-2021-33746 Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33754, CVE-2021-33780, CVE-2021-34494, CVE-2021-34525. Severity: HIGH https://t.co/OFzYX9OJYi?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1417190217119899651", "text": " NEW: CVE-2021-34494 Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33746, CVE-2021-33754, CVE-2021-33780, CVE-2021-34525. Severity: HIGH https://t.co/hiuH2U1tHA?amp=1"}, {"link": "https://twitter.com/WolfgangSesin/status/1417829276024549379", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (CVE-2021-34494 (windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)) has been published on https://t.co/Z7LwSkvw0j?amp=1"}, {"link": "https://twitter.com/www_sesin_at/status/1417829290868199427", "text": "New post from https://t.co/9KYxtdZjkl?amp=1 (CVE-2021-34494 (windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)) has been published on https://t.co/k58kqhXpL7?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1418224585351196679", "text": " NEW: CVE-2021-34525 Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33746, CVE-2021-33754, CVE-2021-33780, CVE-2021-34494. Severity: HIGH https://t.co/kdE7TDVzzt?amp=1"}], "modified": "2021-07-20T07:49:23"}, "vulnersScore": 3.6}, "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:-"], "affectedSoftware": [{"cpeName": "microsoft:windows_server_2008", "name": "microsoft windows server 2008", "operator": "eq", "version": "r2"}, {"cpeName": "microsoft:windows_server_2019", "name": "microsoft windows server 2019", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_server_2012", "name": "microsoft windows server 2012", "operator": "eq", "version": "r2"}, {"cpeName": "microsoft:windows_server_2008", "name": "microsoft windows server 2008", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_server_2016", "name": "microsoft windows server 2016", "operator": "eq", "version": "2004"}, {"cpeName": "microsoft:windows_server_2012", "name": "microsoft windows server 2012", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_server_2016", "name": "microsoft windows server 2016", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_server_2016", "name": "microsoft windows server 2016", "operator": "eq", "version": "20h2"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34494", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34494"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*"], "cwe": ["NVD-CWE-noinfo"], "scheme": null}
{"mscve": [{"lastseen": "2021-08-01T04:40:20", "description": "Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33746, CVE-2021-33754, CVE-2021-33780, CVE-2021-34525. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-13T07:00:00", "type": "mscve", "title": "Windows DNS Server Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34494"], "modified": "2021-07-13T07:00:00", "id": "MS:CVE-2021-34494", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34494", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "krebs": [{"lastseen": "2021-07-28T14:33:34", "description": "\n\n**Microsoft** today released updates to patch at least 116 security holes in its **Windows** operating systems and related software. At least four of the vulnerabilities addressed today are under active attack, according to Microsoft.\n\nThirteen of the security bugs quashed in this month's release earned Microsoft's most-dire "critical" rating, meaning they can be exploited by malware or miscreants to seize remote control over a vulnerable system without any help from users.\n\nAnother 103 of the security holes patched this month were flagged as "important," which Microsoft assigns to vulnerabilities "whose exploitation could result in compromise of the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources."\n\nAmong the critical bugs is of course the official fix for the **PrintNightmare** print spooler flaw in most versions of Windows ([CVE-2021-34527](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34527>)) that prompted Microsoft [to rush out a patch for a week ago](<https://krebsonsecurity.com/2021/07/microsoft-issues-emergency-patch-for-windows-flaw/>) in response to exploit code for the flaw that got accidentally published online. That patch seems to have caused a number of problems for Windows users. Here's hoping the updated fix resolves some of those issues for readers who've been holding out.\n\n[CVE-2021-34448](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34448>) is a critical remote code execution vulnerability in the scripting engine built into every supported version of Windows -- including server versions. Microsoft says this flaw is being exploited in the wild.\n\nBoth [CVE-2021-33771](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33771>) and [CVE-2021-31979](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31979>) are elevation of privilege flaws in the Windows kernel. Both are seeing active exploitation, according to Microsoft.\n\n**Chad McNaughton**, technical community manager at **Automox**, called attention to [CVE-2021-34458](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34458>), a remote code execution flaw in the deepest areas of the operating system. McNaughton said this vulnerability is likely to be exploited because it is a "low-complexity vulnerability requiring low privileges and no user interaction."\n\nAnother concerning critical vulnerability in the July batch is [CVE-2021-34494](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34494>), a dangerous bug in the Windows DNS Server.\n\n"Both core and full installations are affected back to Windows Server 2008, including versions 2004 and 20H2," said **Aleks Haugom**, also with Automox.\n\n"DNS is used to translate IP addresses to more human-friendly names, so you don\u2019t have to remember the jumble of numbers that represents your favorite social media site," Haugom said. "In a Windows Domain environment, Windows DNS Server is critical to business operations and often installed on the domain controller. This vulnerability could be particularly dangerous if not patched promptly."\n\nMicrosoft also patched six vulnerabilities in **Exchange Server**, an email product that has been under siege all year from attackers. **Satnam Narang**, staff research engineer at **Tenable**, noted that while Microsoft says two of the Exchange bugs tackled this month ([CVE-2021-34473](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34473>) and [CVE-2021-34523](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34523>)) were addressed as part of its security updates from April 2021, both CVEs were somehow omitted from that April release. Translation: If you already applied the bevy of Exchange updates Microsoft made available in April, your Exchange systems have protection against these flaws.\n\nOther products that got patches today include **Microsoft Office**, **Bing**, **SharePoint Server**, **Internet Explorer**, and **Visual Studio**. The **SANS Internet Storm Center** as always has [a nice visual breakdown of all the patches by severity](<https://isc.sans.org/forums/diary/Microsoft+July+2021+Patch+Tuesday/27628/>).\n\n**Adobe** also [issued security updates today](<https://helpx.adobe.com/security.html>) for **Adobe Acrobat** and **Reader**, as well as **Dimension**, **Illustrator**, Framemaker and Adobe Bridge.\n\n**Chrome** and **Firefox** also recently have shipped important security updates, so if you haven't done so recently take a moment to save your tabs/work, completely close out and restart the browser, which should apply any pending updates.\n\nThe usual disclaimer:\n\nBefore you update with this month\u2019s patch batch, please make sure you have backed up your system and/or important files. It\u2019s not uncommon for Windows updates to hose one\u2019s system or prevent it from booting properly, and some updates even have been known to erase or corrupt files.\n\nSo do yourself a favor and backup _before_ installing any patches. Windows 10 even has [some built-in tools](<https://lifehacker.com/how-to-back-up-your-computer-automatically-with-windows-1762867473>) to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.\n\nAnd if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, see [this guide](<https://www.computerworld.com/article/3543189/check-to-make-sure-you-have-windows-updates-paused.html>).\n\nAs always, if you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there\u2019s a better-than-even chance other readers have experienced the same and may chime in here with some helpful tips. Also, check out [AskWoody](<https://www.askwoody.com/>), which keeps a close eye out for specific patches that may be causing problems for users.", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.9, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-07-13T21:41:47", "type": "krebs", "title": "Microsoft Patch Tuesday, July 2021 Edition", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34494", "CVE-2021-34473", "CVE-2021-33771", "CVE-2021-34448", "CVE-2021-34523", "CVE-2021-34458", "CVE-2021-34527", "CVE-2021-31979"], "modified": "2021-07-13T21:41:47", "id": "KREBS:831FD0B726B800B2995A68BA50BD8BE3", "href": "https://krebsonsecurity.com/2021/07/microsoft-patch-tuesday-july-2021-edition/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "qualysblog": [{"lastseen": "2021-07-28T14:34:25", "description": "### Microsoft Patch Tuesday \u2013 July 2021\n\nMicrosoft patched 117 vulnerabilities in their July 2021 Patch Tuesday release, and 13 of them are rated as critical severity.\n\n### Critical Microsoft Vulnerabilities Patched\n\n[CVE-2021-34448](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34448>) \u2013 Scripting Engine Memory Corruption Vulnerability\n\nThis is being actively exploited. The vulnerability allows an attacker to execute malicious code on a compromised website if a user browses to a specially crafted file on the website. The vendor has assigned a CVSSv3 base score of 6.8 and should be prioritized for patching.\n\n[CVE-2021-34494](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34494>) - Windows DNS Server Remote Code Execution Vulnerability\n\nMicrosoft released patches addressing a critical RCE vulnerability in Windows DNS Server (CVE-2021-34494). This CVE has a high likelihood of exploitability and is assigned a CVSSv3 base score of 8.8 by the vendor. This is only exploitable to DNS servers only; however, it could allow remote code execution without user interaction.