Fr july2021 patchtuesday_final-atendeesslides

Copyright © 2021 Ivanti. All rights reserved.
Patch Tuesday Webinar
Mardi 20 juillet 2021
Présenté par: Eric Vincent & Karl Chawalla

Agenda
July 2021 Patch Tuesday Overview
In the News
Bulletins and Releases
Between Patch Tuesdays
Q & A
1
2
3
4
5

Overview

July Patch Tuesday 2021
July Patch Tuesday is shaping up to be a busy one. With the recent PrintNightmare
out of band update, the upcoming Oracle quarterly CPU, a lineup of updates from
Adobe including Acrobat and Reader, Mozilla Firefox and Firefox ESR, and the
typical lineup of Microsoft monthly updates there will be a lot to prioritize for your
vulnerability remediation efforts this month. The good news is that up to 84 of the
total CVEs addressed this month including all three Zero Day vulnerabilities can be
resolved by deploying the Windows OS updates, so prioritize this first and take a
load of risk off your plate quick.

In the News

In the News
§ Windows 11 Announced
§ https://www.microsoft.com/en-us/microsoft-
365/blog/2021/06/24/windows-11-the-operating-system-for-
hybrid-work-and-learning/
§ Annual updates
§ Home/Pro – 24 months of support
§ Enterprise/Education – 36 months of support
§ PrintNightmare
§ https://msrc.microsoft.com/update-guide/vulnerability/CVE-
2021-34527
§ https://redmondmag.com/articles/2021/07/09/microsoft-
clarifies-printnightmare-advice.aspx
§ https://blog.talosintelligence.com/2021/07/printnightmare-
coverage.html

In the News
§ Kaseya
§ https://www.zdnet.com/article/kaseya-ransomware-attack-
what-we-know-now/
§ Solarwinds
§ https://arstechnica.com/gadgets/2021/07/microsoft-discovers-
critical-solarwinds-zero-day-under-active-attack/

In the News
§ Kerberos now in Enforcement Mode
§ https://support.microsoft.com/en-us/topic/kb4598347-
managing-deployment-of-kerberos-s4u-changes-for-cve-2020-
17049-569d60b7-3267-e2b0-7d9b-e46d770332ab
§ AES Encryption Protection
§ https://support.microsoft.com/en-us/topic/kb5004605-update-
adds-aes-encryption-protections-to-the-ms-samr-protocol-for-
cve-2021-33757-e4daa133-54aa-4a5d-a921-04bb50868fc2

Known Exploited Vulnerabilities
§ CVE-2021-31979 Windows Kernel Elevation of Privilege Vulnerability
§ CVSS 3.0 Scores: 7.8 / 7.2
§ Severity: Important
§ CVE-2021-33771 Windows Kernel Elevation of Privilege Vulnerability
§ CVSS 3.0 Scores 7.8 / 7.2
§ CVE-2021-34448 Scripting Engine Memory Corruption Vulnerability
§ CVSS 3.0 Scores 6.8 / 6.3
§ Severity: Critical
Source: Microsoft

Publicly Disclosed Vulnerabilities
§ CVE-2021-33779 Windows ADFS Security Feature Bypass Vulnerability
§ CVSS 3.0 Scores: 8.1 / 7.1
§ CVE-2021-33781 Active Directory Security Feature Bypass
Vulnerability
§ CVSS 3.0 Scores: 8.1 / 7.1
§ CVE-2021-34492 Windows Certificate Spoofing Vulnerability
§ CVSS 3.0 Scores: 8.1 / 7.1
Source: Microsoft

Publicly Disclosed Vulnerabilities (cont)
§ CVE-2021-34523 Exchange Server Elevation of Privilege Vulnerability
§ CVSS 3.0 Scores: 9.0 / 7.8
§ CVE-2021-34473 Exchange Server Remote Code Execution
Vulnerability
§ CVSS 3.0 Scores: 9.1 / 7.9
Source: Microsoft

