June's Patch Tuesday fixes 7 zero-day Windows flaws, most exploited in the wild


Microsoft

It’s Patch Tuesday, and this month’s update is a doozy, fixing 7 zero-day exploits, of which 6 have been exploited in the wild, and a total of 50 flaws altogether, five classified as Critical and forty-five as Important.

The six actively exploited zero-day vulnerabilities are:

  • CVE-2021-31955 – Windows Kernel Information Disclosure Vulnerability
  • CVE-2021-31956 – Windows NTFS Elevation of Privilege Vulnerability
  • CVE-2021-33739 – Microsoft DWM Core Library Elevation of Privilege Vulnerability
  • CVE-2021-33742 – Windows MSHTML Platform Remote Code Execution Vulnerability
  • CVE-2021-31199 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
  • CVE-2021-31201 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability

CVE-2021-31968 – Windows Remote Desktop Services Denial of Service Vulnerability, was publicly disclosed but fortunately not used in the wild.

The other fixes included in Patch Tuesday are listed below:

Tag CVE ID CVE Title Severity
.NET Core & Visual Studio CVE-2021-31957 .NET Core and Visual Studio Denial of Service Vulnerability Important
3D Viewer CVE-2021-31942 3D Viewer Remote Code Execution Vulnerability Important
3D Viewer CVE-2021-31943 3D Viewer Remote Code Execution Vulnerability Important
3D Viewer CVE-2021-31944 3D Viewer Information Disclosure Vulnerability Important
Microsoft DWM Core Library CVE-2021-33739 Microsoft DWM Core Library Elevation of Privilege Vulnerability Important
Microsoft Edge (Chromium-based) CVE-2021-33741 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important
Microsoft Intune CVE-2021-31980 Microsoft Intune Management Extension Remote Code Execution Vulnerability Important
Microsoft Office CVE-2021-31940 Microsoft Office Graphics Remote Code Execution Vulnerability Important
Microsoft Office CVE-2021-31941 Microsoft Office Graphics Remote Code Execution Vulnerability Important
Microsoft Office Excel CVE-2021-31939 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office Outlook CVE-2021-31949 Microsoft Outlook Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2021-31964 Microsoft SharePoint Server Spoofing Vulnerability Important
Microsoft Office SharePoint CVE-2021-31963 Microsoft SharePoint Server Remote Code Execution Vulnerability Critical
Microsoft Office SharePoint CVE-2021-31950 Microsoft SharePoint Server Spoofing Vulnerability Important
Microsoft Office SharePoint CVE-2021-31948 Microsoft SharePoint Server Spoofing Vulnerability Important
Microsoft Office SharePoint CVE-2021-31966 Microsoft SharePoint Server Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2021-31965 Microsoft SharePoint Server Information Disclosure Vulnerability Important
Microsoft Office SharePoint CVE-2021-26420 Microsoft SharePoint Server Remote Code Execution Vulnerability Important
Microsoft Scripting Engine CVE-2021-31959 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Windows Codecs Library CVE-2021-31967 VP9 Video Extensions Remote Code Execution Vulnerability Critical
Paint 3D CVE-2021-31946 Paint 3D Remote Code Execution Vulnerability Important
Paint 3D CVE-2021-31983 Paint 3D Remote Code Execution Vulnerability Important
Paint 3D CVE-2021-31945 Paint 3D Remote Code Execution Vulnerability Important
Role: Hyper-V CVE-2021-31977 Windows Hyper-V Denial of Service Vulnerability Important
Visual Studio Code – Kubernetes Tools CVE-2021-31938 Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vulnerability Important
Windows Bind Filter Driver CVE-2021-31960 Windows Bind Filter Driver Information Disclosure Vulnerability Important
Windows Common Log File System Driver CVE-2021-31954 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important
Windows Cryptographic Services CVE-2021-31201 Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability Important
Windows Cryptographic Services CVE-2021-31199 Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability Important
Windows DCOM Server CVE-2021-26414 Windows DCOM Server Security Feature Bypass Important
Windows Defender CVE-2021-31978 Microsoft Defender Denial of Service Vulnerability Important
Windows Defender CVE-2021-31985 Microsoft Defender Remote Code Execution Vulnerability Critical
Windows Drivers CVE-2021-31969 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important
Windows Event Logging Service CVE-2021-31972 Event Tracing for Windows Information Disclosure Vulnerability Important
Windows Filter Manager CVE-2021-31953 Windows Filter Manager Elevation of Privilege Vulnerability Important
Windows HTML Platform CVE-2021-31971 Windows HTML Platform Security Feature Bypass Vulnerability Important
Windows Installer CVE-2021-31973 Windows GPSVC Elevation of Privilege Vulnerability Important
Windows Kerberos CVE-2021-31962 Kerberos AppContainer Security Feature Bypass Vulnerability Important
Windows Kernel CVE-2021-31951 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2021-31955 Windows Kernel Information Disclosure Vulnerability Important
Windows Kernel-Mode Drivers CVE-2021-31952 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Important
Windows MSHTML Platform CVE-2021-33742 Windows MSHTML Platform Remote Code Execution Vulnerability Critical
Windows Network File System CVE-2021-31975 Server for NFS Information Disclosure Vulnerability Important
Windows Network File System CVE-2021-31974 Server for NFS Denial of Service Vulnerability Important
Windows Network File System CVE-2021-31976 Server for NFS Information Disclosure Vulnerability Important
Windows NTFS CVE-2021-31956 Windows NTFS Elevation of Privilege Vulnerability Important
Windows NTLM CVE-2021-31958 Windows NTLM Elevation of Privilege Vulnerability Important
Windows Print Spooler Components CVE-2021-1675 Windows Print Spooler Elevation of Privilege Vulnerability Important
Windows Remote Desktop CVE-2021-31968 Windows Remote Desktop Services Denial of Service Vulnerability Important
Windows TCP/IP CVE-2021-31970 Windows TCP/IP Driver Security Feature Bypass Vulnerability Important

Given that some of the flaws are being actively exploited, it would be a good idea to protect your device as soon as possible. You can download the patches by Checking for Updates in Settings.

via BleepingComputer

Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

User forum

0 messages