Patch Tuesday July 2021:Microsoft To Deliver 40 Security Patches, Including Several Fixes for an Exploitable Zero-Day Vulnerability
Windows Print Spooler Revisited
Microsoft’s July security updates roll will feature approximately 40 security updates for Windows-specific issues ranging from Important to Critical. July’s Patch Tuesday roll will also include several fixes for CVE-2021-34527, the Windows Print Spooler Remote Code Execution (RCE) vulnerability, a print service bug that has been exploited for the past two months. Microsoft might also release security and non-security updates for .NET Framework, Adobe Acrobat and Reader, Internet Explorer, and the Extended Security Updates Pack for Windows Server 2008, Server 2008 R2, and Windows 7.
July Patch Tuesday Highlights
The fix for the infamous CVE-2021-34527 is, without a doubt, the highlight of July’s Patch Tuesday. Discovered, rediscovered, patched, but not entirely, the print spooler bug had users on the edge, especially after the POC’s publication. As of now, the vulnerability appears as fixed on Microsoft’s Security Update guide, complete with additional workarounds for users who have yet to apply the latest essential patches.
Interestingly enough, more than 80% of all security patches released in July are meant to fix the same Windows Print Spooler vulnerability. For instance, KBs 5004946 through 5004958, address the aforementioned issue for various builds, versions, and service packs.
To remind the readers, CVE- 2021-34527 came to attention in mid-June. Back then, the issue, although marked as “Important”, had no applicability. However, Microsoft was forced to revise the entry for CVE- 2021-34527, and upgrade its status from Important to Critical after a group of Chinese malware analysts published the POC for Remote Code Exploitation.
A partial fix ensued, but with mixed results. Come July, Microsoft pushes for a more permanent fix. We should also consider the fact that CVE- 2021-34527 is the RCE adjunct of CVE-2021-1675, which abuses the privilege escalation mechanism. Both have been marked as solved under the July security roll.
Some other wins include:
- Extended Security Updates pack for Windows Server 2008, Windows Server 2008 R2, and Windows 7.
- Internet Explorer feature updates. Since June, IE 11 has multi-languages support for Windows Server 2008, Windows 7, Windows 7 for x64-based Systems.
- Minor, non-security-related updates for the .NET framework and, possibly, for the SQL server.
- Push for APSB21-51 Prenotification for Adobe Acrobat and Reader.
- Stability patches and (possibly) updates for Windows 11.
Wrap-up and parting thoughts
It goes without saying that Microsoft’s July patch bout was more about the print spooler vulnerability and less about minor bugs, GUI improvements, or non-essentials. So far, no incident has been chalked up PrintNightmare or CVE-2021-34527. That’s about all covered under the Patch Tuesday July 2021. As always, I encourage you to deploy the latest updates & patches in a timely fashion, do a lot of pen-testing, avoid suspicious emails, test your .msi patches before pushing them to your machines, and always go for patch automation. Heimdal™ Security’s Patch & Asset Management is (or should be) your weapon of choice, regardless of your patching needs, requirements or whims.
Other resources worth checking out:
- Past Patch Tuesday article.
- Andra Andrioaie’s take on PrintNightmare
- Auto-updating guide for Microsoft Optional Patches.