Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2021.0134 Microsoft Patch Tuesday update for Microsoft Windows for July 2021 14 July 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Windows 10 Windows 8.1 Windows RT 8.1 Windows Server Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Server 2019 HEVC Video Extensions Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Increased Privileges -- Existing Account Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Remote with User Interaction Access Confidential Data -- Remote/Unauthenticated Unauthorised Access -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2021-34525 CVE-2021-34521 CVE-2021-34516 CVE-2021-34514 CVE-2021-34513 CVE-2021-34512 CVE-2021-34511 CVE-2021-34510 CVE-2021-34509 CVE-2021-34508 CVE-2021-34507 CVE-2021-34504 CVE-2021-34503 CVE-2021-34500 CVE-2021-34499 CVE-2021-34498 CVE-2021-34497 CVE-2021-34496 CVE-2021-34494 CVE-2021-34493 CVE-2021-34492 CVE-2021-34491 CVE-2021-34490 CVE-2021-34489 CVE-2021-34488 CVE-2021-34476 CVE-2021-34466 CVE-2021-34462 CVE-2021-34461 CVE-2021-34460 CVE-2021-34459 CVE-2021-34458 CVE-2021-34457 CVE-2021-34456 CVE-2021-34455 CVE-2021-34454 CVE-2021-34450 CVE-2021-34449 CVE-2021-34448 CVE-2021-34447 CVE-2021-34446 CVE-2021-34445 CVE-2021-34444 CVE-2021-34442 CVE-2021-34441 CVE-2021-34440 CVE-2021-34439 CVE-2021-34438 CVE-2021-33788 CVE-2021-33786 CVE-2021-33785 CVE-2021-33784 CVE-2021-33783 CVE-2021-33782 CVE-2021-33781 CVE-2021-33780 CVE-2021-33779 CVE-2021-33778 CVE-2021-33777 CVE-2021-33776 CVE-2021-33775 CVE-2021-33774 CVE-2021-33773 CVE-2021-33772 CVE-2021-33771 CVE-2021-33765 CVE-2021-33764 CVE-2021-33763 CVE-2021-33761 CVE-2021-33760 CVE-2021-33759 CVE-2021-33758 CVE-2021-33757 CVE-2021-33756 CVE-2021-33755 CVE-2021-33754 CVE-2021-33752 CVE-2021-33751 CVE-2021-33750 CVE-2021-33749 CVE-2021-33746 CVE-2021-33745 CVE-2021-33744 CVE-2021-33743 CVE-2021-33740 CVE-2021-31979 CVE-2021-31961 CVE-2021-31947 CVE-2021-31183 OVERVIEW Microsoft has released its monthly security patch update for the month of July 2021. This update resolves 90 vulnerabilities across the following products: [1] HEVC Video Extensions Windows 10 Windows 8.1 Windows RT 8.1 Windows Server Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Server 2019 IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2021-31183 Denial of Service Important CVE-2021-31947 Remote Code Execution Important CVE-2021-31961 Elevation of Privilege Important CVE-2021-31979 Elevation of Privilege Important CVE-2021-33740 Remote Code Execution Critical CVE-2021-33743 Elevation of Privilege Important CVE-2021-33744 Security Feature Bypass Important CVE-2021-33745 Denial of Service Important CVE-2021-33746 Remote Code Execution Important CVE-2021-33749 Remote Code Execution Important CVE-2021-33750 Remote Code Execution Important CVE-2021-33751 Elevation of Privilege Important CVE-2021-33752 Remote Code Execution Important CVE-2021-33754 Remote Code Execution Important CVE-2021-33755 Denial of Service Important CVE-2021-33756 Remote Code Execution Important CVE-2021-33757 Security Feature Bypass Important CVE-2021-33758 Denial of Service Important CVE-2021-33759 Elevation of Privilege Important CVE-2021-33760 Information Disclosure Important CVE-2021-33761 Elevation of Privilege Important CVE-2021-33763 Information Disclosure Important CVE-2021-33764 Information Disclosure Important CVE-2021-33765 Spoofing Important CVE-2021-33771 Elevation of Privilege Important CVE-2021-33772 Denial of Service Important CVE-2021-33773 Elevation of Privilege Important CVE-2021-33774 Elevation of Privilege Important CVE-2021-33775 Remote Code Execution Important CVE-2021-33776 Remote Code Execution Important CVE-2021-33777 Remote Code Execution Important CVE-2021-33778 