Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses Microsoft’s June 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-947 on Wednesday, June 9th.

In-The-Wild & Disclosed CVEs

CVE-2021-31955

This is one of two vulnerabilities fixed in today’s patch drop which were reported by Kaspersky Lab after detecting exploitation by threat actor PuzzleMaker. This Windows Kernel Information Disclosure could allow an attacker to read kernel memory via a user mode process via a vulnerable function call related to SuperFetch. The vulnerability in ntoskrnl.exe has been exploited in the wild.

Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.

CVE-2021-31956

This is the second of two vulnerabilities fixed in today’s patch drop which were reported by Kaspersky Lab after detecting exploitation by threat actor PuzzleMaker. This vulnerability requires that an authenticated user execute code locally in order to exploit a heap-based buffer overflow in NTFS (ntfs.sys) that will allow for privilege escalation.

Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.

CVE-2021-33739

This CVE describes a publicly disclosed and exploited vulnerability in Desktop Window Manager (DWM) Core that could lead to privilege escalation via the execution of a malicious script or executable by an authenticated user.

Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.

CVE-2021-33742

Google’s Threat Analysis Group (TAG) reported this vulnerability in MSHTML that has been exploited in the wild to Microsoft. Microsoft has included an important to read FAQ entry on this vulnerability. They note that while Internet Explorer 11 is being retired on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying technology – MSHTML, EdgeHTML, and scripting platforms – are still supported. You can read more on the retirement in this Microsoft FAQ published last month. According to a tweet from Shane Huntley, this appears to be “a commercial exploit company providing capability for limited nation state Eastern Europe / Middle East targeting”

Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.

CVE-2021-31201

This is the first of two vulnerabilities related to Adobe’s APSB21-29 security bulletin. A privilege escalation exists within the Microsoft Enhanced Cryptographic Provider that has been publicly exploited. Microsoft has indicate that you must install the June patch bundle in order to be protected against all three CVEs.

Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.

CVE-2021-31199

This is the second of two vulnerabilities related to Adobe’s APSB21-29 security bulletin. A privilege escalation exists within the Microsoft Enhanced Cryptographic Provider that has been publicly exploited. Microsoft has indicate that you must install the June patch bundle in order to be protected against all three CVEs.

Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.

CVE-2021-31968

This vulnerability has been disclosed but not publicly exploited and could allow a remote, unauthenticated attacker to perform a denial of service against Windows Remote Desktop Services.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

Tag CVE Count CVEs
Windows DCOM Server1CVE-2021-26414
.NET Core & Visual Studio1CVE-2021-31957
Visual Studio Code – Kubernetes Tools1CVE-2021-31938
Windows Bind Filter Driver1CVE-2021-31960
Windows Cryptographic Services2CVE-2021-31199, CVE-2021-31201
Windows Installer1CVE-2021-31973
Windows Common Log File System Driver1CVE-2021-31954
Windows Network File System3CVE-2021-31974, CVE-2021-31975, CVE-2021-31976
Microsoft Scripting Engine1CVE-2021-31959
Microsoft Office SharePoint7CVE-2021-26420, CVE-2021-31963, CVE-2021-31964, CVE-2021-31965, CVE-2021-31966, CVE-2021-31948, CVE-2021-31950
Microsoft Windows Codecs Library1CVE-2021-31967
Microsoft Office Excel1CVE-2021-31939
3D Viewer3CVE-2021-31942, CVE-2021-31943, CVE-2021-31944
Windows Kernel2CVE-2021-31951, CVE-2021-31955
Role: Hyper-V1CVE-2021-31977
Paint 3D3CVE-2021-31945, CVE-2021-31946, CVE-2021-31983
Microsoft DWM Core Library1CVE-2021-33739
Microsoft Office2CVE-2021-31940, CVE-2021-31941
Windows Defender2CVE-2021-31978, CVE-2021-31985
Windows Remote Desktop1CVE-2021-31968
Windows NTLM1CVE-2021-31958
Windows MSHTML Platform1CVE-2021-33742
Windows Event Logging Service1CVE-2021-31972
Windows Filter Manager1CVE-2021-31953
Windows Drivers1CVE-2021-31969
Microsoft Office Outlook1CVE-2021-31949
Windows TCP/IP1CVE-2021-31970
Windows Kerberos1CVE-2021-31962
Windows Kernel-Mode Drivers1CVE-2021-31952
Windows Print Spooler Components1CVE-2021-1675
Windows HTML Platform1CVE-2021-31971
Microsoft Edge (Chromium-based)1CVE-2021-33741
Microsoft Intune1CVE-2021-31980
Windows NTFS1CVE-2021-31956

Other Information

There were no advisories included in the June Security Guidance.

Mastering Configuration Management Across the Modern Enterprise