\n\n[CVE-2021-33780](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33780>) - Windows DNS Server Remote Code Execution Vulnerability\n\nMicrosoft released patches addressing a critical RCE vulnerability in DNS Server (CVE-2021-33780). This CVE has a high likelihood of exploitability and is assigned a CVSSv3 base score of 8.8 by the vendor.\n\n[CVE-2021-31979](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31979>) - Windows Kernel Elevation of Privilege Vulnerability\n\nThis has been actively exploited and is assigned a CVSSv3 base score of 7.2 by the vendor. This should be prioritized for patching.\n\n[CVE-2021-34489](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34489>) \u2013 DirectWrite Remote Code Execution Vulnerability\n\nThe vulnerability allows an attacker to host a website that contains a specially crafted file designed to exploit the vulnerability. The vendor has assigned a CVSSv3 base score of 7.8 and should be prioritized for patching.\n\n**CVE-2021-34467, CVE-2021-34468** \u2013 Microsoft SharePoint Server Remote Code Execution Vulnerability\n\nMicrosoft released patches addressing critical RCE vulnerabilities in SharePoint Server (CVE-2021-34467, CVE-2021-34468). These CVEs have a high likelihood of exploitability and are assigned a CVSSv3 base score of 7.1 by the vendor. Along with these patches, CVE-2021-34520 should be prioritized for patching.\n\n[CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>) \u2013 Windows Print Spooler Remote Code Execution Vulnerability\n\nThis Patch Tuesday follows out-of-band updates released to fix remote code execution affecting Windows Print Spooler vulnerability, popularly known as PrintNightmare. While Microsoft had released updates to fix PrintNightmare vulnerability, it is important to ensure necessary configurations are set correctly. We also published a blog post on [how to remediate PrintNightmare using Qualys VMDR](<https://blog.qualys.com/vulnerabilities-threat-research/2021/07/07/microsoft-windows-print-spooler-rce-vulnerability-printnightmare-cve-2021-34527-automatically-discover-prioritize-and-remediate-using-qualys-vmdr>).\n\n### Adobe Patch Tuesday \u2013 July 2021\n\nAdobe addressed 26 CVEs this Patch Tuesday, and 22 of them are rated as critical severity impacting Acrobat and Reader, Adobe Framemaker, Illustrator, Dimension, and Adobe Bridge products.\n\n### Discover Patch Tuesday Vulnerabilities in VMDR\n\n[Qualys VMDR](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) automatically detects new Patch Tuesday vulnerabilities using continuous updates to its Knowledge Base (KB).\n\nYou can see all your impacted hosts by these vulnerabilities using the following QQL query:\n\n`vulnerabilities.vulnerability:(qid:`50112` OR qid:`50113` OR qid:`91787` OR qid:`91788` OR qid:`91789` OR qid:`91790` OR qid:`91791` OR qid:`91792` OR qid:`91793` OR qid:`91794` OR qid:`91795` OR qid:`110386` OR qid:`110387` OR qid:`375700` OR qid:`375706` OR qid:`375707` OR qid:`375708` OR qid:`375713` OR qid:`375714` OR qid:`375715`)` \n\n\n\n### Respond by Patching\n\nVMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches in one go.\n\nThe following QQL will return the missing patches pertaining to this Patch Tuesday:\n\n`(qid:`50112` OR qid:`50113` OR qid:`91787` OR qid:`91788` OR qid:`91789` OR qid:`91790` OR qid:`91791` OR qid:`91792` OR qid:`91793` OR qid:`91794` OR qid:`91795` OR qid:`110386` OR qid:`110387` OR qid:`375700` OR qid:`375706` OR qid:`375707` OR qid:`375708` OR qid:`375713` OR qid:`375714` OR qid:`375715`)` \n\n\n\n### Patch Tuesday Dashboard\n\nThe current updated Patch Tuesday dashboards are available in [Dashboard Toolbox: 2021 Patch Tuesday Dashboard](<https://success.qualys.com/discussions/s/article/000006505>).\n\n### Webinar Series: This Month in Vulnerabilities and Patches\n\nTo help customers leverage the seamless integration between Qualys VMDR and Patch Management and reduce the median time to remediate critical vulnerabilities, the Qualys Research team is hosting a monthly webinar series [_This Month in Vulnerabilities and Patches_](<https://www.brighttalk.com/webcast/11673/494962>).\n\nWe discuss some of the key vulnerabilities disclosed in the past month and how to patch them:\n\n * Windows Print Spooler RCE Vulnerability\n * Kaseya Multiple Zero-Day Vulnerabilities\n * Sonicwall Buffer Overflow Vulnerability\n * Microsoft Patch Tuesday, July 2021\n * Adobe Patch Tuesday, July 2021\n\n[Join us live or watch on demand!](<https://www.brighttalk.com/webcast/11673/494962>)\n\n[](<https://www.brighttalk.com/webcast/11673/494962>)Webinar July 15, 2021 or on demand.\n\n### About Patch Tuesday\n\nPatch Tuesday QIDs are published at [Security Alerts](<https://www.qualys.com/research/security-alerts/>), typically late in the evening of [Patch Tuesday](<https://blog.qualys.com/tag/patch-tuesday>), followed shortly after by [PT dashboards](<https://success.qualys.com/discussions/s/article/000006505>).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-13T19:49:37", "type": "qualysblog", "title": "Microsoft and Adobe Patch Tuesday (July 2021) \u2013 Microsoft 117 Vulnerabilities with 13 Critical, Adobe 26 Vulnerabilities", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34494", "CVE-2021-34448", "CVE-2021-34489", "CVE-2021-34467", "CVE-2021-34468", "CVE-2021-34520", "CVE-2021-34527", "CVE-2021-33780", "CVE-2021-31979"], "modified": "2021-07-13T19:49:37", "id": "QUALYSBLOG:12BC089A56EB28CFD168EC09B070733D", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "avleonov": [{"lastseen": "2021-07-28T14:34:07", "description": "Hello everyone! For the past 9 months, I've been doing Microsoft Patch Tuesday reviews quarterly. Now I think it would be better to review the July Patch Tuesday while the topic is still fresh. And that will save us some time in the next Last Week\u2019s Security news episode. So, July Patch Tuesday, 116 vulnerabilities.\n\nThe 2 most critical are the Windows Kernel Elevation of Privilege Vulnerabilities (CVE-2021-31979, CVE-2021-33771). These vulnerabilities are critical because they are used in real attacks according to Microsoft\u2019s Threat Intelligence Center and Security Response Center. Tenable: "A local, authenticated attacker could exploit these vulnerabilities to run processes with elevated permissions. Similar zero-day vulnerabilities were patched in April 2020, which were observed under active exploitation by Google Project Zero."\n\nAnother vulnerability with a sign of exploitation in the wild is Scripting Engine Memory Corruption Vulnerability (CVE-2021-34448). ZDI: "The vulnerability allows an attacker to execute their code on an affected system if a user browses to a specially crafted website. The code execution would occur at the logged-on user level. This is also a case where CVSS doesn\u2019t quite offer a true glimpse of the threat. Microsoft lists the attack complexity as high, which knocks this from a high severity (>8) to a medium severity (6.8). However, if there are already active attacks, does complexity matter? Regardless, treat this as critical since it could allow code execution on every supported version of Windows."\n\nA rare Windows Kernel Remote Code Execution Vulnerability (CVE-2021-34458). ZDI "This bug impacts systems hosting virtual machines with single root input/output virtualization (SR-IOV) devices. It\u2019s not clear how widespread this configuration is, but considering this bug rates as a CVSS 9.9, it\u2019s not one to ignore. If you have virtual machines in your environment, test and patch quickly."\n\nNext most critical 3 Remote Code Executions in Windows DNS Server (CVE-2021-33780, CVE-2021-34494, CVE-2021-34525). User interaction is not required for the exploitation. Tenable: "Based on the scores provided, exploitation of these flaws would require a low privileged account, presumably with the ability to send crafted DNS requests across the network, to target an affected DNS Server."\n\nRCE in Microsoft Exchange Server (CVE-2021-31206). It was disclosed during the last Pwn2Own contest. Nothing else is known about it. It is not yet clear whether this will be the second ProxyLogon. And there's a funny thing about Exchange as well. ZDI: "The real surprise in this month\u2019s Exchange patches are the three bugs patched in April but not documented until today." So, you understand, right? You are trying to figure out, based on the analysis of the CVE list, whether it is worth installing a particular patch. But it turns out that the information about what exactly fixes this patch is incomplete. Therefore, if possible, just install all patches regularly, rather than trying to choose what to install and what not.\n\nAnd finally \u201cExploitation Less Likely\u201d RCE vulnerability in Windows Hyper-V (CVE-2021-34450). Tenable: "It would allow an attacker who is authenticated to a guest virtual machine (VM) to send crafted requests to execute arbitrary code on the host machine (\u2026) it is important to consider that malware variants commonly look to escape VMs and infect the host machine".\n\nFull Vulristics report [ms_patch_tuesday_july2021_report_avleonov_comments](<https://avleonov.com/vulristics_reports/ms_patch_tuesday_july2021_report_avleonov_comments.html>)\n\n", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.9, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-07-14T21:00:27", "type": "avleonov", "title": "Vulristics Microsoft Patch Tuesday July 2021: Zero-days EoP in Kernel and RCE in Scripting Engine, RCEs in Kernel, DNS Server, Exchange and Hyper-V", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34494", "CVE-2021-33771", "CVE-2021-34448", "CVE-2021-34458", "CVE-2021-31206", "CVE-2021-34450", "CVE-2021-34525", "CVE-2021-33780", "CVE-2021-31979"], "modified": "2021-07-14T21:00:27", "id": "AVLEONOV:BAA1E4E49B508F98138C7EBA9B9C07E6", "href": "http://feedproxy.google.com/~r/avleonov/~3/fnpS1VKtsh0/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "malwarebytes": [{"lastseen": "2021-07-20T08:33:57", "description": "The list of July 2021 Patch Tuesday updates looks endless. 117 patches with no less than 42 CVEs assigned to them that have FAQs, mitigations details or workarounds listed for them. Looking at the urgency levels Microsoft has assigned to them, system administrators have their work cut out for them once again:\n\n * 13 criticial patches\n * 103 important patches\n\nYou can find the list of CVEs that have FAQs, mitigations, or workarounds on the Microsoft [July release notes](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Jul>) page.