Report Name: Microsoft Patch Tuesday, June 2021Generated: 2021-07-09 21:44:14
| Product Name | Prevalence | U | C | H | M | L | Comment |
|---|---|---|---|---|---|---|---|
| Windows Kernel | 0.9 | 1 | 1 | Windows Kernel | |||
| Windows NTLM | 0.9 | 1 | A suite of security protocols to authenticate users' identity and protect the integrity and confidentiality of their activity | ||||
| Windows TCP/IP Driver | 0.9 | 1 | A kernel mode driver | ||||
| ASP.NET | 0.8 | 1 | An open-source, server-side web-application framework designed for web development | ||||
| Event Tracing for Windows | 0.8 | 1 | Windows component | ||||
| Kerberos AppContainer | 0.8 | 1 | Windows component | ||||
| Microsoft DWM Core Library | 0.8 | 1 | Windows component | ||||
| Microsoft Defender | 0.8 | 1 | 1 | Anti-malware component of Microsoft Windows | |||
| Microsoft Enhanced Cryptographic Provider | 0.8 | 2 | Windows component | ||||
| Server for NFS | 0.8 | 1 | 2 | Windows component | |||
| Windows Bind Filter Driver | 0.8 | 1 | Windows component | ||||
| Windows Cloud Files Mini Filter Driver | 0.8 | 1 | Windows component | ||||
| Windows Common Log File System Driver | 0.8 | 1 | Windows component | ||||
| Windows DCOM Server | 0.8 | 1 | Windows component | ||||
| Windows Filter Manager | 0.8 | 1 | Windows component | ||||
| Windows GPSVC | 0.8 | 1 | Windows component | ||||
| Windows HTML Platform | 0.8 | 1 | Windows component | ||||
| Windows Kernel-Mode Driver | 0.8 | 1 | Windows component | ||||
| Windows MSHTML Platform | 0.8 | 1 | Windows component | ||||
| Windows NTFS | 0.8 | 1 | The default file system of the Windows NT family | ||||
| Windows Print Spooler | 0.8 | 1 | Windows component | ||||
| Windows Remote Desktop Services | 0.8 | 1 | Windows component | ||||
| 3D Viewer | 0.7 | 2 | 1 | Standard Windows Application | |||
| Microsoft SharePoint | 0.7 | 4 | 3 | Microsoft SharePoint | |||
| Paint 3D | 0.7 | 3 | Standard Windows Application | ||||
| VP9 Video Extensions | 0.7 | 1 | VP9 is an open and royalty-free video coding format developed by Google | ||||
| Microsoft Excel | 0.6 | 1 | MS Office product | ||||
| Microsoft Office Graphics | 0.6 | 2 | Microsoft Office Graphics | ||||
| Microsoft Outlook | 0.6 | 1 | MS Office product | ||||
| Microsoft Scripting Engine | 0.6 | 1 | Microsoft Scripting Engine | ||||
| Windows Hyper-V | 0.6 | 1 | Hardware virtualization component of the client editions of Windows NT | ||||
| Microsoft Intune Management Extension | 0.3 | 1 | Optional agent for Microsoft Intune | ||||
| Visual Studio Code Kubernetes Tools Extension | 0.2 | 1 | Extension for Visual Studio Code IDE |
| Vulnerability Type | Criticality | U | C | H | M | L | Comment |
|---|---|---|---|---|---|---|---|
| Remote Code Execution | 1.0 | 2 | 14 | 1 | Remote Code Execution | ||
| Security Feature Bypass | 0.9 | 4 | Security Feature Bypass | ||||
| Denial of Service | 0.7 | 2 | 3 | Denial of Service | |||
| Memory Corruption | 0.6 | 1 | Memory Corruption | ||||
| Elevation of Privilege | 0.5 | 2 | 2 | 8 | Elevation of Privilege | ||
| Information Disclosure | 0.4 | 1 | 6 | Information Disclosure | |||
| Spoofing | 0.4 | 1 | 2 | Spoofing |
1. 
