July 13, 2021

Microsoft today released updates to patch at least 116 security holes in its Windows operating systems and related software. At least four of the vulnerabilities addressed today are under active attack, according to Microsoft.

Thirteen of the security bugs quashed in this month’s release earned Microsoft’s most-dire “critical” rating, meaning they can be exploited by malware or miscreants to seize remote control over a vulnerable system without any help from users.

Another 103 of the security holes patched this month were flagged as “important,” which Microsoft assigns to vulnerabilities “whose exploitation could result in compromise of the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources.”

Among the critical bugs is of course the official fix for the PrintNightmare print spooler flaw in most versions of Windows (CVE-2021-34527) that prompted Microsoft to rush out a patch for a week ago in response to exploit code for the flaw that got accidentally published online. That patch seems to have caused a number of problems for Windows users. Here’s hoping the updated fix resolves some of those issues for readers who’ve been holding out.

CVE-2021-34448 is a critical remote code execution vulnerability in the scripting engine built into every supported version of Windows — including server versions. Microsoft says this flaw is being exploited in the wild.

Both CVE-2021-33771 and CVE-2021-31979 are elevation of privilege flaws in the Windows kernel. Both are seeing active exploitation, according to Microsoft.

Chad McNaughton, technical community manager at Automox, called attention to CVE-2021-34458, a remote code execution flaw in the deepest areas of the operating system. McNaughton said this vulnerability is likely to be exploited because it is a “low-complexity vulnerability requiring low privileges and no user interaction.”

Another concerning critical vulnerability in the July batch is CVE-2021-34494, a dangerous bug in the Windows DNS Server.

“Both core and full installations are affected back to Windows Server 2008, including versions 2004 and 20H2,” said Aleks Haugom, also with Automox.

“DNS is used to translate IP addresses to more human-friendly names, so you don’t have to remember the jumble of numbers that represents your favorite social media site,” Haugom said. “In a Windows Domain environment, Windows DNS Server is critical to business operations and often installed on the domain controller. This vulnerability could be particularly dangerous if not patched promptly.”

Microsoft also patched six vulnerabilities in Exchange Server, an email product that has been under siege all year from attackers. Satnam Narang, staff research engineer at Tenable, noted that while Microsoft says two of the Exchange bugs tackled this month (CVE-2021-34473 and CVE-2021-34523) were addressed as part of its security updates from April 2021, both CVEs were somehow omitted from that April release. Translation: If you already applied the bevy of Exchange updates Microsoft made available in April, your Exchange systems have protection against these flaws.

Other products that got patches today include Microsoft Office, Bing, SharePoint Server, Internet Explorer, and Visual Studio. The SANS Internet Storm Center as always has a nice visual breakdown of all the patches by severity.

Adobe also issued security updates today for Adobe Acrobat and Reader, as well as Dimension, Illustrator, Framemaker and Adobe Bridge.

Chrome and Firefox also recently have shipped important security updates, so if you haven’t done so recently take a moment to save your tabs/work, completely close out and restart the browser, which should apply any pending updates.

The usual disclaimer:

Before you update with this month’s patch batch, please make sure you have backed up your system and/or important files. It’s not uncommon for Windows updates to hose one’s system or prevent it from booting properly, and some updates even have been known to erase or corrupt files.

So do yourself a favor and backup before installing any patches. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.

And if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, see this guide.

As always, if you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a better-than-even chance other readers have experienced the same and may chime in here with some helpful tips. Also, check out AskWoody, which keeps a close eye out for specific patches that may be causing problems for users.


49 thoughts on “Microsoft Patch Tuesday, July 2021 Edition

  1. The Sunshine State

    Mozilla Firefox released version 90.0 today also

  2. Dean Gullberry

    Working in IT has never been more stressful. This is just getting ridiculous.

    1. J. Edgar Whirlpool

      It depends. All of this has happened before in local concentrations of iteration.
      It’s not getting significantly less ridiculous, you could say.