\n\nSix vulnerabilities were previously disclosed and four are being exploited in-the-wild, according to Microsoft. One of those CVE\u2019s is a familiar one, [2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>) aka the anyone-can-run-code-as-domain-admin RCE known as [PrintNightmare](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/07/printnightmare-0-day-can-be-used-to-take-over-windows-domain-controllers/>). Microsoft issued out-of-band patches for that vulnerability a week ago, but those were [not as comprehensive](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/07/patch-now-emergency-fix-for-printnightmare-released-by-microsoft/>) as one might have hoped. \n\nSince then, the Cybersecurity and Infrastructure Security Agency\u2019s (CISA) has issued [Emergency Directive 21-04](<https://cyber.dhs.gov/ed/21-04/>), \u201cMitigate Windows Print Spooler Service Vulnerability\u201d because it is aware of active exploitation, by multiple threat actors, of the PrintNightmare vulnerability. These directive list required actions for all Federal Civilian Executive Branch agencies.\n\n### Priorities\n\nBesides the ongoing PrintNightmare, er, nightmare, there are some others that deserve your undivided attention. Vulnerabilities being exploited in the wild, besides PrintNightmare, are:\n\n * [CVE-2021-34448](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34448>) Scripting Engine Memory Corruption Vulnerability for Windows Server 2012 R2 and Windows 10.\n * [CVE-2021-33771](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33771>) Windows Kernel Elevation of Privilege Vulnerability for Windows Server 2012, Server 2016, Windows 8.1, and Windows 10.\n * [CVE-2021-31979](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31979>) Windows Kernel Elevation of Privilege Vulnerability for Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, Windows Server 2016, and Windows Server 2019.\n\nOther vulnerabilities that are not seen exploited in the wild yet, but are likely candidates to make that list soon:\n\n * [CVE-2021-34458](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34458>) Windows Kernel Remote Code Execution Vulnerability for some Windows Server versions, if the system is hosting virtual machines, or the Server includes hardware with SR-IOV devices.\n * [CVE-2021-34494](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34494>) Windows DNS Server Remote Code Execution Vulnerability for Windows Server versions if the server is configured to be a DNS server.\n\n### Exchange Server\n\nAnother ongoing effort to patch vulnerable systems has to do with Microsoft Exchange Server. Flaws that were actually already [patched in April](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/03/patch-now-exchange-servers-attacked-by-hafnium-zero-days/>) have now been assigned new CVE numbers [CVE-2021-34473](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34473>) (Microsoft Exchange Server Remote Code Execution Vulnerability) and [CVE-2021-34523](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34523>) (Microsoft Exchange Server Elevation of Privilege Vulnerability). As you may remember this combo of elevation of privilege (EOP) and remote code execution (RCE) caused quite the [panic](<https://blog.malwarebytes.com/malwarebytes-news/2021/03/microsoft-exchange-attacks-cause-panic-as-criminals-go-shell-collecting/>) when attackers started using the Exchange bugs to access vulnerable servers before establishing web shells to gain persistence and steal information.\n\nIf you applied the patches in April, you are already protected. If you didn\u2019t, move them to the top of your to-do-list.\n\n### Windows Media Foundation\n\nTwo other critical vulnerabilities, and one considered important, were found in Microsoft Windows Media Foundation. Microsoft Media Foundation enables the development of applications and components for using digital media on Windows Vista and later. If you do have this multimedia platform installed on your system you are advised to apply the patches, but note that many of them include the [Flash](<https://blog.malwarebytes.com/awareness/2021/01/adobe-flash-player-reaches-end-of-life/>) Removal Package. So do the patches for [CVE-2021-34497](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34497>) a critical Windows MSHTML Platform RCE vulnerability.\n\nStay safe, everyone!\n\nThe post [Four in-the-wild exploits, 13 critical patches headline bumper Patch Tuesday](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/07/four-in-the-wild-exploits-13-critical-patches-headline-bumper-patch-tuesday/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-14T11:56:06", "type": "malwarebytes", "title": "Four in-the-wild exploits, 13 critical patches headline bumper Patch Tuesday", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31979", "CVE-2021-33771", "CVE-2021-34448", "CVE-2021-34458", "CVE-2021-34473", "CVE-2021-34494", "CVE-2021-34497", "CVE-2021-34523", "CVE-2021-34527"], "modified": "2021-07-14T11:56:06", "id": "MALWAREBYTES:42218FB85F05643E0B2C2C7D259EFEB5", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/07/four-in-the-wild-exploits-13-critical-patches-headline-bumper-patch-tuesday/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2021-07-17T12:33:10", "bulletinFamily": "info", "cvelist": ["CVE-2021-31979", "CVE-2021-33771", "CVE-2021-33779", "CVE-2021-33781", "CVE-2021-34448", "CVE-2021-34458", "CVE-2021-34466", "CVE-2021-34473", "CVE-2021-34492", "CVE-2021-34494", "CVE-2021-34523", "CVE-2021-34527"], "description": "[](<https://thehackernews.com/images/-aVEUxlp9r9o/YO5q47NA_bI/AAAAAAAADL4/tkntZNY2smU5FPaAkTU1qBYUg8VPhp8NACLcBGAsYHQ/s0/windows-update-download.jpg>)\n\nMicrosoft rolled out [Patch Tuesday updates](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Jul>) for the month of July with fixes for a total of 117 security vulnerabilities, including nine zero-day flaws, of which four are said to be under active attacks in the wild, potentially enabling an adversary to take control of affected systems. \n\nOf the 117 issues, 13 are rated Critical, 103 are rated Important, and one is rated as Moderate in severity, with six of these bugs publicly known at the time of release. \n\nThe updates span across several of Microsoft's products, including Windows, Bing, Dynamics, Exchange Server, Office, Scripting Engine, Windows DNS, and Visual Studio Code. July also marks a dramatic jump in the volume of vulnerabilities, surpassing the number Microsoft collectively addressed as part of its updates in [May](<https://thehackernews.com/2021/05/latest-microsoft-windows-updates-patch.html>) (55) and [June](<https://thehackernews.com/2021/06/update-your-windows-computers-to-patch.html>) (50).\n\n[](<https://go.thn.li/1-free-300-8> \"Stack Overflow Teams\" )\n\nChief among the security flaws actively exploited are as follows \u2014\n\n * **CVE-2021-34527** (CVSS score: 8.8) - Windows Print Spooler Remote Code Execution Vulnerability (publicly disclosed as \"[PrintNightmare](<https://thehackernews.com/2021/07/microsofts-emergency-patch-fails-to.html>)\")\n * **CVE-2021-31979** (CVSS score: 7.8) - Windows Kernel Elevation of Privilege Vulnerability\n * **CVE-2021-33771** (CVSS score: 7.8) - Windows Kernel Elevation of Privilege Vulnerability\n * **CVE-2021-34448** (CVSS score: 6.8) - Scripting Engine Memory Corruption Vulnerability\n\nMicrosoft also stressed the high attack complexity of CVE-2021-34448, specifically stating that the attacks hinge on the possibility of luring an unsuspecting user into clicking on a link that leads to a malicious website hosted by the adversary and contains a specially-crafted file that's engineered to trigger the vulnerability.\n\nThe other five publicly disclosed, but not exploited, zero-day vulnerabilities are listed below \u2014\n\n * **CVE-2021-34473** (CVSS score: 9.1) - Microsoft Exchange Server Remote Code Execution Vulnerability\n * **CVE-2021-34523** (CVSS score: 9.0) - Microsoft Exchange Server Elevation of Privilege Vulnerability\n * **CVE-2021-33781** (CVSS score: 8.1) - Active Directory Security Feature Bypass Vulnerability\n * **CVE-2021-33779** (CVSS score: 8.1) - Windows ADFS Security Feature Bypass Vulnerability\n * **CVE-2021-34492** (CVSS score: 8.1) - Windows Certificate Spoofing Vulnerability\n\n\"This Patch Tuesday comes just days after out-of-band updates were released to address PrintNightmare \u2014 the critical flaw in the Windows Print Spooler service that was found in all versions of Windows,\" Bharat Jogi, senior manager of vulnerability and threat research at Qualys, told The Hacker News.\n\n\"While MSFT has released updates to fix the vulnerability, users must still ensure that necessary configurations are set up correctly. Systems with misconfigurations will continue to be at risk of exploitation, even after the latest patch has been applied. PrintNightmare was a highly serious issue that further underscores the importance of marrying detection and remediation,\" Jogi added.\n\nThe PrintNightmare vulnerability has also prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to [release an emergency directive](<https://us-cert.cisa.gov/ncas/current-activity/2021/07/13/cisa-issues-emergency-directive-microsoft-windows-print-spooler>), urging federal departments and agencies to apply the latest security updates immediately and disable the print spooler service on servers on Microsoft Active Directory Domain Controllers.\n\n[](<https://go.thn.li/ransomware_728> \"Prevent Ransomware Attacks\" )\n\nAdditionally, Microsoft also rectified a security bypass vulnerability in Windows Hello biometrics-based authentication solution ([CVE-2021-34466](<https://www.cyberark.com/resources/threat-research-blog/bypassing-windows-hello-without-masks-or-plastic-surgery>), CVSS score: 5.7) that could permit an adversary to spoof a target's face and get around the login screen.\n\nOther critical flaws remediated by Microsoft include remote code execution vulnerabilities affecting Windows DNS Server (CVE-2021-34494, CVSS score 8.8) and Windows Kernel (CVE-2021-34458), the latter of which is rated 9.9 on the CVSS severity scale.\n\n\"This issue allows a single root input/output virtualization (SR-IOV) device which is assigned to a guest to potentially interfere with its Peripheral Component Interface Express (PCIe) siblings which are attached to other guests or to the root,\" Microsoft noted in its advisory for CVE-2021-34458, adding Windows instances hosting virtual machines are vulnerable to this flaw.