Skip to main content

Microsoft Monthly Security Update (July 2021)

Last Update Date: 11 Aug 2021 Release Date: 14 Jul 2021 6576 Views

RISK: Extremely High Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
WindowsExtremely High Risk Extremely High RiskDenial of Service
Remote Code Execution
Elevation of Privilege
Security Restriction Bypass
Information Disclosure
Spoofing

Exploit in the wild

CVE-2021-34527
CVE-2021-34448
CVE-2021-33771
CVE-2021-31979

Extended Security Updates (ESU)Extremely High Risk Extremely High RiskDenial of Service
Security Restriction Bypass
Spoofing
Remote Code Execution
Information Disclosure
Elevation of Privilege

Exploit in the wild

CVE-2021-34527
CVE-2021-34448
CVE-2021-33771
CVE-2021-31979

Exchange ServerHigh Risk High RiskRemote Code Execution
Elevation of Privilege
Information Disclosure

[Updated 11-August-2021]

ProxyShell vulnerabilities for CVE-2021-34473 (patch released in July), CVE-2021-34523 (patch released in July) and CVE-2021-31207 (patch released in May) are being actively scanned by threat actors

SQL ServerMedium Risk Medium RiskRemote Code Execution 
AppsLow Risk Low RiskSpoofing 
Developer ToolsMedium Risk Medium RiskElevation of Privilege
Remote Code Execution
Spoofing
 
Microsoft OfficeMedium Risk Medium RiskRemote Code Execution
Information Disclosure
Security Restriction Bypass
Spoofing
 
Microsoft DynamicsMedium Risk Medium RiskRemote Code Execution 
System CenterMedium Risk Medium RiskRemote Code Execution 

 

Number of 'Extremely High Risk' product(s): 2

Number of 'High Risk' product(s): 1

Number of 'Medium Risk' product(s): 5

Number of 'Low Risk' product(s): 1

Evaluation of overall 'Risk Level': Extremely High Risk

 

[Updated 11-August-2021] ProxyShell vulnerabilities for CVE-2021-34473 (patch released in July), CVE-2021-34523 (patch released in July) and CVE-2021-31207 (patch released in May) are being actively scanned by threat actors. Risk level of Exchange Server has been escalated to high risk.


Impact

  • Denial of Service
  • Elevation of Privilege
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure
  • Spoofing

System / Technologies affected

  • Windows
  • Extended Security Updates (ESU)
  • Exchange Server
  • SQL Server
  • Apps
  • Developer Tools
  • Microsoft Office
  • Microsoft Dynamics
  • System Center

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

Vulnerability Identifier


Source


Related Link

https://msrc.microsoft.com/update-guide/releaseNote/2021-Jul