Hope you’re ready for quite a doozy of a Patch Tuesday for July, because we have a lot to cover here. This Patch Tuesday comes in hot with Microsoft’s 116 vulnerabilities (over double June’s 49 vulnerabilities), 12 of which are critical severity, and 2 that have already been exploited in the wild. July represents a dramatic shift from the relatively light releases we’ve witnessed over previous months and highlights an uptick in zero-day exploits and the urgency needed to keep pace with a growing list of threats.
While all eyes have been on the Windows Print Spooler (aka PrintNightmare, CVE-2021-34527) due to its scope of impact and high probability of exploitation, there are plenty of other vulnerabilities to keep your eye on. CVE-2021-34473 and CVE-2021-34523 are a pair of high-priority vulnerabilities found in Microsoft’s Exchange Server solution. CVE-2021-34473, a remote code execution vulnerability found and disclosed via the Zero Day initiative, allows an attacker to execute code on a victim’s machine without user interaction over the network. CVE-2021-34523 could be used in conjunction with CVE-2021-34473 to elevate user privileges on the device once compromised. Fortunately, at the moment, neither of these attacks have been compromised in the wild.
Adobe also patched a good number of vulnerabilities today, including security holes in Acrobat & Reader, Dimension, Illustrator, Framemaker, and Bridge. In highlight, we note specifically the Acrobat and Reader vulnerabilities affecting both Windows and macOS operating systems. Adobe products are prevalent on most organization’s devices, but this is especially true of Acrobat and Reader given the ubiquity of the PDF format. This also makes a very attractive target for malicious threat actors. Due to the nature of these vulnerabilities and the commonality of this software, Automox recommends prioritizing the patching of these vulnerabilities within a 72 hour period.
Last, Mozilla had three high-importance vulnerabilities within Firefox, Firefox ESR, and Thunderbird that are worth taking a look into.
You can find all of the Patch Tuesday updates from Microsoft, Google, and Adobe in our monthly Patch Tuesday Index. And you can find a highly detailed analysis of these patches from our Automox experts here.