Home » Security Bloggers Network » VERT Threat Alert: July 2021 Patch Tuesday Analysis

VERT Threat Alert: July 2021 Patch Tuesday Analysis

by Tyler Reguly on July 14, 2021

Today’s VERT Alert addresses Microsoft’s July 2021 Security Upd ates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-954 on Wednesday, July 14th.

In-The-Wild & Disclosed CVEs

CVE-2021-34527

The vulnerability dubbed PrintNightmare was patched prior to the Tuesday patch drop, but it is still worth including here. This vulnerability also generated a bit of confusion. There is confusion around the CVE associated with the vulnerability. CVE-2021-1675 was patched in June and the PrintNightmare proof of concept worked on systems with that update. Articles indicated that the patch was broken or it had been bypassed, but Microsoft clarified this in the FAQ for CVE-2021-34527. This vulnerability is distinct from CVE-2021-1675 and existed before the June patch, which is why we now have two CVEs and a lot of confusion in discussions around PrintNightmare.

The vulnerability itself allows an authenticated user to execute code as SYSTEM and as such there are concerns that it could be incorporated into malware for the purpose of lateral movement. It is important to note that there is a registry key that could return a system to a vulnerable state. Additionally, this vulnerability has been publicly disclosed and has been actively exploited.

Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.

CVE-2021-33771

This CVE describes an actively exploited elevation of privilege vulnerability in the Windows kernel.

Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.

CVE-2021-34448

In order to exploit this vulnerability in a scripting engine, a user would have to visit a malicious page or open a specially crafted file. This vulnerability has seen active exploitation.

Microsoft has rated this as Exploitation Detected on the latest software release on the Exploit a bility Index.

CVE-2021-31979

This CVE (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vert/vert-threat-alert-july-2021-patch-tuesday-analysis/

July 14, 2021July 14, 2021 Tyler Reguly CVE, Patch Tuesday, VERT

Tyler Reguly

Tyler Reguly is Associate Director, Security R&D at Fortra, responsible for overseeing a team of researchers that provide the security expertise for the company’s integrity and compliance monitoring solution. Tyler joined Fortra in 2022 when the company acquired Tripwire, where Tyler had been a part of the research team for more than fifteen years. In addition to security research, Tyler has worked closely with Fanshawe College, from which he graduated with a diploma in Computer Systems Technology, developing five courses including subjects like Advanced Hacker Techniques & Tactics, Hacking and Exploits, Malware Research, Evolving Technologies and Threats, and Python Programming. He has also taught all five courses that he developed on multiple occasions.

tyler-reguly has 119 posts and counting.See all posts by tyler-reguly