Jump to content
  • Microsoft June 2021 Patch Tuesday fixes 6 exploited zero-days, 50 flaws


    Karlston

    • 1.1k views
    • 5 minutes
     Share


    • 1.1k views
    • 5 minutes

    Microsoft June 2021 Patch Tuesday fixes 6 exploited zero-days, 50 flaws

     

    Today is Microsoft's June 2021 Patch Tuesday, and with it comes fixes for seven zero-day vulnerabilities and a total of 50 flaws, so Windows admins will be scrambling to get devices secured.

     

    Microsoft has fixed 50 vulnerabilities with today's update, with five classified as Critical and forty-five as Important.

     

    For information about the non-security Windows updates, you can read about today's Windows 10 KB5003637 & KB5003635 cumulative updates.

    Seven zero-day vulnerabilities fixed

    As part of today's Patch Tuesday, Microsoft has fixed seven zero-day vulnerabilities, with six of them known to be exploited in the past.

     

    The six actively exploited zero-day vulnerabilities are:

     

    • CVE-2021-31955 - Windows Kernel Information Disclosure Vulnerability 
    • CVE-2021-31956 - Windows NTFS Elevation of Privilege Vulnerability
    • CVE-2021-33739 - Microsoft DWM Core Library Elevation of Privilege Vulnerability
    • CVE-2021-33742 - Windows MSHTML Platform Remote Code Execution Vulnerability
    • CVE-2021-31199 - Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
    • CVE-2021-31201 - Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability

     

    In addition, the 'CVE-2021-31968 - Windows Remote Desktop Services Denial of Service Vulnerability' was publicly disclosed but not seen in attacks.

     

    Kaspersky discovered two of the zero-day vulnerabilities, so we will likely see a report coming soon explaining how they were used.

    Recent updates from other companies

    Other vendors who released updates in June include:

     

    The June 2021 Patch Tuesday Security Updates

    Below is the full list of resolved vulnerabilities and released advisories in the June 2021 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

     

    Tag CVE ID CVE Title Severity
    .NET Core & Visual Studio CVE-2021-31957 .NET Core and Visual Studio Denial of Service Vulnerability Important
    3D Viewer CVE-2021-31942 3D Viewer Remote Code Execution Vulnerability Important
    3D Viewer CVE-2021-31943 3D Viewer Remote Code Execution Vulnerability Important
    3D Viewer CVE-2021-31944 3D Viewer Information Disclosure Vulnerability Important
    Microsoft DWM Core Library CVE-2021-33739 Microsoft DWM Core Library Elevation of Privilege Vulnerability Important
    Microsoft Edge (Chromium-based) CVE-2021-33741 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important
    Microsoft Intune CVE-2021-31980 Microsoft Intune Management Extension Remote Code Execution Vulnerability Important
    Microsoft Office CVE-2021-31940 Microsoft Office Graphics Remote Code Execution Vulnerability Important
    Microsoft Office CVE-2021-31941 Microsoft Office Graphics Remote Code Execution Vulnerability Important
    Microsoft Office Excel CVE-2021-31939 Microsoft Excel Remote Code Execution Vulnerability Important
    Microsoft Office Outlook CVE-2021-31949 Microsoft Outlook Remote Code Execution Vulnerability Important
    Microsoft Office SharePoint CVE-2021-31964 Microsoft SharePoint Server Spoofing Vulnerability Important
    Microsoft Office SharePoint CVE-2021-31963 Microsoft SharePoint Server Remote Code Execution Vulnerability Critical
    Microsoft Office SharePoint CVE-2021-31950 Microsoft SharePoint Server Spoofing Vulnerability Important
    Microsoft Office SharePoint CVE-2021-31948 Microsoft SharePoint Server Spoofing Vulnerability Important
    Microsoft Office SharePoint CVE-2021-31966 Microsoft SharePoint Server Remote Code Execution Vulnerability Important
    Microsoft Office SharePoint CVE-2021-31965 Microsoft SharePoint Server Information Disclosure Vulnerability Important
    Microsoft Office SharePoint CVE-2021-26420 Microsoft SharePoint Server Remote Code Execution Vulnerability Important
    Microsoft Scripting Engine CVE-2021-31959 Scripting Engine Memory Corruption Vulnerability Critical
    Microsoft Windows Codecs Library CVE-2021-31967 VP9 Video Extensions Remote Code Execution Vulnerability Critical
    Paint 3D CVE-2021-31946 Paint 3D Remote Code Execution Vulnerability Important
    Paint 3D CVE-2021-31983 Paint 3D Remote Code Execution Vulnerability Important
    Paint 3D CVE-2021-31945 Paint 3D Remote Code Execution Vulnerability Important
    Role: Hyper-V CVE-2021-31977 Windows Hyper-V Denial of Service Vulnerability Important
    Visual Studio Code - Kubernetes Tools CVE-2021-31938 Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vulnerability Important
    Windows Bind Filter Driver CVE-2021-31960 Windows Bind Filter Driver Information Disclosure Vulnerability Important
    Windows Common Log File System Driver CVE-2021-31954 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important
    Windows Cryptographic Services CVE-2021-31201 Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability Important
    Windows Cryptographic Services CVE-2021-31199 Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability Important
    Windows DCOM Server CVE-2021-26414 Windows DCOM Server Security Feature Bypass Important
    Windows Defender CVE-2021-31978 Microsoft Defender Denial of Service Vulnerability Important
    Windows Defender CVE-2021-31985 Microsoft Defender Remote Code Execution Vulnerability Critical
    Windows Drivers CVE-2021-31969 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important
    Windows Event Logging Service CVE-2021-31972 Event Tracing for Windows Information Disclosure Vulnerability Important
    Windows Filter Manager CVE-2021-31953 Windows Filter Manager Elevation of Privilege Vulnerability Important
    Windows HTML Platform CVE-2021-31971 Windows HTML Platform Security Feature Bypass Vulnerability Important
    Windows Installer CVE-2021-31973 Windows GPSVC Elevation of Privilege Vulnerability Important
    Windows Kerberos CVE-2021-31962 Kerberos AppContainer Security Feature Bypass Vulnerability Important
    Windows Kernel CVE-2021-31951 Windows Kernel Elevation of Privilege Vulnerability Important
    Windows Kernel CVE-2021-31955 Windows Kernel Information Disclosure Vulnerability Important
    Windows Kernel-Mode Drivers CVE-2021-31952 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Important
    Windows MSHTML Platform CVE-2021-33742 Windows MSHTML Platform Remote Code Execution Vulnerability Critical
    Windows Network File System CVE-2021-31975 Server for NFS Information Disclosure Vulnerability Important
    Windows Network File System CVE-2021-31974 Server for NFS Denial of Service Vulnerability Important
    Windows Network File System CVE-2021-31976 Server for NFS Information Disclosure Vulnerability Important
    Windows NTFS CVE-2021-31956 Windows NTFS Elevation of Privilege Vulnerability Important
    Windows NTLM CVE-2021-31958 Windows NTLM Elevation of Privilege Vulnerability Important
    Windows Print Spooler Components CVE-2021-1675 Windows Print Spooler Elevation of Privilege Vulnerability Important
    Windows Remote Desktop CVE-2021-31968 Windows Remote Desktop Services Denial of Service Vulnerability Important
    Windows TCP/IP CVE-2021-31970 Windows TCP/IP Driver Security Feature Bypass Vulnerability Important

     

     

    Microsoft June 2021 Patch Tuesday fixes 6 exploited zero-days, 50 flaws

    • Like 4

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...