Microsoft Patch Tuesday Updates of Interest
§ Advisory 990001 Latest Servicing Stack Updates (SSU)
§ https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001
§ Updated SSUs this month
§ Windows 7/Server 2008 R2 (ESU)
§ Windows 10 1909/Server, version 1909
§ Development Tool and Other Updates
§ .NET Education Bundle SDK Install Tool
§ .NET Install Tool for Extension Authors
§ HEVC Video Extensions
§ Power BI Report Server
§ Open Enclave SDK
§ Visual Studio Code
Source: Microsoft

Windows 10 Lifecycle Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
21H1 5/18/2021 12/13/2022
20H2 10/20/2020 5/9/2023
2004 5/27/2020 12/14/2021
1909 11/12/2019 5/10/2022
Windows 10 Pro and Pro Workstation
21H1 5/18/2021 12/13/2022
20H2 10/20/2020 5/10/2022
2004 5/27/2020 12/14/2021
Windows Datacenter and Standard Server
20H2 10/20/2020 5/10/2022
2004 5/27/2020 12/14/2021
§ Lifecycle Fact Sheet
§ https://docs.microsoft.com/en-us/lifecycle/faq/windows

Patch Content Announcements
§ Announcements Posted on Community Forum Pages
§ https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
§ Subscribe to receive email for the desired product(s)

Bulletins and Releases

APSB21-51: Security Update for Adobe Acrobat and Reader
§ Maximum Severity: Critical
§ Affected Products: Adobe Acrobat and Reader (all current versions)
§ Description: Adobe has released security updates for Adobe Acrobat and Reader for
Windows and macOS. These updates address 19 vulnerabilities, 14 of which are
critical. Successful exploitation could lead to arbitrary code execution in the context of
the current user. See https://helpx.adobe.com/security/products/acrobat/apsb21-
51.html for more details.
§ Impact: Remote Code Execution, Denial of Service, Privilege Escalation and
Information Disclosure
§ Fixes 19 Vulnerabilities: See Adobe site for details
§ Restart Required: Requires application restart

MFSA-2021-28: Security Update Firefox 90
§ Maximum Severity: Critical (High)
§ Affected Products: Security Update Firefox
§ Description: This update from Mozilla addresses critical vulnerabilities in the Firefox
browser on multiple platforms.
§ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service
and Elevation of Privilege
§ Fixes 9 Vulnerabilities: CVE-2021-29970, CVE-2021-29971, CVE-2021-29972,
CVE-2021-29973, CVE-2021-29974, CVE-2021-29975, CVE-2021-29976, CVE-2021-
29977, CVE-2021-30547
§ Known Issues: None

MFSA-2021-29: Security Update Firefox ESR 78.12
§ Maximum Severity: Critical (High)
§ Affected Products: Security Update Firefox
§ Description: This update from Mozilla addresses critical vulnerabilities in the Firefox
ESR browser on multiple platforms.
§ Impact: Remote Code Execution and Denial of Service
§ Fixes 3 Vulnerabilities: CVE-2021-29970, CVE-2021-29976 and CVE-2021-30547
§ Known Issues: None

MS21-07-W10: Windows 10 Update
§ Affected Products: Microsoft Windows 10 Versions 1607, 1809, 1909, 2004, 20H2,
21H1, Server 2016, Server 2019, Server version 1909, Server version 2004, Server
version 20H2, IE 11, and Edge Chromium
§ Description: This bulletin references 6 KB articles. See KBs for the list of changes.
§ Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Denial of
Service, Elevation of Privilege and Information Disclosure.
§ Fixes 84 Vulnerabilities: CVE-2021-31979, CVE-2021-33771 and CVE-2021-
34448 are known exploited. CVE-2021-33779, CVE-2021-33781 and CVE-2021-
34492 are publicly disclosed. See the Security Update Guide for the complete list of
CVEs.
§ Restart Required: Requires restart
§ Known Issues: See next slides

July Known Issues for Windows 10
§ KB 5004244 – Windows 10, Version 1809, Server 2019
§ [Asian Packs] After installing KB 4493509, devices with some Asian language
packs installed may receive the error, "0x800f0982 -
PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround: Uninstall
and reinstall any recently added language packs or select Check for Updates and
install the April 2019 Cumulative Update. See KB for more recovery details.
Microsoft is working on a resolution.
§ [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail
to start because a Cluster Network Driver is not found. Workaround: This issue
occurs because of an update to the PnP class drivers used by this service. After
about 20 minutes, you should be able to restart your device and not encounter this
issue. For more information about the specific errors, cause, and workaround for
this issue, please see KB 5003571.