\n\nTo install the latest security updates, Windows users can head to Start > Settings > Update & Security > Windows Update or by selecting Check for Windows updates.\n\n### Software Patches From Other Vendors\n\nAlongside Microsoft, patches have also been released by a number of other vendors to address several vulnerabilities, including \u2014\n\n * [Adobe](<https://helpx.adobe.com/security.html/security/security-bulletin.ug.html>)\n * [Android](<https://source.android.com/security/bulletin/2021-07-01>)\n * [Apache Tomcat](<https://mail-archives.us.apache.org/mod_mbox/www-announce/202107.mbox/%3Cd050b202-b64e-bc6f-a630-2dd83202f23a%40apache.org%3E>)\n * [Cisco](<https://tools.cisco.com/security/center/publicationListing.x>)\n * [Citrix](<https://support.citrix.com/article/CTX319750>)\n * [Juniper Networks](<https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11180&cat=SIRT_1&actp=LIST>)\n * Linux distributions [SUSE](<https://lists.suse.com/pipermail/sle-security-updates/2021-July/thread.html>), [Oracle Linux](<https://linux.oracle.com/ords/f?p=105:21>), and [Red Hat](<https://access.redhat.com/security/security-updates/#/security-advisories?q=&p=2&sort=portal_publication_date%20desc&rows=10&portal_advisory_type=Security%20Advisory&documentKind=Errata>)\n * [SAP](<https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506>)\n * [Schneider Electric](<https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp>)\n * [Siemens](<https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications>), and\n * [VMware](<https://www.vmware.com/security/advisories.html>)\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "modified": "2021-07-17T11:52:45", "published": "2021-07-14T05:03:00", "id": "THN:9FD8A70F9C17C3AF089A104965E48C95", "href": "https://thehackernews.com/2021/07/update-your-windows-pcs-to-patch-117.html", "type": "thn", "title": "Update Your Windows PCs to Patch 117 New Flaws, Including 9 Zero-Days", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-07-29T03:55:22", "description": "The remote Windows host is missing security update 5004305. It is, therefore, affected by multiple vulnerabilities.", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-13T00:00:00", "title": "KB5004305: Windows Server 2008 Security Update (July 2021)", "type": "nessus", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-33746", "CVE-2021-34500", "CVE-2021-33786", "CVE-2021-34446", "CVE-2021-34476", "CVE-2021-33782", "CVE-2021-34494", "CVE-2021-33752", "CVE-2021-33749", "CVE-2021-34444", "CVE-2021-33765", "CVE-2021-34441", "CVE-2021-34504", "CVE-2021-34511", "CVE-2021-33764", "CVE-2021-31183", "CVE-2021-33783", "CVE-2021-34498", "CVE-2021-34447", "CVE-2021-33756", "CVE-2021-34440", "CVE-2021-33754", "CVE-2021-34507", "CVE-2021-33750", "CVE-2021-34499", "CVE-2021-33757", "CVE-2021-34496", "CVE-2021-34497", "CVE-2021-34457", "CVE-2021-33745", "CVE-2021-34492", "CVE-2021-33788", "CVE-2021-34516", "CVE-2021-34442", "CVE-2021-34514", "CVE-2021-33780", "CVE-2021-31979"], "modified": "2021-07-13T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_JUL_5004305.NASL", "href": "https://www.tenable.com/plugins/nessus/151601", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151601);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/26\");\n\n script_cve_id(\n \"CVE-2021-31183\",\n \"CVE-2021-31979\",\n \"CVE-2021-33745\",\n \"CVE-2021-33746\",\n \"CVE-2021-33749\",\n \"CVE-2021-33750\",\n \"CVE-2021-33752\",\n \"CVE-2021-33754\",\n \"CVE-2021-33756\",\n \"CVE-2021-33757\",\n \"CVE-2021-33764\",\n \"CVE-2021-33765\",\n \"CVE-2021-33780\",\n \"CVE-2021-33782\",\n \"CVE-2021-33783\",\n \"CVE-2021-33786\",\n \"CVE-2021-33788\",\n \"CVE-2021-34440\",\n \"CVE-2021-34441\",\n \"CVE-2021-34442\",\n \"CVE-2021-34444\",\n \"CVE-2021-34446\",\n \"CVE-2021-34447\",\n \"CVE-2021-34457\",\n \"CVE-2021-34476\",\n \"CVE-2021-34492\",\n \"CVE-2021-34494\",\n \"CVE-2021-34496\",\n \"CVE-2021-34497\",\n \"CVE-2021-34498\",\n \"CVE-2021-34499\",\n \"CVE-2021-34500\",\n \"CVE-2021-34504\",\n \"CVE-2021-34507\",\n \"CVE-2021-34511\",\n \"CVE-2021-34514\",\n \"CVE-2021-34516\"\n );\n script_xref(name:\"MSKB\", value:\"5004299\");\n script_xref(name:\"MSFT\", value:\"MS21-5004299\");\n script_xref(name:\"MSKB\", value:\"5004305\");\n script_xref(name:\"MSFT\", value:\"MS21-5004305\");\n script_xref(name:\"IAVA\", value:\"2021-A-0319\");\n script_xref(name:\"IAVA\", value:\"2021-A-0318\");\n\n script_name(english:\"KB5004305: Windows Server 2008 Security Update (July 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5004305. It is, therefore, affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update 5004305\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-33757\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-07';\nkbs = make_list(\n '5004299',\n '5004305'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.0', \n sp:2,\n rollup_date:'07_2021',\n bulletin:bulletin,\n rollup_kb_list:[5004299, 5004305])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-29T03:55:25", "description": "The remote Windows host is missing security update 5004307. It is, therefore, affected by multiple vulnerabilities.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-13T00:00:00", "title": "KB5004307: Windows 7 and Windows Server 2008 R2 Security Update (July 2021)", "type": "nessus", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-33746", "CVE-2021-34500", "CVE-2021-33786", "CVE-2021-34446", "CVE-2021-34476", "CVE-2021-33782", "CVE-2021-34494", "CVE-2021-33752", "CVE-2021-33749", "CVE-2021-34444", "CVE-2021-33765", "CVE-2021-34441", "CVE-2021-34504", "CVE-2021-34511", "CVE-2021-33764", "CVE-2021-31183", "CVE-2021-33783", "CVE-2021-34448", "CVE-2021-34498", "CVE-2021-34447", "CVE-2021-33756", "CVE-2021-34440", "CVE-2021-34456", "CVE-2021-33754", "CVE-2021-34507", "CVE-2021-33750", "CVE-2021-34499", "CVE-2021-33757", "CVE-2021-34496", "CVE-2021-34497", "CVE-2021-34457", "CVE-2021-33745", "CVE-2021-34492", "CVE-2021-33788", "CVE-2021-34516", "CVE-2021-34442", "CVE-2021-34514", "CVE-2021-33780", "CVE-2021-31979"], "modified": "2021-07-13T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_JUL_5004307.NASL", "href": "https://www.tenable.com/plugins/nessus/151611", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151611);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/27\");\n\n script_cve_id(\n \"CVE-2021-31183\",\n \"CVE-2021-31979\",\n \"CVE-2021-33745\",\n \"CVE-2021-33746\",\n \"CVE-2021-33749\",\n \"CVE-2021-33750\",\n \"CVE-2021-33752\",\n \"CVE-2021-33754\",\n \"CVE-2021-33756\",\n \"CVE-2021-33757\",\n \"CVE-2021-33764\",\n \"CVE-2021-33765\",\n \"CVE-2021-33780\",\n \"CVE-2021-33782\",\n \"CVE-2021-33783\",\n \"CVE-2021-33786\",\n \"CVE-2021-33788\",\n \"CVE-2021-34440\",\n \"CVE-2021-34441\",\n \"CVE-2021-34442\",\n \"CVE-2021-34444\",\n \"CVE-2021-34446\",\n \"CVE-2021-34447\",\n \"CVE-2021-34448\",\n \"CVE-2021-34456\",\n \"CVE-2021-34457\",\n \"CVE-2021-34476\",\n \"CVE-2021-34492\",\n \"CVE-2021-34494\",\n \"CVE-2021-34496\",\n \"CVE-2021-34497\",\n \"CVE-2021-34498\",\n \"CVE-2021-34499\",\n \"CVE-2021-34500\",\n \"CVE-2021-34504\",\n \"CVE-2021-34507\",\n \"CVE-2021-34511\",\n \"CVE-2021-34514\",\n \"CVE-2021-34516\"\n );\n script_xref(name:\"MSKB\", value:\"5004289\");\n script_xref(name:\"MSKB\", value:\"5004307\");\n script_xref(name:\"MSFT\", value:\"MS21-5004289\");\n script_xref(name:\"MSFT\", value:\"MS21-5004307\");\n script_xref(name:\"IAVA\", value:\"2021-A-0319\");\n script_xref(name:\"IAVA\", value:\"2021-A-0318\");\n\n script_name(english:\"KB5004307: Windows 7 and Windows Server 2008 R2 Security Update (July 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5004307. It is, therefore, affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5004307\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34448\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nvar bulletin = 'MS21-07';\nvar kbs = make_list(\n '5004307',\n '5004289'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nvar share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.1', \n sp:1,\n rollup_date:'07_2021',\n bulletin:bulletin,\n rollup_kb_list:[5004307, 5004289])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-29T03:55:22", "description": "The remote Windows host is missing security update 5004302. It is, therefore, affected by multiple vulnerabilities.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-13T00:00:00", "title": "KB5004302: Windows Server 2012 Security Update (July 2021)", "type": "nessus", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-33746", "CVE-2021-34500", "CVE-2021-33786", "CVE-2021-34446", "CVE-2021-34476", "CVE-2021-33782", "CVE-2021-34494", "CVE-2021-33752", "CVE-2021-33749", "CVE-2021-34444", "CVE-2021-33765", "CVE-2021-34441", "CVE-2021-34504", "CVE-2021-34511", "CVE-2021-33764", "CVE-2021-31183", "CVE-2021-33783", "CVE-2021-34448", "CVE-2021-34455", "CVE-2021-34498", "CVE-2021-34447", "CVE-2021-33756", "CVE-2021-34440", "CVE-2021-34456", "CVE-2021-33754", "CVE-2021-34507", "CVE-2021-34460", "CVE-2021-33750", "CVE-2021-34499", "CVE-2021-33757", "CVE-2021-34496", "CVE-2021-34497", "CVE-2021-34457", "CVE-2021-33745", "CVE-2021-34492", "CVE-2021-33788", "CVE-2021-34516", "CVE-2021-34442", "CVE-2021-33763", "CVE-2021-34514", "CVE-2021-33780", "CVE-2021-34459", "CVE-2021-31979"], "modified": "2021-07-13T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_JUL_5004294.NASL", "href": "https://www.tenable.com/plugins/nessus/151599", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151599);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/26\");\n\n script_cve_id(\n \"CVE-2021-31183\",\n \"CVE-2021-31979\",\n \"CVE-2021-33745\",\n \"CVE-2021-33746\",\n \"CVE-2021-33749\",\n \"CVE-2021-33750\",\n \"CVE-2021-33752\",\n \"CVE-2021-33754\",\n \"CVE-2021-33756\",\n \"CVE-2021-33757\",\n \"CVE-2021-33763\",\n \"CVE-2021-33764\",\n \"CVE-2021-33765\",\n \"CVE-2021-33780\",\n \"CVE-2021-33782\",\n \"CVE-2021-33783\",\n \"CVE-2021-33786\",\n \"CVE-2021-33788\",\n \"CVE-2021-34440\",\n \"CVE-2021-34441\",\n \"CVE-2021-34442\",\n \"CVE-2021-34444\",\n \"CVE-2021-34446\",\n \"CVE-2021-34447\",\n \"CVE-2021-34448\",\n \"CVE-2021-34455\",\n \"CVE-2021-34456\",\n \"CVE-2021-34457\",\n \"CVE-2021-34459\",\n \"CVE-2021-34460\",\n \"CVE-2021-34476\",\n \"CVE-2021-34492\",\n \"CVE-2021-34494\",\n \"CVE-2021-34496\",\n \"CVE-2021-34497\",\n \"CVE-2021-34498\",\n \"CVE-2021-34499\",\n \"CVE-2021-34500\",\n \"CVE-2021-34504\",\n \"CVE-2021-34507\",\n \"CVE-2021-34511\",\n \"CVE-2021-34514\",\n \"CVE-2021-34516\"\n );\n script_xref(name:\"MSKB\", value:\"5004294\");\n script_xref(name:\"MSKB\", value:\"5004302\");\n script_xref(name:\"MSFT\", value:\"MS21-5004294\");\n script_xref(name:\"MSFT\", value:\"MS21-5004302\");\n script_xref(name:\"IAVA\", value:\"2021-A-0319\");\n script_xref(name:\"IAVA\", value:\"2021-A-0318\");\n\n script_name(english:\"KB5004302: Windows Server 2012 Security Update (July 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5004302. It is, therefore, affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update 5004302\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34448\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-07';\nkbs = make_list(\n '5004302',\n '5004294'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.2', \n sp:0,\n rollup_date:'07_2021',\n bulletin:bulletin,\n rollup_kb_list:[5004302, 5004294])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-29T03:55:22", "description": "The remote Windows host is missing security update 5004298. It is, therefore, affected by multiple vulnerabilities.