Remote Code Execution Important CVE-2021-33779 Security Feature Bypass Important CVE-2021-33780 Remote Code Execution Important CVE-2021-33781 Security Feature Bypass Important CVE-2021-33782 Spoofing Important CVE-2021-33783 Information Disclosure Important CVE-2021-33784 Elevation of Privilege Important CVE-2021-33785 Denial of Service Important CVE-2021-33786 Security Feature Bypass Important CVE-2021-33788 Denial of Service Important CVE-2021-34438 Remote Code Execution Important CVE-2021-34439 Remote Code Execution Critical CVE-2021-34440 Information Disclosure Important CVE-2021-34441 Remote Code Execution Important CVE-2021-34442 Denial of Service Important CVE-2021-34444 Denial of Service Important CVE-2021-34445 Elevation of Privilege Important CVE-2021-34446 Security Feature Bypass Important CVE-2021-34447 Remote Code Execution Important CVE-2021-34448 Remote Code Execution Critical CVE-2021-34449 Elevation of Privilege Important CVE-2021-34450 Remote Code Execution Critical CVE-2021-34454 Information Disclosure Important CVE-2021-34455 Elevation of Privilege Important CVE-2021-34456 Elevation of Privilege Important CVE-2021-34457 Information Disclosure Important CVE-2021-34458 Remote Code Execution Critical CVE-2021-34459 Elevation of Privilege Important CVE-2021-34460 Elevation of Privilege Important CVE-2021-34461 Elevation of Privilege Important CVE-2021-34462 Elevation of Privilege Important CVE-2021-34466 Security Feature Bypass Important CVE-2021-34476 Denial of Service Important CVE-2021-34488 Elevation of Privilege Important CVE-2021-34489 Remote Code Execution Important CVE-2021-34490 Denial of Service Important CVE-2021-34491 Information Disclosure Important CVE-2021-34492 Spoofing Important CVE-2021-34493 Elevation of Privilege Important CVE-2021-34494 Remote Code Execution Critical CVE-2021-34496 Information Disclosure Important CVE-2021-34497 Remote Code Execution Critical CVE-2021-34498 Elevation of Privilege Important CVE-2021-34499 Denial of Service Important CVE-2021-34500 Information Disclosure Important CVE-2021-34503 Remote Code Execution Critical CVE-2021-34504 Remote Code Execution Important CVE-2021-34507 Information Disclosure Important CVE-2021-34508 Remote Code Execution Important CVE-2021-34509 Information Disclosure Important CVE-2021-34510 Elevation of Privilege Important CVE-2021-34511 Elevation of Privilege Important CVE-2021-34512 Elevation of Privilege Important CVE-2021-34513 Elevation of Privilege Important CVE-2021-34514 Elevation of Privilege Important CVE-2021-34516 Elevation of Privilege Important CVE-2021-34521 Remote Code Execution Important CVE-2021-34525 Remote Code Execution Important CVE-2021-34525 Defense in Depth Low MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1]. KB5004233, KB5004235, KB5004237, KB5004238, KB5004244 KB5004245, KB5004249, KB5004285, KB5004294, KB5004298 KB5004302 REFERENCES [1] Microsoft Security Update Guidance https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYO5YquNLKJtyKPYoAQiRHQ/9GuUsocXCIDNHZG6nENGTLpf8AhiULUQu 08nxcLyEAkqdULZpMMYe8P0cPcX+WWWYy6GX1Txp1TqE63BLIozXxbFmtGr6HJhP HQ/d4QaXhKXgJX4ZB6AU+vJEoMlKQLESqBHTkmN0gv4LAVIeve++ecDpB7Mf4t4F BA/G2pbnt30wpPTYMdK4emgoQcQ03J3cmd6XIHiWSJXHbcAVfM1Wrwbnv5KZMje1 XMpTClrhT2XlJCdlTbnaSQ6ef7rnjTa+qkfrQGLm5O10MjCSheRPcxIcs2LcDhaf 3qPJIWZ7S0RtC6fplQk4itLvWva1yBIkLLJ8agasKO3NOmgfK2yTY1glKbXkMG39 I2DLJy3gaadoHm7RBDkzZLUMiikA4Vtu8gyklMR7l+yZtOj+o3qOcLEgVmjkBXts OXg53bjlqN0csQxoZ3gBpLuzktRDzBN7uXd2r4o5mV1blPIgjhp8eeFcRCT6URGG Dfd5vi0RKvgj+5xedTqxFMp0aIgKBHaDUDMG3yN6lSZfUUGQsgUHkmXB+t/dK9F9 UcDXjwPgHhfA/0HugFWsvWSgGJz559mpowiXoDEOzvXvFQ8MOEioUxzXIZGH2w/d /YmtscnF5ilHnisEpoZaMyyfbZHxiZhItrv8OtCm13TqBbFGzSqfnsNjjRavsmw3 SMhcVP123yc= =9p66 -----END PGP SIGNATURE-----