Today is the monthly 'Windows Update' day, as well as measures against vulnerabilities in the point and print function.
Monthly distribution of Windows security updates and bug fixes ・ Windows Update was carried out. This update also includes countermeasures for vulnerabilities found in the 'Point and Print' function that allows you to install drivers for printers without using drivers on CDs.
The security update released this month is explained in 'Security Update for August 2021 (Monthly)'. https://t.co/KQTbyTNjaA pic.twitter.com/jBAHoDFxQm
— Microsoft Security Team (@JSECTEAM) August 11, 2021
August 2021 Security Update (Monthly) – Microsoft Security Response Center
https://msrc-blog.microsoft.com/2021/08/10/202108-security-updates/
Point and Print Default Behavior Change – Microsoft Security Response Center
https://msrc-blog.microsoft.com/2021/08/10/point-and-print-default-behavior-change/
Microsoft to require admin rights before using Windows Point and Print feature --The Record by Recorded Future
https://therecord.media/microsoft-to-require-admin-rights-before-using-windows-point-and-print-feature/
In July 2021, Microsoft distributed an emergency patch for the 'PrintNightmare ' vulnerability inherent in the print spooler. Exploitation of this vulnerability could allow arbitrary code execution with SYSTEM privileges.
However, it has been pointed out that this emergency patch is incomplete and can be avoided if the 'point and print' feature, which allows Windows to automatically connect to a remote printer, is enabled.
The Microsoft fix released for recent #PrintNightmare vulnerability addresses the remote vector --how the LPE variations still function. These work out of the box on Windows 7, 8, 8.1, 2008 and 2012 but require Point & Print configured for Windows 2016, 2019, 10 & 11 (?). ???? ♂️ https://t.co/PRO3p99CFo
— Hacker Fantastic (@hackerfantastic) July 6, 2021
Therefore, with this update, a change has been made so that administrator privileges are required when installing the driver with the point and print function, and a more drastic response has been taken.
Other updates are as follows.
◆ Windows 10 v21H1, v20H2, v2004, v1909
Maximum severity:
emergency
Most impact:
Code is executed remotely
Related Knowledge Base or Support Web Page:
Windows 10 v21H1, Windows 10 v20H2, Windows 10 v2004: 5005033
Windows 10 v1909: 5005031
◆ Windows Server 2019, Windows Server 2016, Server Core installation (2019, 2016, v20H2, v2004)
Maximum severity:
emergency
Most impact:
Code is executed remotely
Related Knowledge Base or Support Web Page:
Windows Server Version 20H2, Windows Server Version 2004: 5005033
Windows Server 2019: 5005030
Windows Server 2016: 5005043
◆ Windows 8.1, Windows Server 2012 R2, and Windows Server 2012
Maximum severity:
emergency
Most impact:
Code is executed remotely
Related Knowledge Base or Support Web Page:
Windows 8.1 and Windows Server 2012 R2 Monthly Rollup: 5005076
Windows 8.1 and Windows Server 2012 R2 Security Only: 5005106
Windows Server 2012 Monthly Rollup: 5005099
Windows Server 2012 Security Only: 5005094
◆ Internet Explorer
Maximum severity:
emergency
Most impact:
Code is executed remotely
Related Knowledge Base or Support Web Page:
Cumulative Security Update for Internet Explorer: 5005036
◆ Microsoft Office related software
Maximum severity:
important
Most impact:
Code is executed remotely
Related Knowledge Base or Support Web Page:
For more information about security updates for Office-related software, see the Security Update Guide: https://msrc.microsoft.com/update-guide
◆ Microsoft SharePoint related software
Maximum severity:
important
Most impact:
Spoofing
Related Knowledge Base or Support Web Page:
4011600 , 5002000 , 5002002
◆ Microsoft Visual Studio related software
Maximum severity:
important
Most impact:
information leak
Related Knowledge Base or Support Web Page:
For more information about security updates for Visual Studio related software, see https://docs.microsoft.com/en-us/visualstudio and Security Update Guide https://msrc.microsoft.com/update-guide
◆ Microsoft Dynamics related software
Maximum severity:
important
Most impact:
Code is executed remotely
Related Knowledge Base or Support Web Page:
For more information about security updates for Dynamics-related software, see the Security Update Guide https://msrc.microsoft.com/update-guide
◆ Microsoft .NET related software
Maximum severity:
important
Most impact:
information leak
Related Knowledge Base or Support Web Page:
For more information about security updates for .NET-related software, see the Security Update Guide. https://msrc.microsoft.com/update-guide
◆ Microsoft Azure related software
Maximum severity:
important
Most impact:
Elevation of privilege
Related Knowledge Base or Support Web Page:
For more information about security updates for Azure-related software, see the Security Update Guide https://msrc.microsoft.com/update-guide
◆ Microsoft Malware Protection Engine
Maximum severity:
important
Most impact:
Elevation of privilege
Related Knowledge Base or Support Web Page:
For more information about Microsoft Malware Protection Engine security updates, see the Security Update Guide. https://msrc.microsoft.com/update-guide
The Windows Update will be released on the second Tuesday of every month in US time, and the next update will be available on Wednesday, September 15, 2021 in Japan time.
Related Posts:
in Software, Posted by log1l_ks