Remote Code Execution - Windows Print Spooler (CVE-2021-1675) - Critical [705]
Description: Windows Print Spooler Elevation of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 1.0 | 18 | Exploitation in the wild is mentioned at Vulners (AttackerKB object) | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
2. Remote Code Execution - Windows MSHTML Platform (CVE-2021-33742) - Critical [705]
Description: Windows MSHTML Platform Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 1.0 | 18 | Exploitation in the wild is mentioned at Vulners (AttackerKB object), AttackerKB, Microsoft | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data |
qualys: CVE-2021-33742 – Windows MSHTML Platform Remote Code Execution Vulnerability
tenable: CVE-2021-33742 is a RCE vulnerability in the Windows MSHTML Platform, Microsoft’s proprietary browser engine. The vulnerability received a CVSSv3 score of 7.5 and has been exploited in the wild as a zero-day. CVE-2021-33742 requires user interaction to exploit, so an attacker would need to entice a victim to open a crafted file or visit a malicious website using an affected application.This vulnerability affects all currently supported versions of Microsoft Windows. Microsoft also noted in their release that while the MSHTML Platform was designed for Internet Explorer, which has been retired, the underlying platforms including MSHTML are supported. Discovery of the vulnerability is credited to Clément Lecigne of Google’s Threat Analysis Group (TAG). Shane Huntley, director of the Google TAG says that, while they plan to share more details about the attack in the future, they have linked it to a “commercial exploit company” that has provided “capability for limited nation state Eastern Europe / Middle East targeting.”
tenable: More details will be on CVE-2021-33742 will come from the team, but for context this seem to be a commercial exploit company providing capability for limited nation state Eastern Europe / Middle East targeting.
tenable: More details will be on CVE-2021-33742 will come from the team, but for context this seem to be a commercial exploit company providing capability for limited nation state Eastern Europe / Middle East targeting. — Shane Huntley (@ShaneHuntley) June 8, 2021
rapid7: It is another low volume Patch Tuesday this month as Microsoft releases fixes for 50 vulnerabilities. This should not diminish the importance of speedily applying the updates. 6 of the vulnerabilities being patched this month are 0-days under active exploitation (CVE-2021-31955, CVE-2021-31956, CVE-2021-33739, CVE-2021-33742, CVE-2021-31199, and CVE-2021-31201). These patches should be given immediate priority. Luckily they can all be addressed by normal operating system patches and should not require additional manual intervention. Additionally, Enterprises should take action on CVE-2021-31962 if they use Kerberos in their environment as it may allow an attacker to bypass Kerberos authentication altogether.
rapid7: Windows MSHTML Platform Remote Code Execution Vulnerability (CVE-2021-33742). This is the only 0-day vulnerability this month which results in a remote code execution. The vulnerability lies within the MSHTML platform which is used by Internet Explorer 11 and Edge Legacy. While these two products are no longer fully supported (Edge Legacy is end of life and IE 11 is no longer supported on certain platforms) the underlying HTML libraries continue to be updated as other applications can make use of it. Further details for this vulnerability will be published by Google's Threat Analysis Group within the next 30 days.
zdi: CVE-2021-33742 - Windows MSHTML Platform Remote Code Execution Vulnerability. This bug could allow an attacker to execute code on a target system if a user views specially crafted web content. Since the vulnerability is in the Trident (MSHTML) engine itself, many different applications are impacted – not just Internet Explorer. It’s not clear how widespread the active attacks are, but considering the vulnerability impacts all supported Windows versions, this should be at the top of your test and deploy list.
3. 
