[SANS ISC] Microsoft June 2021 Patch Tuesday, (Tue, Jun 8th)

This month we got patches for 50 vulnerabilities. Of these, 5 are critical, 2 were previously disclosed and 6 is already being exploited according to Microsoft.

The highlight this time, of course, goes to the 6 zero-days: an elevation of privileges vulnerability on Microsoft DWM Core Library (CVE-2021-33739) – the only previously disclosed, an elevation of privilege vulnerability on Windows NTFS (CVE-2021-31956), an information disclosure vulnerability on Windows Kernel (CVE-2021-31955), an elevation of privilege vulnerability on Microsoft Enhanced Cryptographic Provider (CVE-2021-31201 and CVE-2021-31199) and, more importaltly, a remote code execution vulnerability affecting Windows MSHTML Platform (CVE-2021-33742).

Apart from the zero-days, there is an important security feature bypass Vulnerability Kerberos AppContainer (CVE-2021-31962). According to the advisory, in an enterprise environment this vulnerability might allow an attacker to bypass Kerberos authentication, to authenticate to an arbitrary service principal name. This vulnerability was associated to the highest CVSS this month: 9.4.

There is also a remote code execution affecing Windows Defender (CVE-2021-31985). According to the advisory, this vulnerability is more likely to be exploited, requires no authentication and the attack complexity is low.

See my dashboard for a more detailed breakout: https://patchtuesdaydashboard.com

Description

CVE
Disclosed
Exploited
Exploitability (old versions)
current version
Severity
CVSS Base (AVG)
CVSS Temporal (AVG)

.NET Core and Visual Studio Denial of Service Vulnerability

%%cve:2021-31957%%
No
No
Less Likely
Less Likely
Important
5.9
5.2

3D Viewer Information Disclosure Vulnerability

%%cve:2021-31944%%
No
No
Less Likely
Less Likely
Important
5.0
4.4

3D Viewer Remote Code Execution Vulnerability

%%cve:2021-31942%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-31943%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Event Tracing for Windows Information Disclosure Vulnerability

%%cve:2021-31972%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

Kerberos AppContainer Security Feature Bypass Vulnerability

%%cve:2021-31962%%
No
No
Less Likely
Less Likely
Important
9.4
8.2

Microsoft DWM Core Library Elevation of Privilege Vulnerability

%%cve:2021-33739%%
Yes
Yes
Detected
Detected
Important
8.4
7.8

Microsoft Defender Denial of Service Vulnerability

%%cve:2021-31978%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

Microsoft Defender Remote Code Execution Vulnerability

%%cve:2021-31985%%
No
No
More Likely
More Likely
Critical
7.8
6.8

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

%%cve:2021-33741%%
No
No
Less Likely
Less Likely
Important
8.2
7.1

Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability

%%cve:2021-31199%%
No
Yes
Detected
Detected
Important
5.2
4.8

%%cve:2021-31201%%
No
Yes
Detected
Detected
Important
5.2
4.8

Microsoft Excel Remote Code Execution Vulnerability

%%cve:2021-31939%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Microsoft Intune Management Extension Remote Code Execution Vulnerability

%%cve:2021-31980%%
No
No
Less Likely
Less Likely
Important
8.1
7.1

Microsoft Office Graphics Remote Code Execution Vulnerability

%%cve:2021-31940%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-31941%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Microsoft Outlook Remote Code Execution Vulnerability

%%cve:2021-31949%%
No
No
Less Likely
Less Likely
Important
6.7
5.8

Microsoft SharePoint Server Information Disclosure Vulnerability

%%cve:2021-31965%%
No
No
Less Likely
Less Likely
Important
5.7
5.0

Microsoft SharePoint Server Remote Code Execution Vulnerability

%%cve:2021-26420%%
No
No
Less Likely
Less Likely
Important
7.1
6.2

%%cve:2021-31963%%
No
No
Less Likely
Less Likely
Critical
7.1
6.2

%%cve:2021-31966%%
No
No
Less Likely
Less Likely
Important
7.2
6.3

Microsoft SharePoint Server Spoofing Vulnerability

%%cve:2021-31964%%
No
No
Less Likely
Less Likely
Important
7.6
6.6

%%cve:2021-31948%%
No
No
Less Likely
Less Likely
Important
7.6
6.6

%%cve:2021-31950%%
No
No
Less Likely
Less Likely
Important
7.6
6.6

Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vulnerability

%%cve:2021-31938%%
No
No
Less Likely
Less Likely
Important
7.3
6.4

Paint 3D Remote Code Execution Vulnerability

%%cve:2021-31945%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-31946%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-31983%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Scripting Engine Memory Corruption Vulnerability

