This week, Microsoft has rolled out its monthly Patch Tuesday updates for August 2021. It addresses important bugs like PetiPotam NTLM relay and PrintNightmare. While it’s an important update, it isn’t a huge one compared to the earlier monthly updates of 2021.
PetiPotam and PrintNightmare Bugs Finally Fixed
With August Patch Tuesday, Microsoft has finally addressed the Print Spooler flaw that made it difficult to take prints.
Specifically, the latest fix isn’t about the previously discovered PrintNightmare (CVE-2021-34527) that Microsoft addressed with July updates. Rather it is for the vulnerability discovered in the previous month (CVE-2021-34481) that was a local privilege escalation flaw.
Despite its severity, the bug thankfully evaded exploits, probably because of Microsoft’s earlier disclosure and mitigation recommendations.
Hence, the tech giant got enough time to develop and deploy a fix for it. So now, Microsoft has issued a detailed advisory for applying Point and Print driver updates released this month. The latest fix bars non-admin users from installing new printers on remote servers/computers and updating existing printer drivers from remote systems.
Together with this one, Microsoft has also patched another critical severity RCE bug in Print Spooler (CVE-2021-36936). While the tech giant admitted the bug to have caught public attention, it assured that the flaw remained unexploited. Presently, it is unclear if this vulnerability is also related to PrintNightmare flaws or a different one.
Similarly, the other noteworthy fix this month is for the PetiPotam NTLM relay attack about which Microsoft warned in July.
Identified as CVE-2021-36942, Microsoft has labeled it an important severity LSA spoofing vulnerability. Describing it in an advisory, Microsoft stated,
An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM. This security update blocks the affected API calls OpenEncryptedFileRawA and OpenEncryptedFileRawW through LSARPC interface.
Other Microsoft Patch Tuesday August Updates
Along with the vulnerabilities described above, one bug that Microsoft confirmed to be actively exploited is CVE-2021-36948. Basically, it’s a privilege escalation vulnerability in the Windows Update Medic Service. This feature, introduced with Windows 10, manages to repair Windows Update components to keep the system receiving updates.
In all, the latest Patch Tuesday bundle is a modest one with 51 bug fixes only. These include 7 critical severity, 5 high severity, 37 important severity, and 2 medium severity bugs.
Yet, since the updates address some important fixes, users must update their systems at the earliest to remain safe.