Elevation of Privilege - Windows NTFS (CVE-2021-31956) - Critical [604]
Description: Windows NTFS Elevation of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 1.0 | 18 | Exploitation in the wild is mentioned at Vulners (AttackerKB object, AttackerKB object, AttackerKB object), AttackerKB, AttackerKB, Microsoft | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | The default file system of the Windows NT family | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
qualys: CVE-2021-31956 – Windows NTFS Elevation of Privilege Vulnerability
tenable: CVE-2021-31955 is an information disclosure vulnerability in the Windows Kernel (ntoskrnl.exe). It was discovered by researchers at Kaspersky and is associated with a “wave of highly targeted attacks” by a group they call PuzzleMaker. An attacker could use this vulnerability to disclose information from the system, such as kernel addresses. They could then combine this with CVE-2021-31956 to elevate privileges on the targeted system.
tenable: CVE-2021-31956 is an EoP vulnerability within Windows NTFS (New Technology File System) which could allow a local user to elevate their privileges on an affected system. A local user could exploit the flaw with a crafted application in order to take control of a system. This vulnerability affects all currently supported Windows variants including Windows Server and Windows Server Core Installations. Microsoft notes that this flaw has been actively exploited in the wild as a zero-day. Like CVE-2021-31955, this vulnerability is credited to researchers at Kaspersky, who have linked this vulnerability to an attack chain from the PuzzleMaker Group, which includes the use of an unidentified Google Chrome zero-day vulnerability.
rapid7: It is another low volume Patch Tuesday this month as Microsoft releases fixes for 50 vulnerabilities. This should not diminish the importance of speedily applying the updates. 6 of the vulnerabilities being patched this month are 0-days under active exploitation (CVE-2021-31955, CVE-2021-31956, CVE-2021-33739, CVE-2021-33742, CVE-2021-31199, and CVE-2021-31201). These patches should be given immediate priority. Luckily they can all be addressed by normal operating system patches and should not require additional manual intervention. Additionally, Enterprises should take action on CVE-2021-31962 if they use Kerberos in their environment as it may allow an attacker to bypass Kerberos authentication altogether.
rapid7: CVE-2021-31955, CVE-2021-31956, CVE-2021-33739, CVE-2021-31199, and CVE-2021-31201. The rest of the 0-days this month can result in elevation of privilege. These vulnerabilities are often chained with other vulnerabilities in order to achieve code execution as an Administrator. Luckily for defenders, these vulnerabilities are simply patched using the traditional update methods.
zdi: CVE-2021-31956 - Windows NTFS Elevation of Privilege Vulnerability. This is another of the bugs listed as under active attack this month. This was reported by the same researcher who found CVE-2021-31955, an information disclosure bug also listed as under active attack. It's possible these bugs were used in conjunction, as that is a common technique - use a memory leak to get the address needed to escalate privileges. These bugs are important on their own and could be even worse when combined. Definitely prioritize the testing and deployment of these patches.
4. Elevation of Privilege - Microsoft DWM Core Library (CVE-2021-33739) - Critical [604]
Description: Microsoft DWM Core Library Elevation of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 1.0 | 18 | Exploitation in the wild is mentioned at Vulners (AttackerKB object), AttackerKB, Microsoft | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.4. Based on Microsoft data |
qualys: CVE-2021-33739 – Microsoft DWM Core Library Elevation of Privilege Vulnerability
tenable: CVE-2021-33739 is an EoP vulnerability in the Microsoft Desktop Window Manager (DWM) core library, dwmcore.dll. It was discovered and reported to Microsoft by researchers at DBAPPSecurity Threat Intelligence Center. In February, DBAPPSecurity Threat Intelligence Center disclosed another zero-day vulnerability, CVE-2021-1732, an elevation of privilege vulnerability in Win32k linked to a threat actor known as BITTER APT. In April, researchers at Kaspersky disclosed CVE-2021-28310, an elevation of privilege zero-day vulnerability in Microsoft DWM Core Library that they connected to multiple threat actors including BITTER APT. While it has not yet been confirmed, it is possible this is another zero-day leveraged by BITTER APT in the wild.