July Known Issues for Windows 10 (cont)
§ KB 5004237 – Windows 10 version 2004, Windows Server version
2004, Windows 10 version 20H2, Windows Server version 20H2,
Windows 10 version 21H1
§ [Editor] When using the Microsoft Japanese Input Method Editor (IME) to enter
Kanji characters in an app that automatically allows the input of Furigana
characters, you might not get the correct Furigana characters. You might need to
enter the Furigana characters manually. Workaround: Microsoft is working on a
resolution.
§ [Edge Removed] Devices with Windows installations created from custom offline
media or custom ISO image might have Microsoft Edge Legacy removed by this
update, but not automatically replaced by the new Microsoft Edge. Devices that
connect directly to Windows Update to receive updates are not affected.
Workaround: Slipstream the SSU released March 29, 2021 or later into the
custom offline media or ISO image before slipstreaming the LCU. See KB for
details.

MS21-07-IE: Security Updates for Internet Explorer
§ Affected Products: Internet Explorer 9 and 11
§ Description: The fixes that are included in the cumulative Security Update for
Internet Explorer are also included in the July 2021 Security Monthly Quality Rollup.
Installing either the Security Update for Internet Explorer or the Security Monthly
Quality Rollup installs the fixes that are in the cumulative update. This bulletin
references KB 5004233.
§ Impact: Remote Code Execution and Security Feature Bypass
§ Fixes 4 Vulnerabilities: CVE-2021-34448 is known exploited and is present in IE
11. It also fixes CVE-2021-34446, CVE-2021-34447 and CVE-2021-34497 which are
found in both IE 9 and IE 11.
§ Restart Required: Requires browser restart
§ Known Issues: None reported

MS21-07-MR2K8-ESU: Monthly Rollup for Windows Server 2008
§ Affected Products: Microsoft Windows Server 2008 and IE 9
§ Description: This security update includes improvements and fixes that were a part
of update KB 5004955 (released July 6, 2021). Bulletin is based on KB 5004305. See
KB for details on Advanced Encryption Standard (AES) regarding CVE-2021-33757
and Kerberos S4U changes for CVE-2020-17049. Security updates to Windows Apps,
Windows Fundamentals, Windows Authentication, Windows Graphics, Windows HTML
Platforms, and Windows MSHTML Platform.
§ Fixes 37 Vulnerabilities: CVE-2021-31979 is known exploited. CVE-2021-34492
is publicly disclosed. See the Security Update Guide for the complete list of CVEs.
§ Known Issues: [File Rename] See next slide.

July Known Issues for Server 2008
§ KB 5004305 – Windows Server 2008 (Monthly Rollup)
§ [File Rename] Certain operations, such as rename, that you perform on files or folders that
are on a Cluster Shared Volume (CSV) may fail with the error,
“STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform
the operation on a CSV owner node from a process that doesn’t have administrator
privilege. Workaround: Perform the operation from a process that has administrator
privilege or perform the operation from a node that doesn’t have CSV ownership. Microsoft
is working on a resolution.
§ KB 5004299 – Windows Server 2008 (Security-only Update)
§ [File Rename]

MS21-07-SO2K8-ESU: Security-only Update for Windows Server 2008
§ Affected Products: Microsoft Windows Server 2008
§ Description: Bulletin is based on KB 5004299. See KB for details on Advanced
Encryption Standard (AES) regarding CVE-2021-33757 and Kerberos S4U changes
for CVE-2020-17049. Security updates to Windows Apps, Windows Fundamentals,
Windows Authentication, and Windows Graphics.
§ Known Issues: See previous slide.

