Tripwire’s July 2021 Patch Priority Index (PPI) brings together important vulnerabilities from VMware, Adobe, Oracle, and Microsoft.

First on the patch priority list this month are patches for Microsoft Print Spooler (CVE-2021-34527, CVE-2021-1675) and vSphere Client (CVE-2021-21985). Exploits for these vulnerabilities have been recently added to the Metasploit Exploit Framework. These systems should be patched as soon as possible.

Up next are patches for Adobe Reader and Acrobat that resolve 19 issues including memory leak, arbitrary code execution, arbitrary file system write, arbitrary file system read, and denial-of-service vulnerabilities.

Next is a patch for Microsoft Scripting Engine, which resolves a memory corruption vulnerability.

Next on the patch priority list this month are patches for Microsoft Excel, Office, and Word. These patches resolve three remote code execution vulnerabilities along with a security feature bypass vulnerability.

Up next on the list are patches that resolve vulnerabilities that impact Oracle Java SE, versions 7u301, 8u291, 11.0.11, 16.0.1.

Next are patches that affect components of the Windows operating systems. These patches resolve over 60 vulnerabilities including elevation of privilege, information disclosure, remote code execution, security feature bypass, denial of service, and memory corruption vulnerabilities. These vulnerabilities affect core Windows, storage spaces controller, Windows Hello, remote assistance, kernel, GDI, GDI+, Media Foundation, Font Driver, LSA, MSHTML, AF_UNIX Socket Provider, SMB, Print Spooler, and others.

Up next is are patches for Hyper-V that resolve a denial-of-service flaw and remote code execution vulnerabilities.

Lastly, administrators should focus on server-side patches for Microsoft. This is a large month for server-side patches affecting Microsoft SharePoint, Exchange, Office Online Server, Windows DNS, Active Directory, and Dynamics Business Central Control. These patches resolve several issues including remote code execution, information disclosure, spoofing, and remote code execution.

BULLETIN CVE
Exploit Framework – Metasploit CVE-2021-34527, CVE-2021-21985, CVE-2021-1675, CVE-2019-5736
APSB21-51: (Read more...)