rapid7: It is another low volume Patch Tuesday this month as Microsoft releases fixes for 50 vulnerabilities. This should not diminish the importance of speedily applying the updates. 6 of the vulnerabilities being patched this month are 0-days under active exploitation (CVE-2021-31955, CVE-2021-31956, CVE-2021-33739, CVE-2021-33742, CVE-2021-31199, and CVE-2021-31201). These patches should be given immediate priority. Luckily they can all be addressed by normal operating system patches and should not require additional manual intervention. Additionally, Enterprises should take action on CVE-2021-31962 if they use Kerberos in their environment as it may allow an attacker to bypass Kerberos authentication altogether.
rapid7: CVE-2021-31955, CVE-2021-31956, CVE-2021-33739, CVE-2021-31199, and CVE-2021-31201. The rest of the 0-days this month can result in elevation of privilege. These vulnerabilities are often chained with other vulnerabilities in order to achieve code execution as an Administrator. Luckily for defenders, these vulnerabilities are simply patched using the traditional update methods.
5. 
Information Disclosure - Windows Kernel (CVE-2021-31955) - High [575]
Description: Windows Kernel Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 1.0 | 18 | Exploitation in the wild is mentioned at Vulners (AttackerKB object, AttackerKB object), AttackerKB, AttackerKB, Microsoft | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.9 | 14 | Windows Kernel | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
qualys: CVE-2021-31955 – Windows Kernel Information Disclosure Vulnerability
tenable: CVE-2021-31955 is an information disclosure vulnerability in the Windows Kernel (ntoskrnl.exe). It was discovered by researchers at Kaspersky and is associated with a “wave of highly targeted attacks” by a group they call PuzzleMaker. An attacker could use this vulnerability to disclose information from the system, such as kernel addresses. They could then combine this with CVE-2021-31956 to elevate privileges on the targeted system.
tenable: CVE-2021-31956 is an EoP vulnerability within Windows NTFS (New Technology File System) which could allow a local user to elevate their privileges on an affected system. A local user could exploit the flaw with a crafted application in order to take control of a system. This vulnerability affects all currently supported Windows variants including Windows Server and Windows Server Core Installations. Microsoft notes that this flaw has been actively exploited in the wild as a zero-day. Like CVE-2021-31955, this vulnerability is credited to researchers at Kaspersky, who have linked this vulnerability to an attack chain from the PuzzleMaker Group, which includes the use of an unidentified Google Chrome zero-day vulnerability.
rapid7: It is another low volume Patch Tuesday this month as Microsoft releases fixes for 50 vulnerabilities. This should not diminish the importance of speedily applying the updates. 6 of the vulnerabilities being patched this month are 0-days under active exploitation (CVE-2021-31955, CVE-2021-31956, CVE-2021-33739, CVE-2021-33742, CVE-2021-31199, and CVE-2021-31201). These patches should be given immediate priority. Luckily they can all be addressed by normal operating system patches and should not require additional manual intervention. Additionally, Enterprises should take action on CVE-2021-31962 if they use Kerberos in their environment as it may allow an attacker to bypass Kerberos authentication altogether.
rapid7: CVE-2021-31955, CVE-2021-31956, CVE-2021-33739, CVE-2021-31199, and CVE-2021-31201. The rest of the 0-days this month can result in elevation of privilege. These vulnerabilities are often chained with other vulnerabilities in order to achieve code execution as an Administrator. Luckily for defenders, these vulnerabilities are simply patched using the traditional update methods.
zdi: CVE-2021-31956 - Windows NTFS Elevation of Privilege Vulnerability. This is another of the bugs listed as under active attack this month. This was reported by the same researcher who found CVE-2021-31955, an information disclosure bug also listed as under active attack. It's possible these bugs were used in conjunction, as that is a common technique - use a memory leak to get the address needed to escalate privileges. These bugs are important on their own and could be even worse when combined. Definitely prioritize the testing and deployment of these patches.
