44 vulnerabilities, including 3 zero-days, fixed in August 2021 Patch Tuesday

By Karthika Surendran

After last month’s PrintNightmare vulnerability, system admins are only just catching their breaths, but this month’s Patch Tuesday is already here, so it’s back to hustling for IT teams. With most organizations embracing a distributed workforce, system administrators are bound to be up to their ears in work for the next two weeks, testing and figuring out how to deploy updates to secure all of their machines. While it takes a lot of work, it’s important to prioritize vulnerabilities based on severity and patch your organization’s devices to stay on top of your game.

Microsoft has released security fixes to address 44 vulnerabilities, out of which seven are classified as Critical and 37 as Important. Three zero-days have also been patched, one of which is being actively exploited and two have been publicly disclosed.

After an initial discussion about the updates released, we’ll offer our advice for devising a plan to handle patch management in a hybrid work environment.

What is Patch Tuesday?

Patch Tuesday falls on the second Tuesday of every month. It is on this day that Microsoft releases security and non-security updates for its operating system and other related applications. Since Microsoft has upheld this process of releasing updates in a periodic manner, IT admins expect these updates and have time to gear up for them.

Why is Patch Tuesday important?

The most important security updates and patches to fix critical bugs or vulnerabilities are released on Patch Tuesday. Usually, zero-day vulnerabilities are also fixed during Patch Tuesday unless the vulnerability is critical and highly exploited, in which case an out-of-band security update is released to address that particular vulnerability.

August Patch Tuesday product lineup

Security updates were released for the following products:

  • .NET Core & Visual Studio
  • ASP .NET
  • Microsoft Dynamics
  • Microsoft Office
  • Microsoft Scripting Engine
  • Microsoft Windows Codecs Library
  • Remote Desktop Client
  • Windows Defender
  • Windows Media
  • Windows MSHTML Platform
  • Windows Print Spooler Components

Three zero-day vulnerabilities patched

One actively exploited and two publicly disclosed zero-day vulnerabilities were patched this month. Here is the list:

  • CVE-2021-36936 – Windows Print Spooler remote code execution vulnerability (publicly disclosed)
  • CVE-2021-36942 – Windows LSA spoofing vulnerability (publicly disclosed)
  • CVE-2021-36948 – Windows Update Medic Service elevation of privilege vulnerability (actively exploited)

Critical updates

There are seven Critical updates released this Patch Tuesday:

Product

CVE Title

CVE ID

Microsoft Graphics ComponentWindows Graphics Component remote code execution vulnerabilityCVE-2021-34530
Microsoft Scripting EngineScripting Engine memory corruption vulnerabilityCVE-2021-34480
Remote Desktop Client
Remote Desktop Client remote code execution vulnerability
CVE-2021-34535
Windows MSHTML PlatformWindows MSHTML Platform remote code execution vulnerabilityCVE-2021-34534
Windows Print Spooler ComponentsWindows Print Spooler remote code execution vulnerabilityCVE-2021-36936
Windows Services for NFS ONCRPC XDR DriverWindows Services for NFS ONCRPC XDR Driver remote code execution vulnerabilityCVE-2021-26432
Windows TCP/IPWindows TCP/IP remote code execution vulnerabilityCVE-2021-26424

Third-party updates released after July Patch Tuesday

Third-party vendors such as Adobe, Cisco, SAP, and VMware released updates after last month’s Patch Tuesday

Best practices to handle patch management in a hybrid work environment

Most organizations have opted to embrace remote work even after they have been cleared to return to the office. This decision poses various challenges to IT admins, especially in terms of managing and securing distributed endpoints. Here are a few pointers to ease the process of remote patching.

  • Disable automatic updates, because one faulty patch could bring down the whole system. IT admins can educate end-users on how to disable automatic updates on their machines. Patch Manager Plus and Desktop Central also have a dedicated patch, 105427, that can be deployed to endpoints to ensure that automatic updates are disabled.
  • Create a restore point—a backup or image that captures the state of the machines—before deploying big updates like those from Patch Tuesday.
  • Establish a patching schedule and keep end-users informed about it. It is recommended to set up a time for deploying patches and rebooting systems. Let end-users know what needs to be done on their end for trouble-free patching.
  • Test the patches on a pilot group of systems before deploying them to the production environment. This will ensure that the patches do not interfere with the workings of other applications.
  • Since many users are working from home, they all might be working different hours; in this case, you can allow end users to skip deployment and scheduled reboots. This will give them the liberty to install updates at their convenience and avoid disrupting their work. Our patch management products come with options for user-defined deployment and reboot.
  • Most organizations are patching using a VPN. To stop patch tasks from eating up your VPN bandwidth, install Critical patches and security updates first. You might want to hold off on deploying feature packs and cumulative updates since they are bulky updates and consume too much bandwidth.
  • Schedule the non-security updates, as well as security updates that are not rated Critical, to be deployed after Patch Tuesday, such as during the third or fourth week of the month. You can also choose to decline certain updates if you feel they are not required in your environment.
  • Run patch reports to get a detailed view of the health status of your endpoints.
  • For machines belonging to users returning to the office after working remotely, check if they are compliant with your security policies. If not, quarantine them.
  • Install the latest updates and feature packs before deeming your back-to-office machines fit for production.
  • Take inventory of and remove apps that are now obsolete for your back-to-office machines, like remote collaboration software.

With Desktop Central or Patch Manager Plus, you can completely automate the entire process of patch management, from testing patches to deploying them. You can also tailor the patch tasks according to your current situation. For hands-on experience with either of these products, start a 30-day free trial and keep thousands of applications patched and secure.

Happy patching!

** Optrics Inc. is a ManageEngine partner


The original article can be found here:

https://blogs.manageengine.com/desktop-mobile/patch-manager-plus/2021/08/11/44-vulnerabilities-including-3-zero-days-fixed-in-august-2021-patch-tuesday.html

About the Author: Shannon Lewis

Leave a Reply