Patch Tuesday is back. Just like we saw in June we have several that are already publicly disclosed, and four of these being actively exploited. Overall we are looking at 117 total exploits closed with 13 of them being rated critical. It is looking like we kept the absolute worst trends of June, while going back to the large total numbers we saw often in 2020. The worst of both worlds, and that without not even going over all of the confusion surrounding Printnightmare.
CVE-2021-34473 - This Remote Code Execution for Microsoft Exchange is rated as a 9.1, requires no user interaction, has a low complexity, and does not need user interaction. That seems to cover just about all of the worst case scenarios for an exploit. That is before we mention that this is one that is already publicly disclosed. If you run exchange on-prem this should have you running to get it patched ASAP.
CVE-2021-34448 - This exploit is already being used out in the wild, and per the MSRC site it can cause a total of integrity and confidentiality. Meaning they can get all information or modify all files from the impacted component. The only ray of sunshine here is that it does require user interaction, but that can be as simple as getting them to visit a corrupted site or click on a bad link. Thank goodness your end-user training has been thorough and has been adopted by everyone!
CVE-2021-34494 - Anytime there is a threat to DNS it is worth highlighting. On the bright side you don’t need to patch every machine with this one, only machines that are DNS servers. On the dark side, it requires minimal permissions and no user interaction to exploit. This is not one that is already publicly known or exploited, so at least patching should get you ahead of it.
This was a very rough month. I was really hoping the spike we saw in already exploited vulnerabilities was an outlier, but it seems to be more of a trend at this point. This would have been one of the roughest months I have done a write up for even before you account for things that came out before Patch Tuesday. It is becoming apparent that patching needs to happen faster and more efficiently than ever before. PDQ Deploy and Inventory can not only help you get this done faster, we can also help you get the process automated so you don’t even have to worry about them. We would love for you to read these blogs just for the information, and not to find out how much of your hair you will need to pull out this month *Highlights Magazine is a trademark of "Highlights For Children". Lowlights Magazine is a dripping satire and should be recognized as such.