-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2021.0134
    Microsoft Patch Tuesday update for Microsoft Windows for July 2021
                               14 July 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          Windows 10
                  Windows 8.1
                  Windows RT 8.1
                  Windows Server
                  Windows Server 2012
                  Windows Server 2012 R2
                  Windows Server 2016
                  Windows Server 2019
                  HEVC Video Extensions
Operating System: Windows
Impact/Access:    Execute Arbitrary Code/Commands -- Remote with User Interaction
                  Increased Privileges            -- Existing Account            
                  Denial of Service               -- Remote/Unauthenticated      
                  Provide Misleading Information  -- Remote with User Interaction
                  Access Confidential Data        -- Remote/Unauthenticated      
                  Unauthorised Access             -- Remote with User Interaction
Resolution:       Patch/Upgrade
CVE Names:        CVE-2021-34525 CVE-2021-34521 CVE-2021-34516
                  CVE-2021-34514 CVE-2021-34513 CVE-2021-34512
                  CVE-2021-34511 CVE-2021-34510 CVE-2021-34509
                  CVE-2021-34508 CVE-2021-34507 CVE-2021-34504
                  CVE-2021-34503 CVE-2021-34500 CVE-2021-34499
                  CVE-2021-34498 CVE-2021-34497 CVE-2021-34496
                  CVE-2021-34494 CVE-2021-34493 CVE-2021-34492
                  CVE-2021-34491 CVE-2021-34490 CVE-2021-34489
                  CVE-2021-34488 CVE-2021-34476 CVE-2021-34466
                  CVE-2021-34462 CVE-2021-34461 CVE-2021-34460
                  CVE-2021-34459 CVE-2021-34458 CVE-2021-34457
                  CVE-2021-34456 CVE-2021-34455 CVE-2021-34454
                  CVE-2021-34450 CVE-2021-34449 CVE-2021-34448
                  CVE-2021-34447 CVE-2021-34446 CVE-2021-34445
                  CVE-2021-34444 CVE-2021-34442 CVE-2021-34441
                  CVE-2021-34440 CVE-2021-34439 CVE-2021-34438
                  CVE-2021-33788 CVE-2021-33786 CVE-2021-33785
                  CVE-2021-33784 CVE-2021-33783 CVE-2021-33782
                  CVE-2021-33781 CVE-2021-33780 CVE-2021-33779
                  CVE-2021-33778 CVE-2021-33777 CVE-2021-33776
                  CVE-2021-33775 CVE-2021-33774 CVE-2021-33773
                  CVE-2021-33772 CVE-2021-33771 CVE-2021-33765
                  CVE-2021-33764 CVE-2021-33763 CVE-2021-33761
                  CVE-2021-33760 CVE-2021-33759 CVE-2021-33758
                  CVE-2021-33757 CVE-2021-33756 CVE-2021-33755
                  CVE-2021-33754 CVE-2021-33752 CVE-2021-33751
                  CVE-2021-33750 CVE-2021-33749 CVE-2021-33746
                  CVE-2021-33745 CVE-2021-33744 CVE-2021-33743
                  CVE-2021-33740 CVE-2021-31979 CVE-2021-31961
                  CVE-2021-31947 CVE-2021-31183 

OVERVIEW

        Microsoft has released its monthly security patch update for the
        month of July 2021.
        
        This update resolves 90 vulnerabilities across the following
        products: [1]
        
         HEVC Video Extensions
         Windows 10
         Windows 8.1
         Windows RT 8.1
         Windows Server
         Windows Server 2012
         Windows Server 2012 R2
         Windows Server 2016
         Windows Server 2019


IMPACT

        Microsoft has given the following details regarding these vulnerabilities.
        
