August 2021 Patch Tuesday: Servicing stack updates and a point and print reprieve 

August saw a significant drop in the total number of vulnerabilities addressed in this month’s Patch Tuesday. Considering there are only 44 vulnerabilities in the release and one vulnerability by an out-of-band update for CVE-2021-34466, the load on teams responsible for patching should be almost half what it was last month.

One notable item this month is a new servicing stack update everyone should make sure gets pushed. There will be a deeper dive down below, but some good news is that four of the vulnerabilities addressed by security updates this month tackle previous shortcomings with patches from as far back as March 2021. One of those vulnerabilities is associated with point and print. It should help tighten up security around abuse of print features in Windows but it may mean operational changes for some MSPs.

Microsoft vulnerabilities

Microsoft has delivered patches for 44 vulnerabilities with eight marked as Exploitation More Likely and three as zero days with one of those marked as Exploitation Detected. With only seven marked as Critical it’s worth thinking about which vulnerabilities to patch first and why. If you only rely on the critical severity rating you may leave vulnerabilities in place that are more likely to be exploited than critical vulnerabilities. Patching based on severity rating is easy and a default action for most teams, but prioritizing vulnerabilities based on their likelihood to create an unacceptable risk in your environment can help significantly improve your risk posture.

CVE

Description

Exploitability

Severity

CVE-2021-36948

Windows Update Medic Service Elevation of Privilege Vulnerability

Exploitation Detected

High

CVE-2021-36947

Windows Print Spooler Remote Code Execution Vulnerability

Exploitation More Likely

High

CVE-2021-36942

Windows LSA Spoofing Vulnerability

Exploitation More Likely

High

CVE-2021-36936

Windows Print Spooler Remote Code Execution Vulnerability

Exploitation More Likely

High

CVE-2021-36934

Windows Elevation of Privilege Vulnerability

Exploitation More Likely

High

CVE-2021-34535

Remote Desktop Client Remote Code Execution Vulnerability

Exploitation More Likely

High

CVE-2021-34481

Windows Print Spooler Remote Code Execution Vulnerability

Exploitation More Likely

High

CVE-2021-34480

Scripting Engine Memory Corruption Vulnerability

Exploitation More Likely

Medium

CVE-2021-26432

Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability

Exploitation More Likely

Critical

CVE-2021-26424

Windows TCP/IP Remote Code Execution Vulnerability

Exploitation More Likely

Critical

The end of print nightmares?

With patches available this month to contend with CVE-2021-34481, hopefully we’ll see a drop in vulnerabilities affecting Windows print services. One of the remediations that patches for CVE-2021-34481 removes the ability for non-administrators to install print drivers with the point and print feature. This likely means MSPs will have more support tickets for end users with printer-related issues since they will no longer be able to self-manage their printer setup in certain environments. If you have a need to roll back the protection this security update will apply, Microsoft has guidance on how here.

The PetitPotam NTLM attack CVE-2021-36942 also gets a fix so that’s one less headline-making vulnerability to worry about once patches are applied.

Cumulative updates

KB5005033 and KB5005031 cumulative updates were released with the typical previous security fixes included. Also included are a collection of non-security improvements related to game mode performance issues and power plan functions.

Servicing stack update

Windows 10 21H1, Windows 10 20H2, Windows 10 2004, Windows 10 1909, and Windows 10 1809 all received a servicing stack update this month. They are marked as critical updates as they are needed to ensure proper Windows update functionality moving forward on those builds. Read more about servicing stack updates here.

Summary

As always make sure you have established patching processes for evaluation, testing and pushing into production. With the new servicing stack update it’s a good time to perform audits of your environments to ensure compliance with whatever your security controls dictate, and that patching will continue to work with as few issues as possible.

If you have traditionally only dealt with patches by applying them based on their severity now is the time to start including prioritization of patches for zero days, exploitation detected and exploitation more likely vulnerabilities in your patch management routines.

Lewis Pope is the head security nerd at N-able. You can follow him on:

Twitter: @cybersec_nerd

Linkedin: thesecuritypope

Twitch: cybersec_nerd

 

© 2021 N-able Solutions ULC and N-able Technologies Ltd. All rights reserved.

The N-able trademarks, service marks, and logos are the exclusive property of N-able Solutions ULC and N-able Technologies Ltd.  All other trademarks are the property of their respective owners.

This document is provided for informational purposes only. Information and views expressed in this document may change and/or may not be applicable to you.  N-able makes no warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information contained herein.

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a trial.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site