%%cve:2021-31959%%
No
No
More Likely
More Likely
Critical
6.4
5.6

Server for NFS Denial of Service Vulnerability

%%cve:2021-31974%%
No
No
Less Likely
Less Likely
Important
7.5
6.5

Server for NFS Information Disclosure Vulnerability

%%cve:2021-31975%%
No
No
Less Likely
Less Likely
Important
7.5
6.5

%%cve:2021-31976%%
No
No
Less Likely
Less Likely
Important
7.5
6.5

VP9 Video Extensions Remote Code Execution Vulnerability

%%cve:2021-31967%%
No
No
Less Likely
Less Likely
Critical
7.8
6.8

Windows Bind Filter Driver Information Disclosure Vulnerability

%%cve:2021-31960%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

%%cve:2021-31969%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows Common Log File System Driver Elevation of Privilege Vulnerability

%%cve:2021-31954%%
No
No
More Likely
More Likely
Important
7.8
6.8

Windows DCOM Server Security Feature Bypass

%%cve:2021-26414%%
No
No
Less Likely
Less Likely
Important
4.8
4.2

Windows Filter Manager Elevation of Privilege Vulnerability

%%cve:2021-31953%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows GPSVC Elevation of Privilege Vulnerability

%%cve:2021-31973%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows HTML Platform Security Feature Bypass Vulnerability

%%cve:2021-31971%%
No
No
Less Likely
Less Likely
Important
6.8
5.9

Windows Hyper-V Denial of Service Vulnerability

%%cve:2021-31977%%
No
No
Less Likely
Less Likely
Important
8.6
7.5

Windows Kernel Elevation of Privilege Vulnerability

%%cve:2021-31951%%
No
No
More Likely
More Likely
Important
7.8
6.8

Windows Kernel Information Disclosure Vulnerability

%%cve:2021-31955%%
No
Yes
Detected
Detected
Important
5.5
5.1

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

%%cve:2021-31952%%
No
No
More Likely
More Likely
Important
7.8
6.8

Windows MSHTML Platform Remote Code Execution Vulnerability

%%cve:2021-33742%%
No
Yes
Detected
Detected
Critical
7.5
7.0

Windows NTFS Elevation of Privilege Vulnerability

%%cve:2021-31956%%
No
Yes
Detected
Detected
Important
7.8
7.2

Windows NTLM Elevation of Privilege Vulnerability

%%cve:2021-31958%%
No
No
Less Likely
Less Likely
Important
7.5
6.5

Windows Print Spooler Elevation of Privilege Vulnerability

%%cve:2021-1675%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows Remote Desktop Services Denial of Service Vulnerability

%%cve:2021-31968%%
Yes
No
Less Likely
Less Likely
Important
7.5
6.5

Windows TCP/IP Driver Security Feature Bypass Vulnerability

%%cve:2021-31970%%
No
No
Less Likely
Less Likely
Important
5.5
4.8


Renato Marinho
Morphus Labs| LinkedIn|Twitter

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Source: Read More (SANS Internet Storm Center, InfoCON: green)

You might be interested in …

[TheRecord] Fired credit union worker pleads guilty after accessing and deleting thousands of files

A disgruntled former credit union employee pleaded guilty in Brooklyn Federal Court on Tuesday to one count of computer intrusion after she accessed the company’s file server and deleted more than 21 gigabytes of data, including more than 20,000 files and nearly 3,500 directories, according to the Department of Justice. Juliana Barile, a 35-year-old who […]

Read More

[SecurityWeek] Security Lessons Learned From Adopting a Pound Dog

All posts, Security Week

About a year ago, we adopted a pound dog named Nala. She was about three months old when we got her. When we first met her, we immediately picked up on her sweet personality and her eagerness to please. With some training and a lot of love, those traits have remained, and she has grown […]

Read More

[SecurityWeek] Morgan Stanley Hit by Accellion Hack Through Third-Party Vendor

All posts, Security Week

Investment banking firm Morgan Stanley has informed the New Hampshire Attorney General that personal information of some customers was compromised through a third-party vendor that was using the Accellion FTA service. read more Source: Read More (SecurityWeek RSS Feed)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.