Microsoft June 2021 Patch Tuesday
This month we got patches for 50 vulnerabilities. Of these, 5 are critical, 2 were previously disclosed and 6 is already being exploited according to Microsoft.
The highlight this time, of course, goes to the 6 zero-days: an elevation of privileges vulnerability on Microsoft DWM Core Library (CVE-2021-33739) - the only previously disclosed, an elevation of privilege vulnerability on Windows NTFS (CVE-2021-31956), an information disclosure vulnerability on Windows Kernel (CVE-2021-31955), an elevation of privilege vulnerability on Microsoft Enhanced Cryptographic Provider (CVE-2021-31201 and CVE-2021-31199) and, more importaltly, a remote code execution vulnerability affecting Windows MSHTML Platform (CVE-2021-33742).
Apart from the zero-days, there is an important security feature bypass Vulnerability Kerberos AppContainer (CVE-2021-31962). According to the advisory, in an enterprise environment this vulnerability might allow an attacker to bypass Kerberos authentication, to authenticate to an arbitrary service principal name. This vulnerability was associated to the highest CVSS this month: 9.4.
There is also a remote code execution affecing Windows Defender (CVE-2021-31985). According to the advisory, this vulnerability is more likely to be exploited, requires no authentication and the attack complexity is low.
See my dashboard for a more detailed breakout: https://patchtuesdaydashboard.com
| Description | |||||||
|---|---|---|---|---|---|---|---|
| CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
| .NET Core and Visual Studio Denial of Service Vulnerability | |||||||
| CVE-2021-31957 | No | No | Less Likely | Less Likely | Important | 5.9 | 5.2 |
| 3D Viewer Information Disclosure Vulnerability | |||||||
| CVE-2021-31944 | No | No | Less Likely | Less Likely | Important | 5.0 | 4.4 |
| 3D Viewer Remote Code Execution Vulnerability | |||||||
| CVE-2021-31942 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2021-31943 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Event Tracing for Windows Information Disclosure Vulnerability | |||||||
| CVE-2021-31972 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Kerberos AppContainer Security Feature Bypass Vulnerability | |||||||
| CVE-2021-31962 | No | No | Less Likely | Less Likely | Important | 9.4 | 8.2 |
| Microsoft DWM Core Library Elevation of Privilege Vulnerability | |||||||
| CVE-2021-33739 | Yes | Yes | Detected | Detected | Important | 8.4 | 7.8 |
| Microsoft Defender Denial of Service Vulnerability | |||||||
| CVE-2021-31978 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Microsoft Defender Remote Code Execution Vulnerability | |||||||
| CVE-2021-31985 | No | No | More Likely | More Likely | Critical | 7.8 | 6.8 |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||||
| CVE-2021-33741 | No | No | Less Likely | Less Likely | Important | 8.2 | 7.1 |
| Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability | |||||||
| CVE-2021-31199 | No | Yes | Detected | Detected | Important | 5.2 | 4.8 |
| CVE-2021-31201 | No | Yes | Detected | Detected | Important | 5.2 | 4.8 |
| Microsoft Excel Remote Code Execution Vulnerability | |||||||
| CVE-2021-31939 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Microsoft Intune Management Extension Remote Code Execution Vulnerability | |||||||
| CVE-2021-31980 | No | No | Less Likely | Less Likely | Important | 8.1 | 7.1 |
| Microsoft Office Graphics Remote Code Execution Vulnerability | |||||||
| CVE-2021-31940 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2021-31941 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Microsoft Outlook Remote Code Execution Vulnerability | |||||||
| CVE-2021-31949 | No | No | Less Likely | Less Likely | Important | 6.7 | 5.8 |
| Microsoft SharePoint Server Information Disclosure Vulnerability | |||||||
| CVE-2021-31965 | No | No | Less Likely | Less Likely | Important | 5.7 | 5.0 |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||||
| CVE-2021-26420 | No | No | Less Likely | Less Likely | Important | 7.1 | 6.2 |
| CVE-2021-31963 | No | No | Less Likely | Less Likely | Critical | 7.1 | 6.2 |
| CVE-2021-31966 | No | No | Less Likely | Less Likely | Important | 7.2 | 6.3 |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||||
| CVE-2021-31964 | No | No | Less Likely | Less Likely | Important | 7.6 | 6.6 |
| CVE-2021-31948 | No | No | Less Likely | Less Likely | Important | 7.6 | 6.6 |
| CVE-2021-31950 | No | No | Less Likely | Less Likely | Important | 7.6 | 6.6 |
| Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vulnerability | |||||||
| CVE-2021-31938 | No | No | Less Likely | Less Likely | Important | 7.3 | 6.4 |
| Paint 3D Remote Code Execution Vulnerability | |||||||
| CVE-2021-31945 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2021-31946 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2021-31983 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Scripting Engine Memory Corruption Vulnerability | |||||||
| CVE-2021-31959 | No | No | More Likely | More Likely | Critical | 6.4 | 5.6 |
| Server for NFS Denial of Service Vulnerability | |||||||
| CVE-2021-31974 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| Server for NFS Information Disclosure Vulnerability | |||||||
| CVE-2021-31975 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| CVE-2021-31976 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| VP9 Video Extensions Remote Code Execution Vulnerability | |||||||
| CVE-2021-31967 | No | No | Less Likely | Less Likely | Critical | 7.8 | 6.8 |
| Windows Bind Filter Driver Information Disclosure Vulnerability | |||||||
| CVE-2021-31960 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2021-31969 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2021-31954 | No | No | More Likely | More Likely | Important | 7.8 | 6.8 |
| Windows DCOM Server Security Feature Bypass | |||||||
| CVE-2021-26414 | No | No | Less Likely | Less Likely | Important | 4.8 | 4.2 |
| Windows Filter Manager Elevation of Privilege Vulnerability | |||||||
| CVE-2021-31953 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows GPSVC Elevation of Privilege Vulnerability | |||||||
| CVE-2021-31973 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows HTML Platform Security Feature Bypass Vulnerability | |||||||
| CVE-2021-31971 | No | No | Less Likely | Less Likely | Important | 6.8 | 5.9 |
| Windows Hyper-V Denial of Service Vulnerability | |||||||
| CVE-2021-31977 | No | No | Less Likely | Less Likely | Important | 8.6 | 7.5 |
| Windows Kernel Elevation of Privilege Vulnerability | |||||||
| CVE-2021-31951 | No | No | More Likely | More Likely | Important | 7.8 | 6.8 |
| Windows Kernel Information Disclosure Vulnerability | |||||||
| CVE-2021-31955 | No | Yes | Detected | Detected | Important | 5.5 | 5.1 |
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2021-31952 | No | No | More Likely | More Likely | Important | 7.8 | 6.8 |
| Windows MSHTML Platform Remote Code Execution Vulnerability | |||||||
| CVE-2021-33742 | No | Yes | Detected | Detected | Critical | 7.5 | 7.0 |
| Windows NTFS Elevation of Privilege Vulnerability | |||||||
| CVE-2021-31956 | No | Yes | Detected | Detected | Important | 7.8 | 7.2 |
| Windows NTLM Elevation of Privilege Vulnerability | |||||||
| CVE-2021-31958 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||||
| CVE-2021-1675 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Remote Desktop Services Denial of Service Vulnerability | |||||||
| CVE-2021-31968 | Yes | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| Windows TCP/IP Driver Security Feature Bypass Vulnerability | |||||||
| CVE-2021-31970 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
--
Renato Marinho
Morphus Labs| LinkedIn|Twitter
Comments