Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Microsoft’s June 2021 Patch Tuesday Addresses 49 CVEs (CVE-2021-31955, CVE-2021-31956 and CVE-2021-33742)

Microsoft addresses 49 CVEs with six having been observed as exploited in the wild

  1. 5Critical
  2. 44Important
  3. 0Moderate
  4. 0Low

Microsoft patched 49 CVEs in its June 2021 Patch Tuesday release, including five CVEs rated as critical and 44 rated as important.

Tenable's Security Response Team is aware that others may be counting CVE-2021-33741 as part of Patch Tuesday. However, it was patched on June 4 and is not included in our counts.

This month’s update includes fixes for:

  • .NET Core & Visual Studio
  • 3D Viewer
  • Microsoft DWM Core Library
  • Microsoft Intune
  • Microsoft Office
  • Microsoft Office Excel
  • Microsoft Office Outlook
  • Microsoft Office SharePoint
  • Microsoft Scripting Engine
  • Microsoft Windows Codecs Library
  • Paint 3D
  • Role: Hyper-V
  • Visual Studio Code - Kubernetes Tools
  • Windows Bind Filter Driver
  • Windows Common Log File System Driver
  • Windows Cryptographic Services
  • Windows DCOM Server
  • Windows Defender
  • Windows Drivers
  • Windows Event Logging Service
  • Windows Filter Manager
  • Windows HTML Platform
  • Windows Installer
  • Windows Kerberos
  • Windows Kernel
  • Windows Kernel-Mode Drivers
  • Windows Network File System
  • Windows NTFS, Windows NTLM
  • Windows Print Spooler Components
  • Windows Remote Desktop
  • Windows TCP/IP

Remote code execution (RCE) vulnerabilities accounted for 34.7% of the vulnerabilities patched this month, followed by elevation of privilege (EoP) at 26.5%.

Important

CVE-2021-31955 | Windows Kernel Information Disclosure Vulnerability

CVE-2021-31955 is an information disclosure vulnerability in the Windows Kernel (ntoskrnl.exe). It was discovered by researchers at Kaspersky and is associated with a “wave of highly targeted attacks” by a group they call PuzzleMaker. An attacker could use this vulnerability to disclose information from the system, such as kernel addresses. They could then combine this with CVE-2021-31956 to elevate privileges on the targeted system.

Important

CVE-2021-31956 | Windows NTFS Elevation of Privilege Vulnerability

CVE-2021-31956 is an EoP vulnerability within Windows NTFS (New Technology File System) which could allow a local user to elevate their privileges on an affected system. A local user could exploit the flaw with a crafted application in order to take control of a system. This vulnerability affects all currently supported Windows variants including Windows Server and Windows Server Core Installations. Microsoft notes that this flaw has been actively exploited in the wild as a zero-day. Like CVE-2021-31955, this vulnerability is credited to researchers at Kaspersky, who have linked this vulnerability to an attack chain from the PuzzleMaker Group, which includes the use of an unidentified Google Chrome zero-day vulnerability.

Critical

CVE-2021-33742 | Windows MSHTML Platform Remote Code Execution Vulnerability

CVE-2021-33742 is a RCE vulnerability in the Windows MSHTML Platform, Microsoft’s proprietary browser engine. The vulnerability received a CVSSv3 score of 7.5 and has been exploited in the wild as a zero-day. CVE-2021-33742 requires user interaction to exploit, so an attacker would need to entice a victim to open a crafted file or visit a malicious website using an affected application.This vulnerability affects all currently supported versions of Microsoft Windows. Microsoft also noted in their release that while the MSHTML Platform was designed for Internet Explorer, which has been retired, the underlying platforms including MSHTML are supported. Discovery of the vulnerability is credited to Clément Lecigne of Google’s Threat Analysis Group (TAG). Shane Huntley, director of the Google TAG says that, while they plan to share more details about the attack in the future, they have linked it to a “commercial exploit company” that has provided “capability for limited nation state Eastern Europe / Middle East targeting.”

Important

CVE-2021-31939 | Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-31939 is a use-after-free (UAF) vulnerability in Microsoft Excel that could lead to RCE if an attacker is able to convince a target into opening a crafted file. Researchers Sagi Tzadik and Netanel Ben-Simon of Check Point Research wrote a blog post describing their research and fuzzing of Microsoft Office, targeting the MSGraph COM component (MSGraph.Chart.8, GRAPH.EXE). This led to the discovery of CVE-2021-31939 along with three additional CVE’s patched in the May 2021 Patch Tuesday update; CVE-2021-31179, CVE-2021-31174, and CVE-2021-31178.

CVE-2021-31939 is also credited to Zhangjie and willJ from cdsrc, Anonymous working with Trend Micro Zero Day Initiative, Jinquan(@jq0904) of DBAPPSecurity Lieying Lab and Ryelv of Tencent. CVE-2021-31939 received a 5.5 CVSSv3 score and is labeled as “Exploitation Less Likely” by Microsoft with no currently known proof-of-concept code available.

Important

CVE-2021-33739 | Microsoft Desktop Window Manager Core Library Elevation of Privilege Vulnerability

CVE-2021-33739 is an EoP vulnerability in the Microsoft Desktop Window Manager (DWM) core library, dwmcore.dll. It was discovered and reported to Microsoft by researchers at DBAPPSecurity Threat Intelligence Center. In February, DBAPPSecurity Threat Intelligence Center disclosed another zero-day vulnerability, CVE-2021-1732, an elevation of privilege vulnerability in Win32k linked to a threat actor known as BITTER APT. In April, researchers at Kaspersky disclosed CVE-2021-28310, an elevation of privilege zero-day vulnerability in Microsoft DWM Core Library that they connected to multiple threat actors including BITTER APT. While it has not yet been confirmed, it is possible this is another zero-day leveraged by BITTER APT in the wild.

Important

CVE-2021-31983, CVE-2021-31946, CVE-2021-31945 | Multiple Vulnerabilities in Paint 3D

CVE-2021-31983, CVE-2021-31946 and CVE-2021-31945 are RCE vulnerabilities in Microsoft’s Paint 3D, which replaced the original MS Paint. All three received a CVSSv3 score of 7.8 and a severity of Important with an “Exploitation Less Likely” designation. These vulnerabilities are more interesting than concerning. They all require user interaction and the application will automatically update in most cases. However, all three vulnerabilities were discovered by several different researchers including Mat Powell from Trend Micro Zero Day Initiative, Li Qiao of Baidu Security Lab, and garmin working with Trend Micro Zero Day Initiative. One can only speculate why these researchers were examining Paint all at once, unless more information becomes available. Paint 3D wasn’t able to provide any insights either.

Tenable solutions

Users can create scans that focus specifically on our Patch Tuesday plugins. From a new advanced scan, in the plugins tab, set an advanced filter for Plugin Name contains June 2021.

With that filter set, click the plugin families to the left and enable each plugin that appears on the right side. Note: If your families on the left say Enabled, then all the plugins in that family are set. Disable the whole family before selecting the individual plugins for this scan. Here’s an example from Tenable.io:

A list of all the plugins released for Tenable’s June 2021 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.

Get more information

Join Tenable's Security Response Team on the Tenable Community.

Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface.

Get a free 30-day trial of Tenable.io Vulnerability Management.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training