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-13T00:00:00", "title": "KB5004298: Windows Server 2012 R2 Security Update (July 2021)", "type": "nessus", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-33746", "CVE-2021-34500", "CVE-2021-33786", "CVE-2021-34446", "CVE-2021-34476", "CVE-2021-33773", "CVE-2021-33782", "CVE-2021-34494", "CVE-2021-33752", "CVE-2021-33749", "CVE-2021-34444", "CVE-2021-33765", "CVE-2021-33771", "CVE-2021-34454", "CVE-2021-34441", "CVE-2021-34504", "CVE-2021-33761", "CVE-2021-34511", "CVE-2021-33764", "CVE-2021-31183", "CVE-2021-33783", "CVE-2021-34448", "CVE-2021-34455", "CVE-2021-34498", "CVE-2021-34447", "CVE-2021-33756", "CVE-2021-34440", "CVE-2021-34456", "CVE-2021-33754", "CVE-2021-34507", "CVE-2021-34460", "CVE-2021-33750", "CVE-2021-34499", "CVE-2021-33757", "CVE-2021-34496", "CVE-2021-34497", "CVE-2021-34457", "CVE-2021-33745", "CVE-2021-34492", "CVE-2021-33788", "CVE-2021-34516", "CVE-2021-34442", "CVE-2021-33763", "CVE-2021-34514", "CVE-2021-34525", "CVE-2021-34491", "CVE-2021-33780", "CVE-2021-34459", "CVE-2021-31979"], "modified": "2021-07-13T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_JUL_5004298.NASL", "href": "https://www.tenable.com/plugins/nessus/151598", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151598);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/26\");\n\n script_cve_id(\n \"CVE-2021-31183\",\n \"CVE-2021-31979\",\n \"CVE-2021-33745\",\n \"CVE-2021-33746\",\n \"CVE-2021-33749\",\n \"CVE-2021-33750\",\n \"CVE-2021-33752\",\n \"CVE-2021-33754\",\n \"CVE-2021-33756\",\n \"CVE-2021-33757\",\n \"CVE-2021-33761\",\n \"CVE-2021-33763\",\n \"CVE-2021-33764\",\n \"CVE-2021-33765\",\n \"CVE-2021-33771\",\n \"CVE-2021-33773\",\n \"CVE-2021-33780\",\n \"CVE-2021-33782\",\n \"CVE-2021-33783\",\n \"CVE-2021-33786\",\n \"CVE-2021-33788\",\n \"CVE-2021-34440\",\n \"CVE-2021-34441\",\n \"CVE-2021-34442\",\n \"CVE-2021-34444\",\n \"CVE-2021-34446\",\n \"CVE-2021-34447\",\n \"CVE-2021-34448\",\n \"CVE-2021-34454\",\n \"CVE-2021-34455\",\n \"CVE-2021-34456\",\n \"CVE-2021-34457\",\n \"CVE-2021-34459\",\n \"CVE-2021-34460\",\n \"CVE-2021-34476\",\n \"CVE-2021-34491\",\n \"CVE-2021-34492\",\n \"CVE-2021-34494\",\n \"CVE-2021-34496\",\n \"CVE-2021-34497\",\n \"CVE-2021-34498\",\n \"CVE-2021-34499\",\n \"CVE-2021-34500\",\n \"CVE-2021-34504\",\n \"CVE-2021-34507\",\n \"CVE-2021-34511\",\n \"CVE-2021-34514\",\n \"CVE-2021-34516\",\n \"CVE-2021-34525\"\n );\n script_xref(name:\"MSKB\", value:\"5004298\");\n script_xref(name:\"MSFT\", value:\"MS21-5004298\");\n script_xref(name:\"MSKB\", value:\"5004285\");\n script_xref(name:\"MSFT\", value:\"MS21-5004285\");\n script_xref(name:\"IAVA\", value:\"2021-A-0319\");\n script_xref(name:\"IAVA\", value:\"2021-A-0318\");\n\n script_name(english:\"KB5004298: Windows Server 2012 R2 Security Update (July 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5004298. It is, therefore, affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update 5004298\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34448\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-07';\nkbs = make_list(\n '5004298',\n '5004285'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.3', \n sp:0,\n rollup_date:'07_2021',\n bulletin:bulletin,\n rollup_kb_list:[5004298, 5004285])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-29T03:55:20", "description": "The remote Windows host is missing security update 5004238. It is, therefore, affected by multiple vulnerabilities.", "edition": 5, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-13T00:00:00", "title": "KB5004238: Windows 10 Version 1607 / Windows Server 2016 Security Update (July 2021)", "type": "nessus", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-33746", "CVE-2021-34500", "CVE-2021-33786", "CVE-2021-34439", "CVE-2021-34446", "CVE-2021-33779", "CVE-2021-34476", "CVE-2021-33773", "CVE-2021-33782", "CVE-2021-34494", "CVE-2021-33752", "CVE-2021-33749", "CVE-2021-34444", "CVE-2021-33765", "CVE-2021-33771", "CVE-2021-34454", "CVE-2021-34441", "CVE-2021-34504", "CVE-2021-33761", "CVE-2021-34511", "CVE-2021-34509", "CVE-2021-33764", "CVE-2021-31183", "CVE-2021-33783", "CVE-2021-34462", "CVE-2021-34448", "CVE-2021-34455", "CVE-2021-34498", "CVE-2021-34447", "CVE-2021-33756", "CVE-2021-34440", "CVE-2021-34456", "CVE-2021-33754", "CVE-2021-34507", "CVE-2021-34458", "CVE-2021-34460", "CVE-2021-33750", "CVE-2021-34499", "CVE-2021-33757", "CVE-2021-34496", "CVE-2021-34497", "CVE-2021-33759", "CVE-2021-34512", "CVE-2021-34457", "CVE-2021-33745", "CVE-2021-34492", "CVE-2021-33788", "CVE-2021-34516", "CVE-2021-34493", "CVE-2021-33751", "CVE-2021-34442", "CVE-2021-33763", "CVE-2021-34514", "CVE-2021-34525", "CVE-2021-34491", "CVE-2021-33758", "CVE-2021-33780", "CVE-2021-34459", "CVE-2021-31979"], "modified": "2021-07-13T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_JUL_5004238.NASL", "href": "https://www.tenable.com/plugins/nessus/151592", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151592);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/26\");\n\n script_cve_id(\n \"CVE-2021-31183\",\n \"CVE-2021-31979\",\n \"CVE-2021-33745\",\n \"CVE-2021-33746\",\n \"CVE-2021-33749\",\n \"CVE-2021-33750\",\n \"CVE-2021-33751\",\n \"CVE-2021-33752\",\n \"CVE-2021-33754\",\n \"CVE-2021-33756\",\n \"CVE-2021-33757\",\n \"CVE-2021-33758\",\n \"CVE-2021-33759\",\n \"CVE-2021-33761\",\n \"CVE-2021-33763\",\n \"CVE-2021-33764\",\n \"CVE-2021-33765\",\n \"CVE-2021-33771\",\n \"CVE-2021-33773\",\n \"CVE-2021-33779\",\n \"CVE-2021-33780\",\n \"CVE-2021-33782\",\n \"CVE-2021-33783\",\n \"CVE-2021-33786\",\n \"CVE-2021-33788\",\n \"CVE-2021-34439\",\n \"CVE-2021-34440\",\n \"CVE-2021-34441\",\n \"CVE-2021-34442\",\n \"CVE-2021-34444\",\n \"CVE-2021-34446\",\n \"CVE-2021-34447\",\n \"CVE-2021-34448\",\n \"CVE-2021-34454\",\n \"CVE-2021-34455\",\n \"CVE-2021-34456\",\n \"CVE-2021-34457\",\n \"CVE-2021-34458\",\n \"CVE-2021-34459\",\n \"CVE-2021-34460\",\n \"CVE-2021-34462\",\n \"CVE-2021-34476\",\n \"CVE-2021-34491\",\n \"CVE-2021-34492\",\n \"CVE-2021-34493\",\n \"CVE-2021-34494\",\n \"CVE-2021-34496\",\n \"CVE-2021-34497\",\n \"CVE-2021-34498\",\n \"CVE-2021-34499\",\n \"CVE-2021-34500\",\n \"CVE-2021-34504\",\n \"CVE-2021-34507\",\n \"CVE-2021-34509\",\n \"CVE-2021-34511\",\n \"CVE-2021-34512\",\n \"CVE-2021-34514\",\n \"CVE-2021-34516\",\n \"CVE-2021-34525\"\n );\n script_xref(name:\"MSKB\", value:\"5004238\");\n script_xref(name:\"MSFT\", value:\"MS21-5004238\");\n script_xref(name:\"IAVA\", value:\"2021-A-0319\");\n script_xref(name:\"IAVA\", value:\"2021-A-0318\");\n\n script_name(english:\"KB5004238: Windows 10 Version 1607 / Windows Server 2016 Security Update (July 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5004238. It is, therefore, affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update 5004238\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34448\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-07';\nkbs = make_list(\n '5004238'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10', \n os_build:14393,\n rollup_date:'07_2021',\n bulletin:bulletin,\n rollup_kb_list:[5004238])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-29T03:55:20", "description": "The remote Windows host is missing security update 5004244. It is, therefore, affected by multiple vulnerabilities.", "edition": 5, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-13T00:00:00", "title": "KB5004244: Windows 10 version 1809 / Windows Server 2019 Security Update (July 2021)", "type": "nessus", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-33746", "CVE-2021-34500", "CVE-2021-33786", "CVE-2021-34446", "CVE-2021-33779", "CVE-2021-34476", "CVE-2021-33773", "CVE-2021-33782", "CVE-2021-34494", "CVE-2021-33752", "CVE-2021-33785", "CVE-2021-33749", "CVE-2021-34444", "CVE-2021-34490", "CVE-2021-33765", "CVE-2021-33771", "CVE-2021-34454", "CVE-2021-34441", "CVE-2021-34504", "CVE-2021-33761", "CVE-2021-34511", "CVE-2021-34509", "CVE-2021-34445", "CVE-2021-33764", "CVE-2021-31183", "CVE-2021-33783", "CVE-2021-34462", "CVE-2021-34448", "CVE-2021-34489", "CVE-2021-34455", "CVE-2021-33781", "CVE-2021-31961", "CVE-2021-34510", "CVE-2021-34503", "CVE-2021-34498", "CVE-2021-34447", "CVE-2021-33756", "CVE-2021-34440", "CVE-2021-33743", "CVE-2021-34456", "CVE-2021-33754", "CVE-2021-34507", "CVE-2021-34458", "CVE-2021-34488", "CVE-2021-34460", "CVE-2021-34438", "CVE-2021-33750", "CVE-2021-34499", "CVE-2021-33757", "CVE-2021-34496", "CVE-2021-34497", "CVE-2021-33759", "CVE-2021-34512", "CVE-2021-34457", "CVE-2021-33745", "CVE-2021-34492", "CVE-2021-34449", "CVE-2021-33788", "CVE-2021-33784", "CVE-2021-34466", "CVE-2021-34516", "CVE-2021-34493", "CVE-2021-34450", "CVE-2021-33751", "CVE-2021-34442", "CVE-2021-33763", "CVE-2021-34514", "CVE-2021-34525", "CVE-2021-34508", "CVE-2021-34491", "CVE-2021-33740", "CVE-2021-33774", "CVE-2021-33744", "CVE-2021-33755", "CVE-2021-33780", "CVE-2021-34459", "CVE-2021-31979"], "modified": "2021-07-13T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_JUL_5004244.NASL", "href": "https://www.tenable.com/plugins/nessus/151588", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151588);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/27\");\n\n