Home > Cyber News > CVE-2021-36948 Zero-Day in Windows Update Medic Exploited in the Wild

CVE-2021-36948 Zero-Day in Windows Update Medic Exploited in the Wild


Microsoft’s August 2021 Patch Tuesday just rolled out, addressing 51 security vulnerabilities, including more Print Spooler issues, a zero-day, and seven critical flaws. Reports indicate that the zero-day, known under the CVE-2021-36948 advisory has been actively exploited in the wild.

Details about CVE-2021-36948 Zero-Day

This zero-day is located in Windows Update Medic Service in Windows 10 and Server 2019, as well as newer operating systems. The vulnerability is rated as important, and could enable remote code execution attacks.

Related: Four Zero-Days Patched in Microsoft Exchange E-Mail Server

What is Update Medic?
The Windows Update Medic Service is a new service which was introduced in Windows 10. Its purpose is to repair Windows Update components so that the computer can receive updates without interruption. In other words, the service enables remediation and protection of Windows Update components. Note that any disabled services related to Windows Update will be re-enabled by the service.

As for the CVE-2021-36948 exploit, researchers warn it is easy to exploit as it doesn’t require user interaction. The zero-day is also described as an elevation of privilege issue. These bugs are usually favored by hackers as they allow them to hide their tracks by creating user accounts.

Fortunately, activities related to CVE-2021-36948 are mostly limited or targeted, meaning that the majority of users are not at risk. However, applying the patch immediately is highly recommended.

Seven Critical Vulnerabilities Also Patched in August 2021 Patch Tuesday

This month, Microsoft also fixed a total of several critical issues:

  • CVE-2021-26424 – a remote code execution vulnerability that exists in the TCP/IP protocol stack in Windows 7 and newer, servers inclusive;
  • CVE-2021-26432 – a low-complexity vulnerability in Windows Services; the bug doesn’t require privileges or user interaction to be exploited;
  • CVE-2021-34480 – a scripting engine memory corruption issue, which can be exploited by using a web-based attack or a malicious file; as a result, attackers can take control of an affected system, install programs, view or change data, or create new user accounts with full user rights;
  • CVE-2021-34530 – a Windows Graphics Component vulnerability which could enable remote code execution attacks in the context of the current user; exploits are possible if attackers can trick a target into opening a specially crafted file;
  • CVE-2021-34534 – a Windows MSHTML Platform (also known as Trident, the rendering engine in Internet Explorer) RCE flaw. The vulnerability impacts a number of Windows 10 versions (1607, 1809,1909, 2004, 20H2, 21H1), including Windows Server 2016 and 2019;
  • CVE-2021-34535 – an RCE vulnerability in Remote Desktop Client;
  • CVE-2021-36936 – another Windows Print Spooler vulnerability enabling remote code execution and rated as critical.

Microsoft’s next Patch Tuesday is scheduled for September 14, 2021. Until then, we encourage you to apply the already-available patches now.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree