Homepage5Blog5Microsoft Fixes 50 Vulnerabilities on Patch Tuesday, June 2021
Microsoft Fixes 50 Vulnerabilities on Patch Tuesday, June 2021
Manage remote endpoints, deploy software and patches with a robust cloud-based Action1 RMM solution. Start your 2-week trial or use free forever for up to 50 endpoints.
Keeping with its Patch Tuesday tradition, Microsoft has just released 50 security patches for a host of software products and services, including .NET Core and Visual Studio, Microsoft Office, Windows Defender, Windows Codecs Library, 3D Viewer, and Windows HTML Platform. Today’s release included patches for RCE, Elevation of Privilege, DoS, Spoofing, Information Disclosure, and Security Feature Bypass vulnerabilities.
In terms of severity, 45 of the 50 CVEs were marked “Important” and five “Critical.” Among these were seven zero-day vulnerabilities, six of which had already been exploited in the wild. Eight of the security flaws fixed today were reported by the Zero Day Initiative (ZDI). Additionally, Microsoft acknowledged reports from Google Project Zero, Google’s Threat Analysis Group, Check Point Research, Kaspersky, and FireEye, among other contributors.
Here’s an overview of the seven zero-day vulnerabilities and other noteworthy flaws fixed in June’s patch rollout:
This is an RCE vulnerability discovered in Windows Remote MSHTML Platform – a component of Internet Explorer used to fetch and display content from web pages. It scores a 7.5 CVSSv3 and is marked as Critical. The vulnerability was discovered and reported by Clément Lecigne of Google’s Threat Analysis Group (TAG). An active exploit requires user interaction; the attacker has to entice a victim to visit a malicious website or open a crafted file using a flawed application. That’s all we know for now, but TAG plans to share more details about this exploit in the future.
CVE-2021-31955 is an Information Disclosure Vulnerability affecting file ntoskrnl.exe in Windows Kernel. CVE-2021-31956 is a critical Windows NTFS Elevation of Privilege flaw. Both bugs were first discovered and reported by security researchers at Kaspersky Labs. They were exploited together with an unidentified Google Chrome zero-day vulnerability in a chain of highly targeted attacks by a group of hackers known only as PuzzleMaker. CVE-2021-31955 and CVE-2021-31956 affect all supported versions of Windows and could allow attackers to elevate their privileges and take over control of an affected system.
These are two important Microsoft Enhanced Cryptographic Provider Elevation of Privilege CVEs associated with an Adobe Reader RCE bug addressed last month. Through these flaws, attackers could target Adobe Reader users on Windows through downloadable PDF vectors and use them to run various applications on the affected system.
This Microsoft EoP Vulnerability affects the core library file dwmcore.dll in the Desktop Window Manager. The discovery of this CVE is credited to researchers at DBAPPSecurity Threat Intelligence Center. Earlier in February, the same researchers discovered and reported a similar EoP vulnerability in Win32K linked to a threat actor identified as BITTER APT. Although it’s not yet confirmed, BITTER APT might be responsible for this zero-day exploit as well.
The seventh zero-day vulnerability fixed today is CVE-2021-31968 – a Windows Remote Desktop Services Denial of Service Vulnerability. The flaw was publicly disclosed but not reported in any active exploits, at least not yet.
Other Critical and Important CVEs
CVE-2021-31963 – Microsoft SharePoint Server RCE Vulnerability: Although it has a “Critical” severity rating, Microsoft says the flaw is less likely to be exploited.
CVE-2021-31959 – Critical RCE Flaw: This is a scripting engine memory corruption flaw affecting Windows versions: 7,8,10, Server 2008/2012 R2, and Server 2016. To exploit the vulnerability, an attacker must engage the user and get them to open a malicious file.
CVE-2021-31985 – Microsoft Defender’s critical RCE Vulnerability: Microsoft rates this at a 7.8 CVSSv3 score and warns that an attack is more likely to happen.
CVE-2021-31983, CVE-2021-31946, CVE-2021-31945 Multiple Vulnerabilities in Paint 3D: All three score a 7.8 CVSSv3 but are marked as “Exploit Less Likely.” The trio required user interaction during an exploit and were all interestingly discovered by several different researchers at around the same time.
In addition to the 50 security patches, Microsoft also released Windows 10 KB5003637 & KB5003635 cumulative updates today.
We recommend installing these updates and patches as soon as possible and scanning your Windows environment for outdated or unpatched systems, especially those marked “Critical” and “Exploit More Likely.” Please stay tuned for next month’s Patch Tuesday and more news and updates from Microsoft.
Managed IT services is one of the fastest-growing and most lucrative sectors of the business tech industry. The global IT services market is on track to hit $1.1 trillion by 2026, registering an 8.02 CAGR between 2021 and 2026. Although the managed IT market is...
Cybercriminals have been leveraging the latest in technology to plan and execute sophisticated cyberattacks. They use artificial intelligence, the Internet of things (IoT), bots, etc., to execute malware installations, ransomware infections, man-in-the-middle (MITM)...
Today is the second Tuesday of October. Time to check out the latest security updates from Microsoft. In this month’s Patch Tuesday, Microsoft fixed a total of 74 vulnerabilities (81, counting Microsoft Edge for Chromium’s updates). Among the 74 bugs fixed today...
About Action1 RMM
Action1 RMM is a cloud-based IT solution for remote monitoring and management, patching, and remote support.
Start your free two-week trial of Action1, or use RMM tools for free forever on 50 endpoints with no functionality limitations!