script_cve_id(\n \"CVE-2021-31183\",\n \"CVE-2021-31961\",\n \"CVE-2021-31979\",\n \"CVE-2021-33740\",\n \"CVE-2021-33743\",\n \"CVE-2021-33744\",\n \"CVE-2021-33745\",\n \"CVE-2021-33746\",\n \"CVE-2021-33749\",\n \"CVE-2021-33750\",\n \"CVE-2021-33751\",\n \"CVE-2021-33752\",\n \"CVE-2021-33754\",\n \"CVE-2021-33755\",\n \"CVE-2021-33756\",\n \"CVE-2021-33757\",\n \"CVE-2021-33759\",\n \"CVE-2021-33761\",\n \"CVE-2021-33763\",\n \"CVE-2021-33764\",\n \"CVE-2021-33765\",\n \"CVE-2021-33771\",\n \"CVE-2021-33773\",\n \"CVE-2021-33774\",\n \"CVE-2021-33779\",\n \"CVE-2021-33780\",\n \"CVE-2021-33781\",\n \"CVE-2021-33782\",\n \"CVE-2021-33783\",\n \"CVE-2021-33784\",\n \"CVE-2021-33785\",\n \"CVE-2021-33786\",\n \"CVE-2021-33788\",\n \"CVE-2021-34438\",\n \"CVE-2021-34440\",\n \"CVE-2021-34441\",\n \"CVE-2021-34442\",\n \"CVE-2021-34444\",\n \"CVE-2021-34445\",\n \"CVE-2021-34446\",\n \"CVE-2021-34447\",\n \"CVE-2021-34448\",\n \"CVE-2021-34449\",\n \"CVE-2021-34450\",\n \"CVE-2021-34454\",\n \"CVE-2021-34455\",\n \"CVE-2021-34456\",\n \"CVE-2021-34457\",\n \"CVE-2021-34458\",\n \"CVE-2021-34459\",\n \"CVE-2021-34460\",\n \"CVE-2021-34462\",\n \"CVE-2021-34466\",\n \"CVE-2021-34476\",\n \"CVE-2021-34488\",\n \"CVE-2021-34489\",\n \"CVE-2021-34490\",\n \"CVE-2021-34491\",\n \"CVE-2021-34492\",\n \"CVE-2021-34493\",\n \"CVE-2021-34494\",\n \"CVE-2021-34496\",\n \"CVE-2021-34497\",\n \"CVE-2021-34498\",\n \"CVE-2021-34499\",\n \"CVE-2021-34500\",\n \"CVE-2021-34503\",\n \"CVE-2021-34504\",\n \"CVE-2021-34507\",\n \"CVE-2021-34508\",\n \"CVE-2021-34509\",\n \"CVE-2021-34510\",\n \"CVE-2021-34511\",\n \"CVE-2021-34512\",\n \"CVE-2021-34514\",\n \"CVE-2021-34516\",\n \"CVE-2021-34525\"\n );\n script_xref(name:\"MSKB\", value:\"5004244\");\n script_xref(name:\"MSFT\", value:\"MS21-5004244\");\n script_xref(name:\"IAVA\", value:\"2021-A-0319\");\n script_xref(name:\"IAVA\", value:\"2021-A-0318\");\n\n script_name(english:\"KB5004244: Windows 10 version 1809 / Windows Server 2019 Security Update (July 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5004244. It is, therefore, affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update 5004244\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34448\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-07';\nkbs = make_list(\n '5004244'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10', \n os_build:17763,\n rollup_date:'07_2021',\n bulletin:bulletin,\n rollup_kb_list:[5004244])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-29T03:55:20", "description": "The remote Windows host is missing security update 5004237. It is, therefore, affected by multiple vulnerabilities.", "edition": 5, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-13T00:00:00", "title": "KB5004237: Windows 10 Version 2004 / Windows 10 Version 20H2 / Windows 10 Version 21H1 Security Update (July 2021)", "type": "nessus", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-33746", "CVE-2021-34461", "CVE-2021-34500", "CVE-2021-33786", "CVE-2021-34446", "CVE-2021-33779", "CVE-2021-34476", "CVE-2021-33773", "CVE-2021-33782", "CVE-2021-34494", "CVE-2021-33752", "CVE-2021-33785", "CVE-2021-33749", "CVE-2021-34444", "CVE-2021-34490", "CVE-2021-34513", "CVE-2021-33765", "CVE-2021-33771", "CVE-2021-34454", "CVE-2021-34441", "CVE-2021-34504", "CVE-2021-33761", "CVE-2021-34511", "CVE-2021-34509", "CVE-2021-34445", "CVE-2021-33764", "CVE-2021-31183", "CVE-2021-33783", "CVE-2021-34462", "CVE-2021-34448", "CVE-2021-34489", "CVE-2021-34455", "CVE-2021-33781", "CVE-2021-31961", "CVE-2021-34521", "CVE-2021-34510", "CVE-2021-34498", "CVE-2021-34447", "CVE-2021-33756", "CVE-2021-34440", "CVE-2021-33743", "CVE-2021-34456", "CVE-2021-33754", "CVE-2021-34507", "CVE-2021-34458", "CVE-2021-34488", "CVE-2021-34460", "CVE-2021-34438", "CVE-2021-33750", "CVE-2021-34499", "CVE-2021-33757", "CVE-2021-34496", "CVE-2021-33760", "CVE-2021-34497", "CVE-2021-33759", "CVE-2021-34512", "CVE-2021-34457", "CVE-2021-33745", "CVE-2021-34492", "CVE-2021-34449", "CVE-2021-33788", "CVE-2021-33784", "CVE-2021-34466", "CVE-2021-34516", "CVE-2021-34493", "CVE-2021-34450", "CVE-2021-33751", "CVE-2021-34442", "CVE-2021-33763", "CVE-2021-34514", "CVE-2021-34525", "CVE-2021-33772", "CVE-2021-34508", "CVE-2021-34491", "CVE-2021-33740", "CVE-2021-33774", "CVE-2021-33744", "CVE-2021-33755", "CVE-2021-33780", "CVE-2021-34459", "CVE-2021-31979"], "modified": "2021-07-13T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_JUL_5004237.NASL", "href": "https://www.tenable.com/plugins/nessus/151606", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151606);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/26\");\n\n script_cve_id(\n \"CVE-2021-31183\",\n \"CVE-2021-31961\",\n \"CVE-2021-31979\",\n \"CVE-2021-33740\",\n \"CVE-2021-33743\",\n \"CVE-2021-33744\",\n \"CVE-2021-33745\",\n \"CVE-2021-33746\",\n \"CVE-2021-33749\",\n \"CVE-2021-33750\",\n \"CVE-2021-33751\",\n \"CVE-2021-33752\",\n \"CVE-2021-33754\",\n \"CVE-2021-33755\",\n \"CVE-2021-33756\",\n \"CVE-2021-33757\",\n \"CVE-2021-33759\",\n \"CVE-2021-33760\",\n \"CVE-2021-33761\",\n \"CVE-2021-33763\",\n \"CVE-2021-33764\",\n \"CVE-2021-33765\",\n \"CVE-2021-33771\",\n \"CVE-2021-33772\",\n \"CVE-2021-33773\",\n \"CVE-2021-33774\",\n \"CVE-2021-33779\",\n \"CVE-2021-33780\",\n \"CVE-2021-33781\",\n \"CVE-2021-33782\",\n \"CVE-2021-33783\",\n \"CVE-2021-33784\",\n \"CVE-2021-33785\",\n \"CVE-2021-33786\",\n \"CVE-2021-33788\",\n \"CVE-2021-34438\",\n \"CVE-2021-34440\",\n \"CVE-2021-34441\",\n \"CVE-2021-34442\",\n \"CVE-2021-34444\",\n \"CVE-2021-34445\",\n \"CVE-2021-34446\",\n \"CVE-2021-34447\",\n \"CVE-2021-34448\",\n \"CVE-2021-34449\",\n \"CVE-2021-34450\",\n \"CVE-2021-34454\",\n \"CVE-2021-34455\",\n \"CVE-2021-34456\",\n \"CVE-2021-34457\",\n \"CVE-2021-34458\",\n \"CVE-2021-34459\",\n \"CVE-2021-34460\",\n \"CVE-2021-34461\",\n \"CVE-2021-34462\",\n \"CVE-2021-34466\",\n \"CVE-2021-34476\",\n \"CVE-2021-34488\",\n \"CVE-2021-34489\",\n \"CVE-2021-34490\",\n \"CVE-2021-34491\",\n \"CVE-2021-34492\",\n \"CVE-2021-34493\",\n \"CVE-2021-34494\",\n \"CVE-2021-34496\",\n \"CVE-2021-34497\",\n \"CVE-2021-34498\",\n \"CVE-2021-34499\",\n \"CVE-2021-34500\",\n \"CVE-2021-34504\",\n \"CVE-2021-34507\",\n \"CVE-2021-34508\",\n \"CVE-2021-34509\",\n \"CVE-2021-34510\",\n \"CVE-2021-34511\",\n \"CVE-2021-34512\",\n \"CVE-2021-34513\",\n \"CVE-2021-34514\",\n \"CVE-2021-34516\",\n \"CVE-2021-34521\",\n \"CVE-2021-34525\"\n );\n script_xref(name:\"MSKB\", value:\"5004237\");\n script_xref(name:\"MSFT\", value:\"MS21-5004237\");\n script_xref(name:\"IAVA\", value:\"2021-A-0319\");\n script_xref(name:\"IAVA\", value:\"2021-A-0318\");\n\n script_name(english:\"KB5004237: Windows 10 Version 2004 / Windows 10 Version 20H2 / Windows 10 Version 21H1 Security Update (July 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5004237. It is, therefore, affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update 5004237\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34448\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-07';\nkbs = make_list(\n '5004237'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10', \n os_build:19041,\n rollup_date:'07_2021',\n bulletin:bulletin,\n rollup_kb_list:[5004237])\n||\nsmb_check_rollup(os:'10', \n os_build:19042,\n rollup_date:'07_2021',\n bulletin:bulletin,\n rollup_kb_list:[5004237])\n||\nsmb_check_rollup(os:'10', \n os_build:19043,\n rollup_date:'07_2021',\n bulletin:bulletin,\n rollup_kb_list:[5004237])\n\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "rapid7blog": [{"lastseen": "2021-07-28T14:56:11", "description": "\n\n[Microsoft has patched another 117 CVEs](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Jul>), returning to volumes seen in early 2021 and most of 2020. It would appear that the recent trend of approximately 50 vulnerability fixes per month was not indicative of a slowing pace. This month there were 13 vulnerabilities rated Critical with nearly the rest being rated Important. Thankfully, none of the updates published today require additional steps to remediate, so administrators should be able to rely on their normal patching process. Once[ CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>) has been remediated, priority should be to patch public facing DNS and Exchange servers, followed by Workstations, SharePoint servers, and finally Office applications.\n\nIt seems like the PrintNightmare is nearly over. While the past two weeks have been a frenzy for the security community there has been no new information since the end of last week when Microsoft made a final revision to their guidance on[ CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). If you haven\u2019t patched this yet, this is your daily reminder. For further details [please see our blog](<https://www.rapid7.com/blog/post/2021/06/30/cve-2021-1675-printnightmare-patch-does-not-remediate-vulnerability/>) on the topic.\n\n## Multiple Critical DNS Vulnerabilities Patched\n\nAdministrators should focus their efforts on the 11 vulnerabilities in Windows DNS server to reduce the most risk. The two most important of these vulnerabilities are [CVE-2021-34494](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34494>) and [CVE-2021-33780](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33780>). Exploitation of either of these vulnerabilities would result in Remote Code Execution with SYSTEM privileges without any user interaction via the network. Given the network exposure of DNS servers these vulnerabilities could prove to be troublesome if an exploit were to be developed. Microsoft lists [CVE-2021-33780](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33780>) as \u201cExploitation More Likely\u201d so it may only be a matter of time before attackers attempt to make use of these flaws.