By Need

By Industry

By Function

Datacenter Modernization

Patch Tuesday July 2021 Edition…PrintNightmare, Windows RCEs and More Exchange RCEs

What We Know

For Patch Tuesday July 2021, Microsoft is patching the vulnerability and ongoing exploitation of PrintNightmare. You can read about CVE-2021-34527 on the Microsoft vulnerability site here. This one is really causing a lot of pain for organizations and CISA has also released Emergency Directive 21-04 that outlines what and when Federal Civilian Executive Branch agencies must do to mitigate this one.

For this month, Microsoft is addressing 117 total vulnerabilities, 13 of which are of the Critical rating, 103 have the Important rating, and 1 has a Moderate rating in severity.

That is a lot of CVEs!

The 13 Critical are listed below; we feel that CVE-2021-34527 “PrintNightmare” should be a top priority for every organization: 

CVE-2021-34527 – Windows Print Spooler Components – Windows Print Spooler RCE Vulnerability (actively exploited)
CVE-2021-34448 – Microsoft Scripting Engine – Scripting Engine Memory Corruption Vulnerability (actively exploited)
CVE-2021-34474 – Dynamics Business Central Control – Dynamics Business Central RCE Vulnerability
CVE-2021-34473 – Microsoft Exchange Server – Microsoft Exchange Server RCE Vulnerability
CVE-2021-33740 – Microsoft Windows Codecs Library – Windows Media RCE Vulnerability
CVE-2021-34439 – Microsoft Windows Media Foundation – Microsoft Windows Media Foundation RCE Vulnerability
CVE-2021-34503 – Microsoft Windows Media Foundation – Microsoft Windows Media Foundation RCE Vulnerability
CVE-2021-34494 – (server role) DNS Server – Windows DNS Server RCE Vulnerability
CVE-2021-34450 – (server role) Hyper-V – Windows Hyper-V RCE Vulnerability
CVE-2021-34522 – Windows Defender – Microsoft Defender RCE Vulnerability
CVE-2021-34464 – Windows Defender – Microsoft Defender RCE Vulnerability
CVE-2021-34458 – Windows Kernel – Windows Kernel RCE Vulnerability
CVE-2021-34497 – Windows MSHTML Platform – Windows MSHTML Platform RCE Vulnerability

There are also several on-premises Exchange Server vulnerabilities released, including the above Critical (RCE), and three were addressed in April but not discussed until this release.

What should you be doing?

The vulnerabilities that were released this month are significant and should be patched as soon as possible following your normal change and testing processes. You should also be looking at the vulnerabilities and updates on your perimeter security devices on a regular basis. When performing penetration tests for clients, our team often finds unpatched systems left open and vulnerable.

The latest patches can be viewed on the Microsoft Security Response Center (MSRC) website. As usual, you must follow the instructions for any of these updates and test thoroughly before upgrading your entire environment.

How long before more POC exploits are made public?

POC exploits are on the rise and aren’t going away anytime soon. If there ever were a time to enhance your vulnerability management program to deal with vulnerabilities like these and out-of-band zero-day vulnerabilities, it is NOW.

Steps you can take now:

• Ask yourself, should we consider a move to Microsoft Online Exchange?
• Follow proper change control process
• Test your patches before rolling into production
• Ensure you have immutable backups of all systems, that way if the worst happens you have a method of recovering.
• Regardless of whether or not your systems are exposed to the Internet, patch them!

If you need help with this security threat, please reach out to your GreenPages Account Manager or reach out to us.

Randy Becker.

Randy Becker

Randy is responsible for GreenPages’ overall cyber security strategy, including developing comprehensive policies and procedures to protect critical applications while ensuring business agility and velocity. With more than 30 years in the IT industry, Randy has strong expertise in cyber security and risk management; security operations and optimization; infrastructure modernization; and hybrid cloud architecture, design, and implementation. Randy is also a HITRUST Certified CSF Practitioner (CCSFP) which ensures clients have access to the highest level of expertise related to privacy, security, compliance, and risk management.