      1. Brad Pears

        Spoken like a true politician!! Always trying to sugar coat the crap!! LOL!

    2. yoomi

      I’m glad that I got out of the direct user support role I had. It was getting bad 2 years ago. Was working for a small company who was using Windows 2003 Small Business Server for auth and DNS. It was terrifying every day. Can’t imagine how it is now.

    3. Chris Holland

      That’s why they pay us the big bucks. If it was easy, all the feckless intellectually and educationally challenged Millennials would be undercutting us instead of playing at being influencers, crypto grifters, blockchain ‘experts’, ‘serial Internet entrepreneurs’ or tweeting like twits on Twitter.

      1. Old Bitterstuffs

        “all the feckless intellectually and educationally challenged Millennials”
        -Crybabyesque ageism on a security forum isn’t indicative of much education.
        The opposite.

        1. P.d.

          Oh, I don’t know…it sounds like a “Generalization”…so it refers to the thing in question “In General”…there ARE exceptions, perhaps many.

          But in this case, I doubt it.

          Remember “Programmers,” not “Devs” who do nothing but put together blocks of programming and code plug-ins, all of which were written in higher programming languages.

          1. Old Bitterstuffs

            A pure guess twisted into a weak slap isn’t the plural of ‘information’ either, nor did they distinguish between programmers and devs. It was all about his loathing of young people. You can say he has his reasons, no doubt internally that’s so, but do not portend to call that informative in any sense – No more than calling dusty old boomers responsible for climate change denial solves any real issue either, even if you believe it. It’s just weak stereotypical BS from a misplaced anger.

        2. Chris Holland

          I don’t care. When President Trump is reinstated, he’ll take care of all this woke crap.

          1. Trump is a traitor

            Enjoy those colon walls. Don’t ever pull your head out.

    4. SeymourB

      I dunno, I think the unpatched vulnerability era was a lot more stressful, where we engaged in security theater with antivirus trying to plug all the many many many many holes and OS vendors never released updates for security reasons, just features & bugs (and usually not the latter).

  3. Brian McNeill

    I use Win 7 for a Photoshop machine because of a failed update to Win 10. It’s not online very much.
    Yes, you can pull down the necessary updates, but installation fails because the ‘Standalone Installer needs to be updated’.
    Trying to update the standalone updater is a fail because it it no longer available!
    Microsoft at it’s Catch 22 best!
    Ubuntu looks better all the time for my run of the mill machines.
    Brian

    1. William Kemmler

      Then perhaps it’s time to admit that Win7 is end of life and obsolete and update your system to a more recent version instead of complaining about Microsoft not providing updates. (And you’ll quickly find out that Ubuntu isn’t the drop in replacement for Windows that advocates want you to believe it is. But that’s a learning experience users need to get for themselves.)

  4. ReadandShare

    Since Win 10’s debut back in 2015, I think of my Win updates/upgrades were all straightforward and successful — except for the two times I mucked around too much with the registry, etc. But I’m also an individual home user without any complicated setup’s. Just my notebook, phone, tablets, and a wireless printer.

  5. Sebastian

    At this point, I may just wait and patch all the critical issues in 11.

  6. Upsers

    I just hope this time it actually works so i dont have to disable the spooler on our servers.

    1. James Beatty

      If they’re not RDS servers or print servers, there aren’t many good reasons for the print spooler to be running anyway.

  7. Annette Ganss

    I just hope it does not stall when downloading. I been having this issue since January, it’s not my computer it’s their server. I have had to turn off auto updates a few times because of this. Wait a week or two then restart them and see what happens. I see a few are sick of the same Windows issues.

  8. Steve

    Why is everyone stressing out? My IT life has never been easier, I can sleep every night.
    -Nightly Windows updates on servers (3rd party updates too)
    -MFA everywhere
    -Application Control (Applocker)
    -A killer Log monitor & reporting tool in place
    -Other tools in place as well.
    -Majority of the CIS Controls(v7.1) applied (v8 is garbage)
    And if a vendor app doesn’t play well with updates, they are kicked to the curb. No need for lazy dev SW.

