fb
Homepage 5 Blog 5 Microsoft Fixes 50 Vulnerabilities on Patch Tuesday, June 2021

Microsoft Fixes 50 Vulnerabilities on Patch Tuesday, June 2021

Manage remote endpoints, deploy software and patches with a robust cloud-based Action1 RMM solution. Start your 2-week trial or use free forever for up to 50 endpoints.



Keeping with its Patch Tuesday tradition, Microsoft has just released 50 security patches for a host of software products and services, including .NET Core and Visual Studio, Microsoft Office, Windows Defender, Windows Codecs Library, 3D Viewer, and Windows HTML Platform. Today’s release included patches for RCE, Elevation of Privilege, DoS, Spoofing, Information Disclosure, and Security Feature Bypass vulnerabilities.

In terms of severity, 45 of the 50 CVEs were marked “Important” and five “Critical.” Among these were seven zero-day vulnerabilities, six of which had already been exploited in the wild. Eight of the security flaws fixed today were reported by the Zero Day Initiative (ZDI). Additionally, Microsoft acknowledged reports from Google Project Zero, Google’s Threat Analysis Group, Check Point Research, Kaspersky, and FireEye, among other contributors.

Here’s an overview of the seven zero-day vulnerabilities and other noteworthy flaws fixed in June’s patch rollout:

Seven Zero-Day Vulnerabilities Fixed

CVE-2021-33742

This is an RCE vulnerability discovered in Windows Remote MSHTML Platform – a component of Internet Explorer used to fetch and display content from web pages. It scores a 7.5 CVSSv3 and is marked as Critical. The vulnerability was discovered and reported by Clément Lecigne of Google’s Threat Analysis Group (TAG). An active exploit requires user interaction; the attacker has to entice a victim to visit a malicious website or open a crafted file using a flawed application. That’s all we know for now, but TAG plans to share more details about this exploit in the future.

CVE-2021-31955 and CVE-2021-31956

CVE-2021-31955 is an Information Disclosure Vulnerability affecting file ntoskrnl.exe in Windows Kernel. CVE-2021-31956 is a critical Windows NTFS Elevation of Privilege flaw. Both bugs were first discovered and reported by security researchers at Kaspersky Labs. They were exploited together with an unidentified Google Chrome zero-day vulnerability in a chain of highly targeted attacks by a group of hackers known only as PuzzleMaker. CVE-2021-31955 and CVE-2021-31956 affect all supported versions of Windows and could allow attackers to elevate their privileges and take over control of an affected system.

CVE-2021-31201 and CVE-2021-31199

These are two important Microsoft Enhanced Cryptographic Provider Elevation of Privilege CVEs associated with an Adobe Reader RCE bug addressed last month. Through these flaws, attackers could target Adobe Reader users on Windows through downloadable PDF vectors and use them to run various applications on the affected system.

CVE-2021-33739

This Microsoft EoP Vulnerability affects the core library file dwmcore.dll in the Desktop Window Manager. The discovery of this CVE is credited to researchers at DBAPPSecurity Threat Intelligence Center. Earlier in February, the same researchers discovered and reported a similar EoP vulnerability in Win32K linked to a threat actor identified as BITTER APT. Although it’s not yet confirmed, BITTER APT might be responsible for this zero-day exploit as well.

The seventh zero-day vulnerability fixed today is CVE-2021-31968 – a Windows Remote Desktop Services Denial of Service Vulnerability. The flaw was publicly disclosed but not reported in any active exploits, at least not yet.

Other Critical and Important CVEs

  • CVE-2021-31963Microsoft SharePoint Server RCE Vulnerability: Although it has a “Critical” severity rating, Microsoft says the flaw is less likely to be exploited.
  • CVE-2021-31959Critical RCE Flaw: This is a scripting engine memory corruption flaw affecting Windows versions: 7,8,10, Server 2008/2012 R2, and Server 2016. To exploit the vulnerability, an attacker must engage the user and get them to open a malicious file.
  • CVE-2021-31985Microsoft Defender’s critical RCE Vulnerability: Microsoft rates this at a 7.8 CVSSv3 score and warns that an attack is more likely to happen.
  • CVE-2021-31983, CVE-2021-31946, CVE-2021-31945 Multiple Vulnerabilities in Paint 3D: All three score a 7.8 CVSSv3 but are marked as “Exploit Less Likely.” The trio required user interaction during an exploit and were all interestingly discovered by several different researchers at around the same time.

In addition to the 50 security patches, Microsoft also released Windows 10 KB5003637 & KB5003635 cumulative updates today.

We recommend installing these updates and patches as soon as possible and scanning your Windows environment for outdated or unpatched systems, especially those marked “Critical” and “Exploit More Likely.” Please stay tuned for next month’s Patch Tuesday and more news and updates from Microsoft.

June 11, 2021

Related Articles

MSP Pricing Models Guide: Achieving MSP Profitability in 2021

MSP Pricing Models Guide: Achieving MSP Profitability in 2021

Managed IT services is one of the fastest-growing and most lucrative sectors of the business tech industry. The global IT services market is on track to hit $1.1 trillion by 2026, registering an 8.02 CAGR between 2021 and 2026. Although the managed IT market is...

Sure Strategies and Ways to Prevent Cyber Attacks

Sure Strategies and Ways to Prevent Cyber Attacks

Cybercriminals have been leveraging the latest in technology to plan and execute sophisticated cyberattacks. They use artificial intelligence, the Internet of things (IoT), bots, etc., to execute malware installations, ransomware infections, man-in-the-middle (MITM)...

About Action1 RMM

Action1 RMM is a cloud-based IT solution for remote monitoring and management, patching, and remote support.

Start your free two-week trial of Action1, or use RMM tools for free forever on 50 endpoints with no functionality limitations!



0 Comments

Submit a Comment

Your email address will not be published.

cloud patch management solutions action1

MSP Solution

Centralize endpoint management and boost efficiency of IT service delivery.

automated server patch management action compliance

Patch Management

Identify and deploy missing OS and third-party software updates.

cloud software deployment tools windows

Software Deployment

Distribute software and updates across managed endpoints.

software distribution tools software inventory action1

IT Asset Inventory

Keep a detailed inventory and manage hardware and software assets.

web client remote desktop

Remote Desktop

Support users via seamless remote desktop connection.

web based rdp client

Unattended Access

Provide administrative support and manage remote devices.

automated patch management action1

Endpoint Management

Run PowerShell, custom scripts, reboot computers and restart services.

API integrations action1

RESTful API

Integrate Action1 RMM to your IT ecosystem.

computer inventory tool for compliance

Reports and Alerts

Conduct endpoint security audits with comprehensive reporting.