Trend Micro -
After two relatively quiet months, July has proven to be another busy month for Microsoft security bulletins. A total of 117 bulletins were issued for various security vulnerabilities fixed in the July Patch Tuesday cycle. Thirteen of these were rated as Critical, 103 as Important, and one was classified as Moderate. Fifteen were submitted via the Trend Micro Zero Day Initiative.
PrintNightmare patched out-of-band
Before the second Tuesday hit, however, system administrators were already busy remediating PrintNightmare. This bug (CVE-2021-34527), which was inadvertently disclosed soon after June’s Patch Tuesday, allowed for remote code execution on affected machines via a bug in the print spooler. This was not resolved until an out-of-band patch was released over the first weekend of July. Microsoft blamed later reports of an incomplete patch on insecure settings related to the Point and Print feature, which led to the company issuing “clarified guidance.” It’s worth noting that PrintNightmare is one of the four vulnerabilities fixed that Microsoft noted as being currently exploited.
Exchange, DNS Server bugs multiply
Seven of the bulletins issued this month were in the Exchange Server. While only one (CVE-2021-34473) was rated as Critical, it appears to be potentially problematic: not only was it