Microsoft just fixed 50 vulnerabilities in June 2021 Patch Tuesday, five of which rated critical, and the rest important. Six of the vulnerabilities are currently deployed in malicious attacks, three of which are publicly known.
The actively exploited flaws include four elevation of privilege issues, one information disclosure and one RCE (remote code execution) bug.
Critical Vulnerabilities in June 2021 Patch Tuesday
The first of the critical issues addressed this month is known under the CVE-2021-31985 is identifier. It is a Microsoft Defender Remote Code Execution Vulnerability, similar to a vulnerability patched in January this year. CVE-2021-1647, the January issue, is also a remote code execution flaw that could be trivial to exploit. According to reports, the vulnerability was exploited in the wild as well. The bug could be exploited by tricking the user into opening a malicious document on a vulnerable system that has Windows Defender installed.
Another critical vulnerability that deserves attention is CVE-2021-31963, an issue in Microsoft SharePoint Server RCE. According to Jay Goodman, director of product marketing at Automox, in case of a successful exploit, attackers could obtain control of a system, thus being able to install programs, view or change data, or create new accounts with full user rights.
While Microsoft reports that this particular flaw is less likely to be exploited, the researcher says organizations should not underestimate it. Applying the patch for any critical vulnerability in the 72-hour window before threat actors can weaponize the exploit is a crucial step to maintaining a secure infrastructure, the expert noted.
Actively Exploited Vulnerabilities
As already mentioned, some of the fixed issues this month are under active exploitation. The list includes:
- CVE-2021-31955, which is a Windows Kernel Information Disclosure Vulnerability. Rating: Important, with a CVSS rating of 5.5 out of 10;
- CVE-2021-31956, a Windows NTFS Elevation of Privilege Vulnerability, rated 7.8;
- CVE-2021-33739, a Microsoft DWM Core Library Elevation of Privilege Vulnerability, rated 8.4 in terms of severity;
- CVE-2021-33742, a Windows MSHTML Platform Remote Code Execution Vulnerability, which is a critical issue with a CVSS 7.5 rating;
- CVE-2021-31199, a Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability, which is marked as important and has a CVSS rating of 5.2;
- CVE-2021-31201, a Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability, classified as important with a CVSS score of 5.2.
It is noteworthy that two of the above security flaws, CVE-2021-31955 and CVE-2021-31956, have been exploited in targeted attacks carried out by the so-called PuzzleMaker threat actors.
Security researchers warn that the two flaws can be chained and used to perform a memory leak attack to get the address needed to perform escalation of privileges. Suggested. When used together, these two bugs could be quite threatening, and patching them should be prioritized.
More information is available in Microsoft’s official security advisory for June 2021.
It is curious to mention that last year’s June Patch Tuesday was Microsoft’s biggest so far, containing fixes for 129 vulnerabilities. However, despite being the largest Patch Tuesday in the history of the company, it didn’t include fixes for zero-day bugs, meaning that none of the vulnerabilities were exploited in the wild.