6. Elevation of Privilege - Microsoft Enhanced Cryptographic Provider (CVE-2021-31199) - High [563]
Description: Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31201.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 1.0 | 18 | Exploitation in the wild is mentioned at Vulners (AttackerKB object, AttackerKB object), AttackerKB, Microsoft | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.2. Based on Microsoft data |
qualys: CVE-2021-31199 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
rapid7: It is another low volume Patch Tuesday this month as Microsoft releases fixes for 50 vulnerabilities. This should not diminish the importance of speedily applying the updates. 6 of the vulnerabilities being patched this month are 0-days under active exploitation (CVE-2021-31955, CVE-2021-31956, CVE-2021-33739, CVE-2021-33742, CVE-2021-31199, and CVE-2021-31201). These patches should be given immediate priority. Luckily they can all be addressed by normal operating system patches and should not require additional manual intervention. Additionally, Enterprises should take action on CVE-2021-31962 if they use Kerberos in their environment as it may allow an attacker to bypass Kerberos authentication altogether.
rapid7: CVE-2021-31955, CVE-2021-31956, CVE-2021-33739, CVE-2021-31199, and CVE-2021-31201. The rest of the 0-days this month can result in elevation of privilege. These vulnerabilities are often chained with other vulnerabilities in order to achieve code execution as an Administrator. Luckily for defenders, these vulnerabilities are simply patched using the traditional update methods.
zdi: CVE-2021-31199/CVE-2021-31201 - Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability. These two bugs are linked to the Adobe Reader bug listed as under active attack last month (CVE-2021-28550). It’s common to see privilege escalation paired with code execution bugs, and it seems these two vulnerabilities were the privilege escalation part of those exploits. It is a bit unusual to see a delay between patch availability between the different parts of an active attack, but good to see these holes now getting closed.
7. Elevation of Privilege - Microsoft Enhanced Cryptographic Provider (CVE-2021-31201) - High [563]
Description: Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31199.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 1.0 | 18 | Exploitation in the wild is mentioned at Vulners (AttackerKB object, AttackerKB object), AttackerKB, Microsoft | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.2. Based on Microsoft data |
qualys: CVE-2021-31201 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
rapid7: It is another low volume Patch Tuesday this month as Microsoft releases fixes for 50 vulnerabilities. This should not diminish the importance of speedily applying the updates. 6 of the vulnerabilities being patched this month are 0-days under active exploitation (CVE-2021-31955, CVE-2021-31956, CVE-2021-33739, CVE-2021-33742, CVE-2021-31199, and CVE-2021-31201). These patches should be given immediate priority. Luckily they can all be addressed by normal operating system patches and should not require additional manual intervention. Additionally, Enterprises should take action on CVE-2021-31962 if they use Kerberos in their environment as it may allow an attacker to bypass Kerberos authentication altogether.
rapid7: CVE-2021-31955, CVE-2021-31956, CVE-2021-33739, CVE-2021-31199, and CVE-2021-31201. The rest of the 0-days this month can result in elevation of privilege. These vulnerabilities are often chained with other vulnerabilities in order to achieve code execution as an Administrator. Luckily for defenders, these vulnerabilities are simply patched using the traditional update methods.
zdi: CVE-2021-31199/CVE-2021-31201 - Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability. These two bugs are linked to the Adobe Reader bug listed as under active attack last month (CVE-2021-28550). It’s common to see privilege escalation paired with code execution bugs, and it seems these two vulnerabilities were the privilege escalation part of those exploits. It is a bit unusual to see a delay between patch availability between the different parts of an active attack, but good to see these holes now getting closed.
8. 