\n\n## New Exchange Updates Available\n\nOnly 4 of the 7 Exchange CVEs being disclosed this month are new. The two most severe vulnerabilities were patched in back in April and were mistakenly not disclosed. This means that if you applied the April 2021 updates you will not need to take any action for [CVE-2021-34473](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34473>), [CVE-2021-34523](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34523>), or [CVE-2021-33766](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33766>). Of the 4 newly patched vulnerabilities the most notable is [CVE-2021-31206](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31206>), a remote code execution flaw discovered in the recent Pwn2Own competition. \n\n## Scripting Engine Exploited in the Wild\n\nExploitation of [CVE-2021-34448](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34448>) has been observed in the wild by researchers. There are no details on the frequency or spread of this exploit. This vulnerability requires the user to visit a link to download a malicious file. As with other vulnerabilities that require user interaction, strong security hygiene is the first line of defense.\n\n## Summary Tables\n\nHere are this month's patched vulnerabilities split by the product family.\n\n## Apps Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-33753](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33753>) | Microsoft Bing Search Spoofing Vulnerability | No | No | 4.7 | Yes \n \n## Developer Tools Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-34528](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34528>) | Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-34529](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34529>) | Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-34477](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34477>) | Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-33767](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33767>) | Open Enclave SDK Elevation of Privilege Vulnerability | No | No | 8.2 | Yes \n[CVE-2021-34479](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34479>) | Microsoft Visual Studio Spoofing Vulnerability | No | No | 7.8 | No \n \n## Exchange Server Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-34473](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34473>) | Microsoft Exchange Server Remote Code Execution Vulnerability | No | Yes | 9.1 | No \n[CVE-2021-31206](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31206>) | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 7.6 | Yes \n[CVE-2021-31196](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31196>) | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 7.2 | No \n[CVE-2021-34523](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34523>) | Microsoft Exchange Server Elevation of Privilege Vulnerability | No | Yes | 9 | No \n[CVE-2021-33768](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33768>) | Microsoft Exchange Server Elevation of Privilege Vulnerability | No | No | 8 | Yes \n[CVE-2021-34470](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34470>) | Microsoft Exchange Server Elevation of Privilege Vulnerability | No | No | 8 | Yes \n[CVE-2021-33766](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33766>) | Microsoft Exchange Information Disclosure Vulnerability | No | No | 7.3 | Yes \n \n## Microsoft Dynamics Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-34474](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34474>) | Dynamics Business Central Remote Code Execution Vulnerability | No | No | 8 | Yes \n \n## Microsoft Office Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-34452](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34452>) | Microsoft Word Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-34517](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34517>) | Microsoft SharePoint Server Spoofing Vulnerability | No | No | 5.3 | No \n[CVE-2021-34520](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34520>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.1 | No \n[CVE-2021-34467](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34467>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 7.1 | No \n[CVE-2021-34468](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34468>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 7.1 | Yes \n[CVE-2021-34519](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34519>) | Microsoft SharePoint Server Information Disclosure Vulnerability | No | No | 5.3 | Yes \n[CVE-2021-34469](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34469>) | Microsoft Office Security Feature Bypass Vulnerability | No | No | 8.2 | Yes \n[CVE-2021-34451](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34451>) | Microsoft Office Online Server Spoofing Vulnerability | No | No | 5.3 | Yes \n[CVE-2021-34501](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34501>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-34518](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34518>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n## SQL Server Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-31984](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31984>) | Power BI Remote Code Execution Vulnerability | No | No | 7.6 | Yes \n \n## System Center Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-34464](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34464>) | Microsoft Defender Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-34522](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34522>) | Microsoft Defender Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n## Windows Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-33772](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33772>) | Windows TCP/IP Driver Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2021-34490](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34490>) | Windows TCP/IP Driver Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2021-33744](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33744>) | Windows Secure Kernel Mode Security Feature Bypass Vulnerability | No | No | 5.3 | No \n[CVE-2021-33763](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33763>) | Windows Remote Access Connection Manager Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-34454](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34454>) | Windows Remote Access Connection Manager Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-33761](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33761>) | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-33773](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33773>) | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-34445](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34445>) | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-33743](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33743>) | Windows Projected File System Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-34493](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34493>) | Windows Partition Management Driver Elevation of Privilege Vulnerability | No | No | 6.7 | No \n[CVE-2021-33740](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33740>) | Windows Media Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-34458](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34458>) | Windows Kernel Remote Code Execution Vulnerability | No | No | 9.9 | Yes \n[CVE-2021-34508](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34508>) | Windows Kernel Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-33771](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33771>) | Windows Kernel Elevation of Privilege Vulnerability | Yes | No | 7.8 | No \n[CVE-2021-31961](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31961>) | Windows InstallService Elevation of Privilege Vulnerability | No | No | 6.1 | Yes \n[CVE-2021-34450](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34450>) | Windows Hyper-V Remote Code Execution Vulnerability | No | No | 8.5 | Yes \n[CVE-2021-33758](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33758>) | Windows Hyper-V Denial of Service Vulnerability | No | No | 7.7 | No \n[CVE-2021-33755](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33755>) | Windows Hyper-V Denial of Service Vulnerability | No | No | 6.3 | No \n[CVE-2021-34466](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34466>) | Windows Hello Security Feature Bypass Vulnerability | No | No | 5.7 | Yes \n[CVE-2021-34438](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34438>) | Windows Font Driver Host Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-34455](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34455>) | Windows File History Service Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-33774](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33774>) | Windows Event Tracing Elevation of Privilege Vulnerability | No | No | 7 | No \n[CVE-2021-33759](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33759>) | Windows Desktop Bridge Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-34525](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34525>) | Windows DNS Server Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-34461](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34461>) | Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-34488](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34488>) | Windows Console Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-33784](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33784>) | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-34462](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34462>) | Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | No | No | 7 | No \n[CVE-2021-34459](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34459>) | Windows AppContainer Elevation Of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-33785](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33785>) | Windows AF_UNIX Socket Provider Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2021-33779](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33779>) | Windows ADFS Security Feature Bypass Vulnerability | No | Yes | 8.1 | Yes \n[CVE-2021-34491](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34491>) | Win32k Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-34449](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34449>) | Win32k Elevation of Privilege Vulnerability | No | No | 7 | No \n[CVE-2021-34509](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34509>) | Storage Spaces Controller Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-34460](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34460>) | Storage Spaces Controller Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-34510](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34510>) | Storage