         Details         Impact                   Severity
         CVE-2021-31183  Denial of Service        Important
         CVE-2021-31947  Remote Code Execution    Important
         CVE-2021-31961  Elevation of Privilege   Important
         CVE-2021-31979  Elevation of Privilege   Important
         CVE-2021-33740  Remote Code Execution    Critical
         CVE-2021-33743  Elevation of Privilege   Important
         CVE-2021-33744  Security Feature Bypass  Important
         CVE-2021-33745  Denial of Service        Important
         CVE-2021-33746  Remote Code Execution    Important
         CVE-2021-33749  Remote Code Execution    Important
         CVE-2021-33750  Remote Code Execution    Important
         CVE-2021-33751  Elevation of Privilege   Important
         CVE-2021-33752  Remote Code Execution    Important
         CVE-2021-33754  Remote Code Execution    Important
         CVE-2021-33755  Denial of Service        Important
         CVE-2021-33756  Remote Code Execution    Important
         CVE-2021-33757  Security Feature Bypass  Important
         CVE-2021-33758  Denial of Service        Important
         CVE-2021-33759  Elevation of Privilege   Important
         CVE-2021-33760  Information Disclosure   Important
         CVE-2021-33761  Elevation of Privilege   Important
         CVE-2021-33763  Information Disclosure   Important
         CVE-2021-33764  Information Disclosure   Important
         CVE-2021-33765  Spoofing                 Important
         CVE-2021-33771  Elevation of Privilege   Important
         CVE-2021-33772  Denial of Service        Important
         CVE-2021-33773  Elevation of Privilege   Important
         CVE-2021-33774  Elevation of Privilege   Important
         CVE-2021-33775  Remote Code Execution    Important
         CVE-2021-33776  Remote Code Execution    Important
         CVE-2021-33777  Remote Code Execution    Important
         CVE-2021-33778  Remote Code Execution    Important
         CVE-2021-33779  Security Feature Bypass  Important
         CVE-2021-33780  Remote Code Execution    Important
         CVE-2021-33781  Security Feature Bypass  Important
         CVE-2021-33782  Spoofing                 Important
         CVE-2021-33783  Information Disclosure   Important
         CVE-2021-33784  Elevation of Privilege   Important
         CVE-2021-33785  Denial of Service        Important
         CVE-2021-33786  Security Feature Bypass  Important
         CVE-2021-33788  Denial of Service        Important
         CVE-2021-34438  Remote Code Execution    Important
         CVE-2021-34439  Remote Code Execution    Critical
         CVE-2021-34440  Information Disclosure   Important
         CVE-2021-34441  Remote Code Execution    Important
         CVE-2021-34442  Denial of Service        Important
         CVE-2021-34444  Denial of Service        Important
         CVE-2021-34445  Elevation of Privilege   Important
         CVE-2021-34446  Security Feature Bypass  Important
         CVE-2021-34447  Remote Code Execution    Important
         CVE-2021-34448  Remote Code Execution    Critical
         CVE-2021-34449  Elevation of Privilege   Important
         CVE-2021-34450  Remote Code Execution    Critical
         CVE-2021-34454  Information Disclosure   Important
         CVE-2021-34455  Elevation of Privilege   Important
         CVE-2021-34456  Elevation of Privilege   Important
         CVE-2021-34457  Information Disclosure   Important
         CVE-2021-34458  Remote Code Execution    Critical
         CVE-2021-34459  Elevation of Privilege   Important
         CVE-2021-34460  Elevation of Privilege   Important
         CVE-2021-34461  Elevation of Privilege   Important
         CVE-2021-34462  Elevation of Privilege   Important
         CVE-2021-34466  Security Feature Bypass  Important
         CVE-2021-34476  Denial of Service        Important
         CVE-2021-34488  Elevation of Privilege   Important
         CVE-2021-34489  Remote Code Execution    Important
         CVE-2021-34490  Denial of Service        Important
         CVE-2021-34491  Information Disclosure   Important
         CVE-2021-34492  Spoofing                 Important
         CVE-2021-34493  Elevation of Privilege   Important
         CVE-2021-34494  Remote Code Execution    Critical
         CVE-2021-34496  Information Disclosure   Important
         CVE-2021-34497  Remote Code Execution    Critical
         CVE-2021-34498  Elevation of Privilege   Important
         CVE-2021-34499  Denial of Service        Important
         CVE-2021-34500  Information Disclosure   Important
         CVE-2021-34503  Remote Code Execution    Critical
         CVE-2021-34504  Remote Code Execution    Important
         CVE-2021-34507  Information Disclosure   Important
         CVE-2021-34508  Remote Code Execution    Important
         CVE-2021-34509  Information Disclosure   Important
         CVE-2021-34510  Elevation of Privilege   Important
         CVE-2021-34511  Elevation of Privilege   Important
         CVE-2021-34512  Elevation of Privilege   Important
         CVE-2021-34513  Elevation of Privilege   Important
         CVE-2021-34514  Elevation of Privilege   Important
         CVE-2021-34516  Elevation of Privilege   Important
         CVE-2021-34521  Remote Code Execution    Important
         CVE-2021-34525  Remote Code Execution    Important
         CVE-2021-34525  Defense in Depth         Low


MITIGATION

        Microsoft recommends updating the software with the version made
        available on the Microsoft Update Catalogue for the following
        Knowledge Base articles. [1].
        
         KB5004233, KB5004235, KB5004237, KB5004238, KB5004244
         KB5004245, KB5004249, KB5004285, KB5004294, KB5004298
         KB5004302


REFERENCES

        [1] Microsoft Security Update Guidance
            https://portal.msrc.microsoft.com/en-us/security-guidance

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYO5YquNLKJtyKPYoAQiRHQ/9GuUsocXCIDNHZG6nENGTLpf8AhiULUQu
08nxcLyEAkqdULZpMMYe8P0cPcX+WWWYy6GX1Txp1TqE63BLIozXxbFmtGr6HJhP
HQ/d4QaXhKXgJX4ZB6AU+vJEoMlKQLESqBHTkmN0gv4LAVIeve++ecDpB7Mf4t4F
BA/G2pbnt30wpPTYMdK4emgoQcQ03J3cmd6XIHiWSJXHbcAVfM1Wrwbnv5KZMje1
XMpTClrhT2XlJCdlTbnaSQ6ef7rnjTa+qkfrQGLm5O10MjCSheRPcxIcs2LcDhaf
3qPJIWZ7S0RtC6fplQk4itLvWva1yBIkLLJ8agasKO3NOmgfK2yTY1glKbXkMG39
I2DLJy3gaadoHm7RBDkzZLUMiikA4Vtu8gyklMR7l+yZtOj+o3qOcLEgVmjkBXts
OXg53bjlqN0csQxoZ3gBpLuzktRDzBN7uXd2r4o5mV1blPIgjhp8eeFcRCT6URGG
Dfd5vi0RKvgj+5xedTqxFMp0aIgKBHaDUDMG3yN6lSZfUUGQsgUHkmXB+t/dK9F9
UcDXjwPgHhfA/0HugFWsvWSgGJz559mpowiXoDEOzvXvFQ8MOEioUxzXIZGH2w/d
/YmtscnF5ilHnisEpoZaMyyfbZHxiZhItrv8OtCm13TqBbFGzSqfnsNjjRavsmw3
SMhcVP123yc=
=9p66
-----END PGP SIGNATURE-----