    1. A. Bosch

      What if the vendor app is a Microsoft os? Do you kick that to the curb?

        1. MyBalanceNow

          Thanks for the info i will try to figure it out for more.

  9. yoomi

    I’m glad that I got out of the direct user support role I had. It was getting bad 2 years ago. Was working for a small company who was using Windows 2003 Small Business Server for auth and DNS. It was terrifying every day. Can’t imagine how it is now.

  10. Onslow

    Is there any reason a decades-mature operating system should be this buggy and hole ridden?

      1. P.D.

        Like MSFT firing the whole QA/QC team a few years ago…just when all the real issues with “Patch Day” got out of control…I guess Nadella needed some new hardware on his yacht, or something…

    1. pol bel

      V 1, 2, 3, 3.1, 3.11, 95(a, b, c.d), 98(1, 2) Me, XP, Vista, 7, 8, 8.1 were all dumped before they were fixed. As we are getting close to 40 years of lack of perseverance, did anyone else notice a clear pattern of bait and switch? What ever happened to making it right before selling it?

      1. P.D. (By Order Of- :)

        It never was about that in America…it’s always been the Marketing and Sales department holding a gun to the head PHB of Engineering and saying, “Aim, Fire, er, Aim? Did we forget something?”

        The fact that the PHB is headless will not even be noticed.

        The only time we’ve ever gotten it right before release were certain MIL-spec projects in WW2 up to about Korea, where if you screwed up someone DIED. Then THAT area began to crumble much later, but that’s a different story.

        No, up there in Silicon Gulch they believe in “Move fast and Break Things!” Sounds like a immature, drunk 18-year old (if that) stumbling though a china shop.

        No, until we get these jerks to be financially responsible for harm that comes to a user though their bungling, and a EULA that says so, there will be no improvement.

        Until then, I give you: https://www.sjgames.com/svtarot/net/

        That just about says it all.

        I am SO glad I’m retired from all that!!

  11. Turan

    Trying to update the standalone updater is a fail because it it no longer available!
    Microsoft at it’s Catch 22 best!

  12. RK

    Updated both my desktop and notebook, both running W10 Pro 20H2 and both restarted OK. So far so good. So far….

    1. RK

      Apparently their vulnerability spooler is still running…

    2. William Kemmler

      “An attacker must have the ability to execute code on a victim system to exploit this vulnerability.”

      I think a system admin would have more concern about having an “attacker” that has the ability to execute code on a “victim system” than this vulnerability. Yeah, it’s not good but if you already have hackers/attackers on your network and in your computers with the ability to execute code you’ve pretty much lost the battle already. So disable the Print Spooler, patch the vulnerability and hope you don’t have hackers on your network and in your computers. That’s about the best it will get. Just my two cents.

      1. JamminJ

        Most users don’t know, but lots of untrusted code already runs on their computers.
        JavaScript runs in the browser, VB code runs in MS office, and other examples.

        The trick is isolation, so that the code doesn’t reach the vulnerable part.
        But a single bad email attachment, is often all it takes.

  13. Z

    I installed this update on windows 8.1, but now I am getting startup issues. It gets past the BIOS startup screen and then just stalls on a blank black screen. Forcing a HW restart then goes to a automatic repair but it just says my PC did not start correctly.

    From there, I system restored back to July 13 and managed to boot back up. As a test, I restarted again but it seems Windows managed to install the update before I rebooted… the issue reoccurred. And now, the system restore point is July 16, and trying to system restore makes it restart -> restart -> stall on the blank screen. I guess the new system restore point is somehow set after the update was installed, so it’s useless now.

    Safe mode is not working either. What is the next best option from that automatic repair screen?