Spaces Controller Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-34512](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34512>) | Storage Spaces Controller Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-34513](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34513>) | Storage Spaces Controller Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-33751](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33751>) | Storage Spaces Controller Elevation of Privilege Vulnerability | No | No | 7 | No \n[CVE-2021-34521](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34521>) | Raw Image Extension Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-34439](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34439>) | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-34503](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34503>) | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-33760](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33760>) | Media Foundation Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-31947](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31947>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-33775](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33775>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-33776](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33776>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-33777](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33777>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-33778](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33778>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-34489](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34489>) | DirectWrite Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-33781](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33781>) | Active Directory Security Feature Bypass Vulnerability | No | Yes | 8.1 | No \n \n## Windows ESU Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-31183](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31183>) | Windows TCP/IP Driver Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2021-33757](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33757>) | Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability | No | No | 5.3 | Yes \n[CVE-2021-33783](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33783>) | Windows SMB Information Disclosure Vulnerability | No | No | 6.5 | Yes \n[CVE-2021-34507](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34507>) | Windows Remote Assistance Information Disclosure Vulnerability | No | No | 6.5 | Yes \n[CVE-2021-34457](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34457>) | Windows Remote Access Connection Manager Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-34456](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34456>) | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-34527](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34527>) | Windows Print Spooler Remote Code Execution Vulnerability | Yes | Yes | 8.8 | Yes \n[CVE-2021-34497](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34497>) | Windows MSHTML Platform Remote Code Execution Vulnerability | No | No | 6.8 | Yes \n[CVE-2021-34447](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34447>) | Windows MSHTML Platform Remote Code Execution Vulnerability | No | No | 6.8 | Yes \n[CVE-2021-33786](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33786>) | Windows LSA Security Feature Bypass Vulnerability | No | No | 8.1 | Yes \n[CVE-2021-33788](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33788>) | Windows LSA Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2021-33764](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33764>) | Windows Key Distribution Center Information Disclosure Vulnerability | No | No | 5.9 | Yes \n[CVE-2021-34500](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34500>) | Windows Kernel Memory Information Disclosure Vulnerability | No | No | 6.3 | Yes \n[CVE-2021-31979](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31979>) | Windows Kernel Elevation of Privilege Vulnerability | Yes | No | 7.8 | No \n[CVE-2021-34514](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34514>) | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-33765](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33765>) | Windows Installer Spoofing Vulnerability | No | No | 6.2 | No \n[CVE-2021-34511](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34511>) | Windows Installer Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-34446](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34446>) | Windows HTML Platforms Security Feature Bypass Vulnerability | No | No | 8 | No \n[CVE-2021-34496](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34496>) | Windows GDI Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-34498](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34498>) | Windows GDI Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-33749](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33749>) | Windows DNS Snap-in Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2021-33750](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33750>) | Windows DNS Snap-in Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2021-33752](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33752>) | Windows DNS Snap-in Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2021-33756](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33756>) | Windows DNS Snap-in Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2021-34494](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34494>) | Windows DNS Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2021-33780](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33780>) | Windows DNS Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2021-33746](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33746>) | Windows DNS Server Remote Code Execution Vulnerability | No | No | 8 | No \n[CVE-2021-33754](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33754>) | Windows DNS Server Remote Code Execution Vulnerability | No | No | 8 | No \n[CVE-2021-34442](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34442>) | Windows DNS Server Denial of Service Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-34444](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34444>) | Windows DNS Server Denial of Service Vulnerability | No | No | 6.5 | Yes \n[CVE-2021-34499](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34499>) | Windows DNS Server Denial of Service Vulnerability | No | No | 6.5 | No \n[CVE-2021-33745](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33745>) | Windows DNS Server Denial of Service Vulnerability | No | No | 6.5 | Yes \n[CVE-2021-34492](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34492>) | Windows Certificate Spoofing Vulnerability | No | Yes | 8.1 | No \n[CVE-2021-33782](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33782>) | Windows Authenticode Spoofing Vulnerability | No | No | 5.5 | No \n[CVE-2021-34504](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34504>) | Windows Address Book Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-34516](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34516>) | Win32k Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-34448](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34448>) | Scripting Engine Memory Corruption Vulnerability | Yes | No | 6.8 | Yes \n[CVE-2021-34441](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34441>) | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-34440](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34440>) | GDI+ Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-34476](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34476>) | Bowser.sys Denial of Service Vulnerability | No | No | 7.5 | No \n \n## Summary Graphs\n\n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-13T20:56:26", "type": "rapid7blog", "title": "Patch Tuesday - July 2021", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-31183", "CVE-2021-31196", "CVE-2021-31206", "CVE-2021-31947", "CVE-2021-31961", "CVE-2021-31979", "CVE-2021-31984", "CVE-2021-33740", "CVE-2021-33743", "CVE-2021-33744", "CVE-2021-33745", "CVE-2021-33746", "CVE-2021-33749", "CVE-2021-33750", "CVE-2021-33751", "CVE-2021-33752", "CVE-2021-33753", "CVE-2021-33754", "CVE-2021-33755", "CVE-2021-33756", "CVE-2021-33757", "CVE-2021-33758", "CVE-2021-33759", "CVE-2021-33760", "CVE-2021-33761", "CVE-2021-33763", "CVE-2021-33764", "CVE-2021-33765", "CVE-2021-33766", "CVE-2021-33767", "CVE-2021-33768", "CVE-2021-33771", "CVE-2021-33772", "CVE-2021-33773", "CVE-2021-33774", "CVE-2021-33775", "CVE-2021-33776", "CVE-2021-33777", "CVE-2021-33778", "CVE-2021-33779", "CVE-2021-33780", "CVE-2021-33781", "CVE-2021-33782", "CVE-2021-33783", "CVE-2021-33784", "CVE-2021-33785", "CVE-2021-33786", "CVE-2021-33788", "CVE-2021-34438", "CVE-2021-34439", "CVE-2021-34440", "CVE-2021-34441", "CVE-2021-34442", "CVE-2021-34444", "CVE-2021-34445", "CVE-2021-34446", "CVE-2021-34447", "CVE-2021-34448", "CVE-2021-34449", "CVE-2021-34450", "CVE-2021-34451", "CVE-2021-34452", "CVE-2021-34454", "CVE-2021-34455", "CVE-2021-34456", "CVE-2021-34457", "CVE-2021-34458", "CVE-2021-34459", "CVE-2021-34460", "CVE-2021-34461", "CVE-2021-34462", "CVE-2021-34464", "CVE-2021-34466", "CVE-2021-34467", "CVE-2021-34468", "CVE-2021-34469", "CVE-2021-34470", "CVE-2021-34473", "CVE-2021-34474", "CVE-2021-34476", "CVE-2021-34477", "CVE-2021-34479", "CVE-2021-34488", "CVE-2021-34489", "CVE-2021-34490", "CVE-2021-34491", "CVE-2021-34492", "CVE-2021-34493", "CVE-2021-34494", "CVE-2021-34496", "CVE-2021-34497", "CVE-2021-34498", "CVE-2021-34499", "CVE-2021-34500", "CVE-2021-34501", "CVE-2021-34503", "CVE-2021-34504", "CVE-2021-34507", "CVE-2021-34508", "CVE-2021-34509", "CVE-2021-34510", "CVE-2021-34511", "CVE-2021-34512", "CVE-2021-34513", "CVE-2021-34514", "CVE-2021-34516", "CVE-2021-34517", "CVE-2021-34518", "CVE-2021-34519", "CVE-2021-34520", "CVE-2021-34521", "CVE-2021-34522", "CVE-2021-34523", "CVE-2021-34525", "CVE-2021-34527", "CVE-2021-34528", "CVE-2021-34529"], "modified": "2021-07-13T20:56:26", "id": "RAPID7BLOG:4B35B23167A9D5E016537F6A81E4E9D4", "href": "https://blog.rapid7.com/2021/07/13/patch-tuesday-july-2021/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