MS21-07-MR7-ESU: Monthly Rollup for Win 7
MS21-07-MR2K8R2-ESU Monthly Rollup for Server 2008 R2
§ Affected Products: Microsoft Windows 7, Server 2008 R2, and IE 11
§ Description: This security update includes improvements and fixes that were a part of
update KB 5004953 (released July 6, 2021). Bulletin is based on KB 5004289. See KB
for details on Advanced Encryption Standard (AES) regarding CVE-2021-33757 and
Kerberos S4U changes for CVE-2020-17049. Security updates to Windows Apps,
Windows Fundamentals, Windows Authentication, Windows Graphics, Microsoft
Scripting Engine, Windows HTML Platforms, and Windows MSHTML Platform.
§ Fixes 39 Vulnerabilities: CVE-2021-31979 and CVE-2021-34448 are known
exploited. CVE-2021-34492 is publicly disclosed. See the Security Update Guide for the
complete list of CVEs.
§ Known Issues: [File Rename]

MS21-07-SO7-ESU: Security-only Update for Win 7
MS21-07-SO2K8R2-ESU: Security-only Update for Server 2008 R2
§ Affected Products: Microsoft Windows 7 and Server 2008 R2
Windows Authentication, and Windows Graphics.

MS21-07-MR8: Monthly Rollup for Server 2012
§ Affected Products: Microsoft Windows Server 2012 and IE
§ Description: This security update includes improvements and fixes that were a part of update
KB 5004956 (released July 6, 2021). Bulletin is based on KB 5004294. See KB for details on
Advanced Encryption Standard (AES) regarding CVE-2021-33757 and Kerberos S4U changes
for CVE-2020-17049. Security updates to Windows Apps, Windows Fundamentals, Windows
Authentication, Windows Operating System Security, Windows Graphics, Microsoft Scripting
Engine, Windows HTML Platforms, and Windows MSHTML Platform.
§ Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Denial of Service,
Elevation of Privilege and Information Disclosure.
§ Fixes 43 Vulnerabilities: CVE-2021-31979 and CVE-2021-34448 are known exploited.
CVE-2021-34492 is publicly disclosed. See the Security Update Guide for the complete list of
CVEs.

MS21-07-SO8: Security-only Update for Windows Server 2012
§ Affected Products: Microsoft Windows Server 2012
Windows Authentication, Windows Operating System Security, and Windows
Graphics.

MS21-07-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2
§ Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE
§ Description: This security update includes improvements and fixes that were a part of update
KB5004 954 (released July 6, 2021). Bulletin is based on KB 5004298. See KB for details on
Advanced Encryption Standard (AES) regarding CVE-2021-33757 and Kerberos S4U changes
for CVE-2020-17049. Security updates to Windows Apps, Windows Fundamentals, Windows
Authentication, Windows Operating System Security, Windows Graphics, Microsoft Scripting
Engine, Windows HTML Platforms, and Windows MSHTML Platform.
§ Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Denial of Service,
Elevation of Privilege and Information Disclosure.
§ Fixes 49 Vulnerabilities: CVE-2021-31979, CVE-2921-33771 and CVE-2021-34448 are
known exploited. CVE-2021-34492 is publicly disclosed. See the Security Update Guide for the
complete list of CVEs.

MS21-07-SO81: Security-only Update for Win 8.1 and Server 2012 R2
§ Affected Products: Microsoft Windows 8.1, Server 2012 R2
Windows Authentication, Windows Operating System Security, and Windows
Graphics.
§ Fixes 45 Vulnerabilities: CVE-2021-31979 and CVE-2021-33771 are known
exploited. CVE-2021-34492 is publicly disclosed. See the Security Update Guide for
the complete list of CVEs

