Microsoft Patch Tuesday Update - June 2021

June's  Patch Tuesday fixed 50 security vulnerabilities within Microsoft products, 5 of which were marked as critical and 6 zero-days, 6 of these have previously been seen in the past.

Please be sure to review the ‘Security Updates’ section, in the links included below.

The 6 zero-day vulnerabilities which are being actively exploited, and are now patched are:

CVE-2021-31955 - Windows Kernel Information Disclosure Vulnerability - CVSS:3.0 5.5 / 5.1.

  • Attack vector: Local
  • Attack complexity: Low
  • Privileges required: Low
  • User interaction required: None
  • Exploit code maturity: Functional
  • Evidence of previous exploit: Yes
  • Publicly disclosed: No

CVE-2021-31956 - Windows NTFS Elevation of Privilege Vulnerability - CVSS:3.0 7.8 / 7.2.

  • Attack vector: Local
  • Attack complexity: Low
  • Privileges required: Low
  • User interaction required: None
  • Remediation level: Official Fix
  • Exploit code maturity: Functional
  • Evidence of previous exploit: Yes
  • Publicly disclosed: No

CVE-2021-33739 - Microsoft DWM Core Library Elevation of Privilege Vulnerability - CVSS:3.0 8.4 / 7.8.

  • Attack vector: Local
  • Attack complexity: Low
  • Privileges required: None
  • User interaction required: None
  • Remediation level: Official Fix
  • Exploit code maturity: Functional
  • Evidence of previous exploit: Yes
  • Publicly disclosed: Yes

How could an attacker exploit this vulnerability?
This vulnerability is subject to a local escalation of privilege attack. The attacker would most likely arrange to run an executable or script on the local computer. An attacker could gain access to the computer through a variety of methods, such as via a phishing attack where a user clicks an executable file that is attached to an email.

CVE-2021-33742: - Windows MSHTML Platform Remote Code Execution Vulnerability - CVSS:3.0 7.5 / 7.0.

  • Attack vector: Network
  • Attack complexity: High
  • Privileges required: None
  • User interaction required: Required
  • Remediation level: Official Fix
  • Exploit code maturity: Functional
  • Evidence of previous exploit: Yes
  • Publicly disclosed: No

CVE-2021-31199 - Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability - CVSS:3.0 5.2 / 4.8.

  • Attack vector: Local
  • Attack complexity: Low
  • Privileges required: Low
  • User interaction required: None
  • Remediation level: Official Fix
  • Exploit code maturity: Functional
  • Evidence of previous exploit: Yes
  • Publicly disclosed: No

CVE-2021-31201 - Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability - CVSS:3.0 5.2 / 4.8.

  • Attack vector: Local
  • Attack complexity: Low
  • Privileges required: Low
  • User interaction required: None.
  • Remediation level: Official Fix
  • Exploit code maturity: Functional
  • Evidence of previous exploit: Yes
  • Publicly disclosed: No

The following CVE which has been disclosed publicly, has not yet been seen in the wild:

CVE-2021-31968 - Windows Remote Desktop Services Denial of Service Vulnerability - CVSS:3.0 7.5 / 6.5

  • Attack vector: Network
  • Attack complexity: Low
  • Privileges required: None
  • User interaction required: None
  • Remediation level: Official Fix
  • Exploit code maturity: Unproven
  • Evidence of previous exploit: No
  • Publicly disclosed: Yes

Amongst those disclosed on Tuesday 8 June, CyberGuard would like to highlight the following 5 critical vulnerabilities which require remediation, ASAP.

CVE-2021-31963 - Microsoft SharePoint Server Remote Code Execution Vulnerability - CVSS:3.0 7.1 / 6.2.

CVE-2021-31967 - VP9 Video Extensions Remote Code Execution Vulnerability - CVSS:3.0 7.8 / 6.8.

CVE-2021-31985 - Microsoft Defender Remote Code Execution Vulnerability -CVSS:3.0 7.8 / 6.8.

CVE-2021-31978 - Microsoft Defender Denial of Service Vulnerability - CVSS:3.0 5.5 / 4.8.

CVE-2021-33742 - Windows MSHTML Platform Remote Code Execution Vulnerability - CVSS:3.0 7.5 / 7.0

For a full breakdown of all updates, mitigations, and workarounds, please visit Microsoft’s update guide: https://msrc.microsoft.com/update-guide/releaseNote/2021-Jun  

If you are an OGL patch management customer, these vulnerabilities will already be factored into your patch cycle.

Sources: