Microsoft has fixed 44 vulnerabilities with August Patch Tuesday, seven of which were critical. The tech giant also released a patch for Windows Update Medic Service elevation of privilege zero-day vulnerability (CVE-2021-36948).
The exploitation of thirteen bugs could allow a threat actors to execute remote code, and another eight could cause information disclosure. The affected tools included .NET Core & Visual Studio, ASP.NET Core & Visual Studio, Azure, Windows Update, Windows Print Spooler Components, Windows Media, Windows Defender, Remote Desktop Client, Microsoft Dynamics, Microsoft Edge (Chromium-based), Microsoft Office, Microsoft Office Word, Microsoft Office SharePoint and more.
One of the most important patches fixes the Windows Print Spooler Remote Code Execution vulnerability, which has been a big problem since it was found in June.
Cybersecurity researcher Allan Liska said that CVE-2021-36948 is similar to CVE-2020-17070, which was published in November 2020. Liska also noted a Windows TCP/IP Remote Code Execution vulnerability impacting Windows 7 through 10 and Windows Server 2008 through 2019 (CVE-2021-26424). This vulnerability is not listed as publicly disclosed or exploited in real attacks, but Microsoft marked this as 'Exploitation More Likely' meaning that exploitation is relatively trivial.