MS21-07-EXCH: Security Updates for Exchange Server
§ Affected Products: Microsoft Exchange Server 2013 - 2019
§ Description: This security update fixes vulnerabilities in Microsoft
Exchange. This bulletin is based on KB 5004778, KB 5004779 and
KB 5004780.
§ Impact: Remote Code Execution, Elevation of Privilege and
Information Disclosure
§ Fixes 7 Vulnerabilities: CVE-2021-34473 and CVE-2021-34523
are publicly disclosed. CVE-2021-31196, CVE-2021-31206, CVE-
2021-33766, CVE-2021-33768, and CVE-2021-34470 are also fixed
in this release.
§ Known Issues: See next slide

July Known Issues for Exchange Server
§ KB 5004778, KB 5004779 and KB 5004780 – Exchange Server 2013,
2016 and 2019
§ [Issue 1] If the update is run it in Normal mode (that is, not as an administrator),
some files are not correctly updated and there are no error messages. This occurs
because UAC prevents the security update from correctly stopping certain
Exchange-related services. Workaround: Run as administrator in manual mode.
See KB for more details.
§ [Issue 2] Exchange services might remain in a disabled state after you install this
security update. Workaround: Use Services Manager to restore the startup type
to Automatic, and then start the affected Exchange services manually. To avoid this
issue, run the security update at an elevated command prompt.
§ [Issue 3] When you block third-party cookies in a web browser, you might be
continually prompted to trust a particular add-in even though you keep selecting
the option to trust it. Workaround: Enable third-party cookies for the domain
that's hosting OWA or Office Online Server in the browser settings. See KB for
more details.

July Known Issues for Exchange Server (cont)
§ [Issue 4] When you try to request free/busy information for a user in a different
forest in a trusted cross-forest topology, the request fails and generates a "(400)
Bad Request" error message. Workaround: See Microsoft help article "(400) Bad
Request" error during Autodiscover for per-user free/busy in a trusted cross-forest
topology for guidance.
§ [Issue 5] After you install Microsoft Exchange Server 2016 Cumulative Update 6
(CU6), you can't access Outlook Web App (OWA) or Exchange Control Panel
(ECP). Workaround: See You can't access OWA or ECP after you install Exchange
Server 2016 CU6.

MS21-07-SPT: Security Updates for SharePoint Server
§ Maximum Severity: Important
§ Affected Products: Microsoft SharePoint Foundation Server 2013, Microsoft
SharePoint Enterprise Server 2013, Microsoft SharePoint Enterprise Server 2016, and
Microsoft SharePoint Server 2019
§ Description: This security update resolves vulnerabilities in Microsoft Office that
could allow remote code execution if a user opens a specially crafted Office file. This
bulletin is based on 6 KB articles.
§ Impact: Remote Code Execution, Spoofing and Information Disclosure
§ Fixes 5 Vulnerabilities: No vulnerabilities are publicly disclosed or known
exploited. CVE-2021-34467, CVE-2021-34468, CVE-2021-34517, CVE-2021-34519
and CVE-2021-34520 are fixed in this release.

MS21-07-OFF: Security Updates for Microsoft Office
§ Affected Products: Excel 2013-2016, Office 2013-2016, Office 2019 for macOS,
Office Online Server, Office Web Apps 2013, Word 2016
§ Description: This security update resolves multiple vulnerabilities in Microsoft Office
applications. Consult the Security Update Guide for specific details on each. This
bulletin references 7 KB articles plus release notes for the macOS Office.
§ Impact: Remote Code Execution, Security Feature Bypass and Spoofing
exploited. CVE-2021-34451, CVE-2021-34452, CVE-2021-34469, CVE-2021-34501
and CVE-2021-34518 are fixed in this release.

MS21-07-O365: Security Updates Microsoft 365 Apps and Office 2019
§ Affected Products: Microsoft 365 Apps, Office 2019
§ Description: This month’s update resolved various bugs and performance issues in
Microsoft 365 Apps and Office 2019 applications. Information on Microsoft 365 Apps
security updates is available at https://docs.microsoft.com/en-
us/officeupdates/microsoft365-apps-security-updates.
§ Impact: Remote Code Execution and Security Feature Bypass
exploited. CVE-2021-34452, CVE-2021-34469 and CVE-2021-34501 are fixed in this
release.

