Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2021.0132
Microsoft Patch Tuesday update for Microsoft Developer Tools for July 2021
14 July 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Developer Tool Products
Operating System: Windows
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Increased Privileges -- Existing Account
Provide Misleading Information -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-34529 CVE-2021-34528 CVE-2021-34479
CVE-2021-34477 CVE-2021-33767
OVERVIEW
Microsoft has released its monthly security patch update for the
month of July 2021.
This update resolves 5 vulnerabilities across the following products:
[1]
.NET Education Bundle SDK Install Tool
.NET Install Tool for Extension Authors
Open Enclave SDK
Visual Studio Code
IMPACT
Microsoft has given the following details regarding these vulnerabilities.
Details Impact Severity
CVE-2021-33767 Elevation of Privilege Important
CVE-2021-34477 Elevation of Privilege Important
CVE-2021-34479 Spoofing Important
CVE-2021-34528 Remote Code Execution Important
CVE-2021-34529 Remote Code Execution Important
MITIGATION
Microsoft recommends updating the software to the latest available
version available on the Microsoft Update Catalog. [1].
REFERENCES
[1] Microsoft Security Update Guidance
https://portal.msrc.microsoft.com/en-us/security-guidance
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYO5YeeNLKJtyKPYoAQgjqw//fGI19G6XH13ywls6OQSn2qvXLGwdLp3P
WFbsgbC0jlkaseY2o7Vgxx+pw1aV77tkGrLrTJttClpzrB7R6A/x5JVDQH+4Vggs
mw5RjpAl7q1KjP/w8nwTGF2yfocROK3G7VSlhmtppVbMFo3uHjwa0jmxvB9OOuMn
c3ENBgmHqCnq4CrMSgpPr/s/yjO++Vq5gZ01nnqtIafdtHcfPTtSsMi5z2PSftOj
4T1wXaXkB9c46Cufvbarlt4yIcz33x/mjli3AH/kAQLAV5i/ewL29FjW66+1bI2O
DqvZgwpTKZYjpVUMn/hRLPv7D3Mo/cm2YKrCZdCW+OogKLXva5IoUHTvrnXxD2WV
2bcB/mCw22FEZL+C3Vjku7TZLfilmsUtGCYtwLxVl4EtZVUXPu7VV+DOvavn6lc7
oJeP64/NwgByWf3wqkPtshkKxijJeRHs/vGArVO8NprTM6LX2vtA0kt4N7N1iKY/
fIYvAweWdEl/PYN5ZOEQmP5nqWlprKEQSPrp9fyXF8skp80J4uw05Nd7HRxA5hbh
BZEIGmasi0w+YK9etuwHNyV23Xpy9qFQXkbB1i3rLMvviKbKELrR7Uiua9o4FLCQ
b9zv84Gacfql2TuOAKYakvpG7iTObBieT88YleO+3DPjY8u4E1enb6HPHnyOWk9O
oLjIVqRrW5M=
=OB3U
-----END PGP SIGNATURE-----