HEAD OF MARKETING COMMUNICATIONS & PR

Microsoft has released its monthly security updates, with 50 patched vulnerabilities. Out of these, 5 are rated “Critical” and 45 are rated “Important” in severity. According to the tech giant, 6 zero-days have been spotted being exploited in the wild, indicating they may be abused by threat actors to gain full, remote control of compromised devices without any user intervention. As usual, Heimdal™ advises you to apply the updates as soon as possible.

Patch Tuesday, June 2021: Highlights

Microsoft Office, .NET Core & Visual Studio, the Edge browser, Windows Cryptographic Services, SharePoint, Outlook, and Excel are all products impacted by June’s security update.

The zero-day vulnerabilities that Microsoft has tracked as being actively exploited, now patched in this update, are:

  • CVE-2021-33742: a Remote Code Execution vulnerability in a Windows HTML component
  • CVE-2021-33739: an Elevation of Privilege vulnerability in the Microsoft Desktop Window Manager
  • CVE-2021-31199: an Elevation of Privilege vulnerability in the Microsoft Enhanced Cryptographic Provider
  • CVE-2021-31201: an Elevation of Privilege vulnerability in the Microsoft Enhanced Cryptographic Provider
  • CVE-2021-31955: an information disclosure vulnerability in the Windows Kernel
  • CVE-2021-31956: an Elevation of Privilege vulnerability in Windows NTFS

Apart from these vulnerabilities, CVE-2021-31968 was also reported by Microsoft, although it’s not actively exploited in the wild. The zero-day has a 7.5 CVSS score and could be exploited to trigger denial-of-service.

The Zero Day Initiative reported eight of these vulnerabilities. Microsoft has also acknowledged reports from Google’s Threat Analysis Group, Google Project Zero, Nixu Cybersecurity, Check Point Research, FireEye, and others.

Below you will find the breakdown of patched vulnerabilities in the June 2021 Patch Tuesday security updates. Additionally, you can access the full report here.