Between Patch Tuesdays

Release Summary
§ Security Updates (with CVEs): Google Chrome (2), Firefox (1), Node.JS Current
(1), Node.JS LTS Lower (1), Node.JS LTS Upper (1), VMware Tools (1)
§ Security (w/o CVEs): Adobe Acrobat DC and Acrobat Reader DC (1); Box Edit (1),
Camtasia (2), CCleaner (1), Google Chrome (2), ClickShare App Machine-Wide Installer (1),
Falcon sensor for Windows (3), Citrix Workspace App (1), Dropbox (4), Evernote (2), Firefox (1),
FileZilla Client (1), GoodSync (8), GoToMeeting (1), Cisco Jabber (2), Jabra Direct (3),
Malwarebytes (1), Nitro Pro (1), Nitro Pro Enterprise (1), Node.JS Current (1), Node.JS LTS Lower
(1), Node.JS LTS Upper (2), Notepad++ (2), Opera (7), Paint.net (1), Pidgin (1), Plex Media Server
(1), PeaZip (1), Skype (2), SeaMonkey (1), Snagit (1), Tableau Desktop (6), Tableau Prep Builder
(2), Tableau Reader (1), Apache Tomcat (4), TeamViewer (1), VLC Media Player (2), WinSCP (2),
Zoom Client (2), Zoom Outlook Plugin (1)
§ Non-Security Updates: Bandicut (1), Box Drive (1), Docker for Windows Stable (2),
Google Drive File Stream (1), Google Backup and Sync (1), Plantronics Hub (1), RingCentral App
(Machine-Wide Installer) (1), TortoiseHG (1), TreeSize Free (1), Cisco WebEx Teams (2)

Third Party CVE Information
§ Google Chrome 91.0.4472.101
§ CHROME-210609, QGC9104472101
CVE-2021-30547, CVE-2021-30548, CVE-2021-30549, CVE-2021-30550, CVE-
2021-30551, CVE-2021-30552, CVE-2021-30553
§ Google Chrome 91.0.4472.114
§ CHROME-210617, QGC9104472114
CVE-2021-30557
§ Firefox 89.0.1
§ FF-210616, QFF8901
§ Fixes 1 Vulnerability: CVE-2021-29968

Third Party CVE Information (cont)
§ Node.JS 16.4.1 (Current)
§ NOJSC-210701, QNODEJSC1641
§ Fixes 2 Vulnerabilities: CVE-2021-22918, CVE-2021-22921
§ Node.JS 12.22.2 (LTS Lower)
§ NOJSLL-210701, QNODEJSLL12222
CVE-2021-27290
§ Node.JS 14.17.2 (LTS Upper)
§ NOJSLU-210701, QNODEJSLU14172
§ Fixes 2 Vulnerabilities: CVE-2021-22918, CVE-2021-22921

Third Party CVE Information (cont)
§ VMware Workstation Player 16.1.2
§ VMWP16-210519, QVMWP1612
§ Fixes 3 Vulnerabilities: CVE-2021-21987, CVE-2021-21988, CVE-2021-21989
§ VMware Tools 11.3.0
§ VMWT11-210618, QVMWT1130
§ Fixes 1 Vulnerability: CVE-2021-21997

Q & A

Prochains Rendez-Vous Patch Tuesday
• Jeudi 12 août – 16h00
• Jeudi 16 septembre – 16h00
• Jeudi 14 octobre – 16h00
• Mardi 16 novembre – 16h00
• Jeudi 16 décembre – 16h00
https://www.ivanti.fr/lp/patch/patch-tuesday-webinar-series

Fr july2021 patchtuesday_final-atendeesslides

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Fr july2021 patchtuesday_final-atendeesslides

Similar to Fr july2021 patchtuesday_final-atendeesslides (20)

More from Ivanti

More from Ivanti (20)

Recently uploaded

Recently uploaded (20)

Fr july2021 patchtuesday_final-atendeesslides