Operating System:

[Win]

Published:

11 August 2021

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2021.0173
         Microsoft Patch Tuesday update for Azure for August 2021
                              11 August 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          Azure CycleCloud
                  Azure Sphere
                  Microsoft Azure Active Directory Connect
Operating System: Windows
Impact/Access:    Increased Privileges     -- Existing Account
                  Denial of Service        -- Existing Account
                  Access Confidential Data -- Existing Account
Resolution:       Patch/Upgrade
CVE Names:        CVE-2021-36949 CVE-2021-36943 CVE-2021-33762
                  CVE-2021-26430 CVE-2021-26429 CVE-2021-26428

OVERVIEW

        Microsoft has released its monthly security patch update for the
        month of August 2021.
        
        This update resolves 6 vulnerabilities across the following products:
        [1]
        
         Azure CycleCloud 7.9.10
         Azure CycleCloud 8.2.0
         Azure Sphere
         Microsoft Azure Active Directory Connect 1.6.4.0
         Microsoft Azure Active Directory Connect 2.0.3.0


IMPACT

        Microsoft has given the following details regarding these vulnerabilities.
        
         Details         Impact                   Severity
         CVE-2021-26428  Information Disclosure   Important
         CVE-2021-26429  Elevation of Privilege   Important
         CVE-2021-26430  Denial of Service        Important
         CVE-2021-33762  Elevation of Privilege   Important
         CVE-2021-36943  Elevation of Privilege   Important
         CVE-2021-36949  Elevation of Privilege   Important


MITIGATION

        Microsoft recommends updating the software to the latest available
        version available on the Microsoft Update Catalog. [1].


REFERENCES

        [1] Microsoft Security Update Guidance
            https://portal.msrc.microsoft.com/en-us/security-guidance

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYRMuduNLKJtyKPYoAQh+0w//Xsf8mllemT8YkLxv14QMS0fllbn57xCz
hyHQQXgZejCiow0jofWkUnHGCWSqWgtGZik7Z7iFUV7I1MEVefsVvmDQt47tsY6S
6NV7xQwsLDQt/9/kSmtEpshKGvFYZ/GtcYQzdmEQ7KkInNcEV+q6RZqtjggYOVFi
IbMXq+GychzoJLoDiDtdOQ+1jFjibHGoVFRNY7L8QH9i+mMcJ9GtQGh0hSjEA+V0
IzUbD27nnp6eVE8GzP88Zk9Ea7jMb4M48LY5akgxCOFirMY+PqgXwm1pXsbTAjDL
Jih9APXGyWCm8bJfP3ZPYCZAoolvSK2DvRBNkOKb70kVoIf69ImVxmb47Xr1cUWP
5WBaIeyJ5iIZXBP90Gk4NR1RvqeFZ0pcxyFA+NOhzltz9Evov/hWVPQ5zMggq+29
9FbXVmazgkrFQfirHlaNdzRVvNi553KZ0n2FDZjzjWHS0CdKZKlyPFfpWtWFNFFs
k4HxvrA6VbOpu6LXhPILDnWRAqOb9nWh74yMO8wZ/QoytUI5ZhxhPvmJpMMvnMwX
z7TRvEXQKUpe+BUeIS57OknPvEpirFoQ7LeAPO4y8QtL9ZqxY+I+k0Ar1E6Bn3rU
80iHhRXcPYzQYK/UWMY7ZYqBv//vKfjLxIFloKABHIVUBedXkSs6MtiIZ4KV7BI7
n/pqB1GKvEw=
=q/O6
-----END PGP SIGNATURE-----