    1. mcintosh

      If your files are ENTIRELY backed up (and no, they are not, are they) then you could do a clean reinstall.
      That avoids a lot of cruft and time waste. Otherwise you can boot from recovery media to recovery console,
      uninstall or rollback or delete from there depending on severity. Were I you, a clean Win10 would be preferable.
      Restoring 8 outside of absolute necessity makes no sense, I say that as a current user of crippled 7.

  14. Chris Pugson

    There were TWO separate Monthly Cumulative Security updates imposed on user of Windows 10 (KB5004945 followed by KB5004237) and Windows 8.1 (KB5004954 followed by KB5004298) in the first two weeks of July 2021!!!!!

    1. JamminJ

      Typical scramble after a major zero day with published exploit in the wild.

      They must push an immediate patch, even if not totally effective. Then, subsequent updates to patch new variants found.

      And before anyone thinks this is only Windows. Remember Heartbleed.

      1. Chris Pugson

        Each cumulative update is upwards of 500MB. Those with slow internet connections will not enjoy this current Microsoft Windows practise. Updates in the good old days of Windows 7 were modest in size and therefore imposed modest download burdens. Does this mean that in a spell of ‘zero-days’ that update download traffic will become immense?

  15. commrad kat with flower on head

    cyka bylat
    decib mericans + ruskies have common – ego
    dont be lazy
    create an image
    air gap store image
    backup data
    air gap backup data
    restore when needed
    make cheese with babushka
    play cod and
    give middle finger to everyone trying to hack you.

  16. rich

    I find it surprising any large company would base their network on Microsoft’s products. Some things I can see using but it is just too labor intensive to constantly “fix” all of the issues. Worse is that most of those companies also view IT as an overhead expense so they try to minimize spending which just leads to lower quality employees or overworked good employees. Neither is a good situation.

    I told a coworker, companies need to view IT as a (since companies love buzz words) productivity enhancer or force multiplier. Giving employees quality systems that are easy to use and have minimum issues benefits everyone. I grew up before even DOS was around and have spent tons of times with DOS/Windows and have grown to hate it. Just not worth the effort.

  17. J Whiffle Huffenpuffen

    Not a regular, but checked in to see if there is any info here on the NSO Group “Pegasus” smartphone attacks. WaPo’s coverage isn’t particularly technical, so I’m left with zero idea how an attack could be via a text. How are the SMS or similar networks allowing texts with payloads like that? Why are those examining target’s phones showing multiple successful attacks over just a few months (or is that an inaccurate description)?

    1. security vet

      …all sms messages (aka texts) or imessages require pre-processing so they can be displayed, stored, routed, converstionalized, etc., and the exploits take advantage of failures (bugs, if you will) in the pre-processing code paths…

  18. Dalena

    I updated and now it is blocking multitudes of websites including my work portal and fax. I’m a solo practitioner and have no IT department. It is even blocking Microsoft sites. I’m assuming it has something to do with a firewall but don’t know how to remedy.

  19. Wildcat

    KB5004298 doesn’t install on a Dell laptop with Windows 8.1. The installation reboots the machine twice. After the second reboot the installation reaches 98% after which an error message that says, “We couldn’t complete the updates. Undoing changes” appears. The changes are then rolled out. I’m receiving an error code of 800F0922.

    I’ve tried downloading the update and running it manually, running the Windows Update Troubleshooter, running DISM and SFC scans, resetting Windows Update components, disabling the Secure Boot feature, updating the drivers, clearing the .CBS logs, and probably a few other things that I can’t remember off the top of my head. No success.

    1. Wildcat

      I managed to get this issue fixed. It is an Acrobat Flash removal issue. The Microsoft code is looking for the following:

      C:\Windows\System32\Macromed\Flash
      C:\Windows\SysWOW64\Macromed\Flash

      On my laptop the Flash folder had already been removed from the 2nd directory listed above. I went in and installed an empty Flash folder. Then I reran the KB5004298 update. The update completed successfully.

Comments are closed.