CVE IDProductImpactSeverity
CVE-2021-31957.NET Core & Visual Studio.NET Core and Visual Studio Denial of Service VulnerabilityImportant
CVE-2021-319423D Viewer3D Viewer Remote Code Execution VulnerabilityImportant
CVE-2021-319433D Viewer3D Viewer Remote Code Execution VulnerabilityImportant
CVE-2021-319443D Viewer3D Viewer Information Disclosure VulnerabilityImportant
CVE-2021-33739Microsoft DWM Core LibraryMicrosoft DWM Core Library Elevation of Privilege VulnerabilityImportant
CVE-2021-33741Microsoft Edge Microsoft Edge Elevation of Privilege VulnerabilityImportant
CVE-2021-31980Microsoft IntuneMicrosoft Intune Management Extension Remote Code Execution VulnerabilityImportant
CVE-2021-31940Microsoft OfficeMicrosoft Office Graphics Remote Code Execution VulnerabilityImportant
CVE-2021-31941Microsoft OfficeMicrosoft Office Graphics Remote Code Execution VulnerabilityImportant
CVE-2021-31939Microsoft Office ExcelMicrosoft Excel Remote Code Execution VulnerabilityImportant
CVE-2021-31949Microsoft Office OutlookMicrosoft Outlook Remote Code Execution VulnerabilityImportant
CVE-2021-31964Microsoft Office SharePointMicrosoft SharePoint Server Spoofing VulnerabilityCritical
CVE-2021-31963Microsoft Office SharePointMicrosoft SharePoint Server Remote Code Execution VulnerabilityImportant
CVE-2021-31950Microsoft Office SharePointMicrosoft SharePoint Server Spoofing VulnerabilityImportant
CVE-2021-31948Microsoft Office SharePointMicrosoft SharePoint Server Spoofing VulnerabilityImportant
CVE-2021-31966Microsoft Office SharePointMicrosoft SharePoint Server Remote Code Execution VulnerabilityImportant
CVE-2021-31965Microsoft Office SharePointMicrosoft SharePoint Server Information Disclosure VulnerabilityImportant
CVE-2021-26420Microsoft Office SharePointMicrosoft SharePoint Server Remote Code Execution VulnerabilityImportant
CVE-2021-31959Microsoft Scripting EngineScripting Engine Memory Corruption VulnerabilityCritical
CVE-2021-31967Microsoft Windows Codecs LibraryVP9 Video Extensions Remote Code Execution VulnerabilityCritical
CVE-2021-31946Paint 3DPaint 3D Remote Code Execution VulnerabilityImportant
CVE-2021-31983Paint 3DPaint 3D Remote Code Execution VulnerabilityImportant
CVE-2021-31945Paint 3DPaint 3D Remote Code Execution VulnerabilityImportant
CVE-2021-31977Role: Hyper-VWindows Hyper-V Denial of Service VulnerabilityImportant
CVE-2021-31938Visual Studio Code - Kubernetes ToolsMicrosoft VsCode Kubernetes Tools Extension Elevation of Privilege VulnerabilityImportant
CVE-2021-31960Windows Bind Filter DriverWindows Bind Filter Driver Information Disclosure VulnerabilityImportant
CVE-2021-31954Windows Common Log File System DriverWindows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
CVE-2021-31201Windows Cryptographic ServicesMicrosoft Enhanced Cryptographic Provider Elevation of Privilege VulnerabilityImportant
CVE-2021-31199Windows Cryptographic ServicesMicrosoft Enhanced Cryptographic Provider Elevation of Privilege VulnerabilityImportant
CVE-2021-26414Windows DCOM ServerWindows DCOM Server Security Feature BypassImportant
CVE-2021-31978Windows DefenderMicrosoft Defender Denial of Service VulnerabilityImportant
CVE-2021-31985Windows DefenderMicrosoft Defender Remote Code Execution VulnerabilityCritical
CVE-2021-31969Windows DriversWindows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
CVE-2021-31972Windows Event Logging ServiceEvent Tracing for Windows Information Disclosure VulnerabilityImportant
CVE-2021-31953Windows Filter ManagerWindows Filter Manager Elevation of Privilege VulnerabilityImportant
CVE-2021-31971Windows HTML PlatformWindows HTML Platform Security Feature Bypass VulnerabilityImportant
CVE-2021-31973Windows InstallerWindows GPSVC Elevation of Privilege VulnerabilityImportant
CVE-2021-31962Windows KerberosKerberos AppContainer Security Feature Bypass VulnerabilityImportant
CVE-2021-31951Windows KernelWindows Kernel Elevation of Privilege VulnerabilityImportant
CVE-2021-31955Windows KernelWindows Kernel Information Disclosure VulnerabilityImportant
CVE-2021-31952Windows Kernel-Mode DriversWindows Kernel-Mode Driver Elevation of Privilege VulnerabilityImportant
CVE-2021-33742Windows MSHTML PlatformWindows MSHTML Platform Remote Code Execution VulnerabilityCritical
CVE-2021-31975Windows Network File SystemServer for NFS Information Disclosure VulnerabilityImportant
CVE-2021-31974Windows Network File SystemServer for NFS Denial of Service VulnerabilityImportant
CVE-2021-31976Windows Network File SystemServer for NFS Information Disclosure VulnerabilityImportant
CVE-2021-31956Windows NTFSWindows NTFS Elevation of Privilege VulnerabilityImportant
CVE-2021-31958Windows NTLMWindows NTLM Elevation of Privilege VulnerabilityImportant
CVE-2021-1675Windows Print Spooler ComponentsWindows Print Spooler Elevation of Privilege VulnerabilityImportant
CVE-2021-31968Windows Remote DesktopWindows Remote Desktop Services Denial of Service VulnerabilityImportant
CVE-2021-31970Windows TCP/IPWindows TCP/IP Driver Security Feature Bypass VulnerabilityImportant

Additional Cybersecurity Tips & References

Heimdal™ Patch & Asset Management offers a very simple solution to patch management, with fully customizable set-and-forget settings for Automatic deployment of software and updates. It also comes with full compliance and CVE/CVSS audit trail and updates are delivered fully repackaged, ad-free, and tested beforehand by our security experts. Our customers receive the patches using encrypted packages inside encrypted HTTPS transfer to their endpoints locally and the distribution is further optimized using a local P2P network between their own machines. What’s more, the built-in software center allows them to remove admin rights and permit their users to click and install only the software they approve.

As always, our Heimdal™ Threat Prevention and Heimdal™ Patch & Asset Management​ customers keep their organizations safe by applying the latest Microsoft patches in a timely manner.

Learn how automated patch management can add a powerful layer of defense to your organization and get in touch with us today for a free walkthrough.

Heimdal Official Logo
Antivirus is no longer enough to keep an organization’s systems secure.

Heimdal® DNS Security Solution

Is our next gen proactive DNS-Layer security that stops unknown threats before they reach your endpoints.
  • Machine learning powered scans for all incoming online traffic;
  • Stops data breaches before sensitive info can be exposed to the outside;
  • Advanced DNS, HTTP and HTTPS filtering for all your endpoints;
  • Protection against data leakage, APTs, ransomware and exploits;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP