{"id":41823,"date":"2021-07-13T00:00:00","date_gmt":"2021-07-13T00:00:00","guid":{"rendered":"https:\/\/www.trendmicro.com\/en_us\/research\/21\/g\/july-patch-tuesday--dns-server--exchange-server-vulnerabilities-.html"},"modified":"2021-07-13T00:00:00","modified_gmt":"2021-07-13T00:00:00","slug":"july-patch-tuesday-dns-server-exchange-server-vulnerabilities-cause-problems","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/july-patch-tuesday-dns-server-exchange-server-vulnerabilities-cause-problems\/","title":{"rendered":"July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems"},"content":{"rendered":"

<\/p>\n

<\/div>\n

After two relatively quiet months, July has proven to be another busy month for Microsoft security bulletins. A total of 117 bulletins were issued for various security vulnerabilities fixed in the July Patch Tuesday cycle. Thirteen of these were rated as Critical, 103 as Important, and one was classified as Moderate. Fifteen were submitted via the Trend Micro Zero Day Initiative<\/a>.<\/p>\n

PrintNightmare patched out-of-band<\/b><\/p>\n

Before the second Tuesday hit, however, system administrators were already busy remediating PrintNightmare. This bug (CVE-2021-34527<\/a>), which was inadvertently disclosed soon after June\u2019s Patch Tuesday, allowed for remote code execution on affected machines via a bug in the print spooler. This was not resolved until an out-of-band patch was released over the first weekend of July. Microsoft blamed later reports of an incomplete patch on insecure settings related to the Point and Print feature, which led to the company issuing \u201cclarified guidance<\/a>.\u201d It\u2019s worth noting that PrintNightmare is one of the four vulnerabilities fixed that Microsoft noted as being currently exploited.<\/p>\n

Exchange, DNS Server bugs multiply<\/b><\/p>\n

Seven of the bulletins issued this month were in the Exchange Server. While only one (CVE-2021-34473<\/a>) was rated as Critical, it appears to be potentially problematic: not only was it publicly disclosed before the patch, but Microsoft also classified it as more likely to be exploited for both current and older versions. All this means that it is very likely to be targeted for exploitation by various threat actors. Note, however, that three of the bulletins cover vulnerabilities that were silently patched in April.<\/p>\n

Windows\u2019s DNS Server is also a fertile source of potential exploits for this month. Microsoft fixed nine vulnerabilities in this product, and while only one of these is rated Critical (CVE-2021-34494<\/a>), this particular one could allow for remote code execution at a privileged service level without user interaction. Combined with the inherent importance of DNS servers, this one is worth patching quickly.<\/p>\n

Other vulnerabilities of note<\/b><\/p>\n

Among the other vulnerabilities, some still deserve special attention. A trio of vulnerabilities in the TCP\/IP driver stack could allow for a denial-of-service attack on machines, causing them to go offline. Microsoft Defender, Storage Spaces, and the SharePoint Server are all components\/applications that are covered by multiple patches this month.<\/p>\n

Trend Micro Solutions<\/b><\/p>\n

A proactive, multilayered approach to security is key against threats that exploit vulnerabilities \u2014 from the gateway, endpoints, networks, and servers.Note that our solutions to PrintNightmare are also covered in our Knowledge Base<\/a> specifically, as well as being listed below.<\/p>\n

The Trend Micro\u2122 Deep Security\u2122<\/a> solution provides network security, system security, and malware prevention. Combined with Vulnerability Protection<\/a>, it can protect user systems from a wide range of upcoming threats that might target vulnerabilities. Both solutions protect users from exploits that target these vulnerabilities via the following rule:<\/p>\n