August 2021 Patch Tuesday: Servicing stack updates and a point and print reprieve
By Lewis Pope
August saw a significant drop in the total number of vulnerabilities addressed in this month’s Patch Tuesday. Considering there are only 44 vulnerabilities in the release and one vulnerability by an out-of-band update for CVE-2021-34466, the load on teams responsible for patching should be almost half what it was last month.
One notable item this month is a new servicing stack update everyone should make sure gets pushed. There will be a deeper dive down below, but some good news is that four of the vulnerabilities addressed by security updates this month tackle previous shortcomings with patches from as far back as March 2021. One of those vulnerabilities is associated with point and print. It should help tighten up security around abuse of print features in Windows but it may mean operational changes for some MSPs.
Microsoft vulnerabilities
Microsoft has delivered patches for 44 vulnerabilities with eight marked as Exploitation More Likely and three as zero days with one of those marked as Exploitation Detected. With only seven marked as Critical it’s worth thinking about which vulnerabilities to patch first and why. If you only rely on the critical severity rating you may leave vulnerabilities in place that are more likely to be exploited than critical vulnerabilities. Patching based on severity rating is easy and a default action for most teams, but prioritizing vulnerabilities based on their likelihood to create an unacceptable risk in your environment can help significantly improve your risk posture.
|
CVE |
Description |
Exploitability |
Severity |
|
Windows Update Medic Service Elevation of Privilege Vulnerability |
Exploitation Detected |
High |
|
|
Windows Print Spooler Remote Code Execution Vulnerability |
Exploitation More Likely |
High |
|
|
Windows LSA Spoofing Vulnerability |
Exploitation More Likely |
High |
|
|
Windows Print Spooler Remote Code Execution Vulnerability |
Exploitation More Likely |
High |
|
|
Windows Elevation of Privilege Vulnerability |
Exploitation More Likely |
High |
|
|
Remote Desktop Client Remote Code Execution Vulnerability |
Exploitation More Likely |
High |
|
|
Windows Print Spooler Remote Code Execution Vulnerability |
Exploitation More Likely |
High |
|
|
Scripting Engine Memory Corruption Vulnerability |
Exploitation More Likely |
Medium |
|
|
Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability |
Exploitation More Likely |
Critical |
|
|
Windows TCP/IP Remote Code Execution Vulnerability |
Exploitation More Likely |
Critical |
The end of print nightmares?
With patches available this month to contend with CVE-2021-34481, hopefully we’ll see a drop in vulnerabilities affecting Windows print services. One of the remediations that patches for CVE-2021-34481 removes the ability for non-administrators to install print drivers with the point and print feature. This likely means MSPs will have more support tickets for end users with printer-related issues since they will no longer be able to self-manage their printer setup in certain environments. If you have a need to roll back the protection this security update will apply, Microsoft has guidance on how here.
The PetitPotam NTLM attack CVE-2021-36942 also gets a fix so that’s one less headline-making vulnerability to worry about once patches are applied.
Cumulative updates
KB5005033 and KB5005031 cumulative updates were released with the typical previous security fixes included. Also included are a collection of non-security improvements related to game mode performance issues and power plan functions.
Servicing stack update
Windows 10 21H1, Windows 10 20H2, Windows 10 2004, Windows 10 1909, and Windows 10 1809 all received a servicing stack update this month. They are marked as critical updates as they are needed to ensure proper Windows update functionality moving forward on those builds. Read more about servicing stack updates here.
Summary
As always make sure you have established patching processes for evaluation, testing and pushing into production. With the new servicing stack update it’s a good time to perform audits of your environments to ensure compliance with whatever your security controls dictate, and that patching will continue to work with as few issues as possible.
If you have traditionally only dealt with patches by applying them based on their severity now is the time to start including prioritization of patches for zero days, exploitation detected and exploitation more likely vulnerabilities in your patch management routines.
Lewis Pope is the head security nerd at N‑able. You can follow him on:
Twitter: @cybersec_nerd
Linkedin: thesecuritypope
Twitch: cybersec_nerd
© 2021 N‑able Solutions ULC and N‑able Technologies Ltd. All rights reserved.
The N‑able trademarks, service marks, and logos are the exclusive property of N‑able Solutions ULC and N‑able Technologies Ltd. All other trademarks are the property of their respective owners.
This document is provided for informational purposes only. Information and views expressed in this document may change and/or may not be applicable to you. N‑able makes no warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information contained herein.