Spoofing - Microsoft SharePoint (CVE-2021-31950) - High [551]
Description: Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-31948, CVE-2021-31964.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 1.0 | 17 | Public exploit is found at Vulners (Microsoft SharePoint Server 16.0.10372.20060 - 'GetXmlDataFromDataSource' Server-Side Request Forgery (SSRF), Microsoft SharePoint Server 16.0.10372.20060 Server-Side Request Forgery) | |
| 0.4 | 15 | Spoofing | |
| 0.7 | 14 | Microsoft SharePoint | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.6. Based on Microsoft data |
9. Remote Code Execution - Microsoft Defender (CVE-2021-31985) - High [462]
Description: Microsoft Defender Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Anti-malware component of Microsoft Windows | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
qualys: CVE-2021-31985 – Microsoft Defender Remote Code Execution Vulnerability
qualys: Microsoft released patches addressing a critical RCE vulnerability in its Defender product (CVE-2021-31985). This CVE has a high likelihood of exploitability and is assigned a CVSSv3 base score of 7.8 by the vendor.
10. 
Security Feature Bypass - Kerberos AppContainer (CVE-2021-31962) - High [455]
Description: Kerberos AppContainer Security Feature Bypass Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 9.4. Based on Microsoft data |
rapid7: It is another low volume Patch Tuesday this month as Microsoft releases fixes for 50 vulnerabilities. This should not diminish the importance of speedily applying the updates. 6 of the vulnerabilities being patched this month are 0-days under active exploitation (CVE-2021-31955, CVE-2021-31956, CVE-2021-33739, CVE-2021-33742, CVE-2021-31199, and CVE-2021-31201). These patches should be given immediate priority. Luckily they can all be addressed by normal operating system patches and should not require additional manual intervention. Additionally, Enterprises should take action on CVE-2021-31962 if they use Kerberos in their environment as it may allow an attacker to bypass Kerberos authentication altogether.
rapid7: Kerberos AppContainer Security Feature Bypass Vulnerability (CVE-2021-31962). While this vulnerability has not been exploited in the wild yet, it would be a rather juicy target for exploit developers. Were this to be exploited it may allow a complete bypass of Kerberos authentication, allowing a connection without a password. Kerberos is generally used in Enterprise environments and as such sysadmins should patch this if they are leveraging the strong cryptography authentication mechanism.
zdi: CVE-2021-31962 - Kerberos AppContainer Security Feature Bypass Vulnerability. This bug allows an attacker to bypass Kerberos authentication and potentially authenticate to an arbitrary service principal name (SPN). This vulnerability earns the highest CVSS for June at 9.4. This could allow an attacker to potentially bypass authentication to access any service that is accessed via an SPN. Given that SPN authentication is crucial to security in Kerberos deployments, this patch should be given highest priority.
11. Remote Code Execution - 3D Viewer (CVE-2021-31942) - High [443]
Description: 3D Viewer Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31943.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | Standard Windows Application | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
12. Remote Code Execution - 3D Viewer (CVE-2021-31943) - High [443]
Description: 3D Viewer Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31942.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | Standard Windows Application | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
13. Remote Code Execution - Paint 3D (CVE-2021-31945) - High [443]
Description: Paint 3D Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31946, CVE-2021-31983.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | Standard Windows Application | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
tenable: CVE-2021-31983, CVE-2021-31946 and CVE-2021-31945 are RCE vulnerabilities in Microsoft’s Paint 3D, which replaced the original MS Paint. All three received a CVSSv3 score of 7.8 and a severity of Important with an “Exploitation Less Likely” designation. These vulnerabilities are more interesting than concerning. They all require user interaction and the application will automatically update in most cases. However, all three vulnerabilities were discovered by several different researchers including Mat Powell from Trend Micro Zero Day Initiative, Li Qiao of Baidu Security Lab, and garmin working with Trend Micro Zero Day Initiative. One can only speculate why these researchers were examining Paint all at once, unless more information becomes available. Paint 3D wasn’t able to provide any insights either.
14. Remote Code Execution - Paint 3D (CVE-2021-31946) - High [443]
Description: Paint 3D Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31945, CVE-2021-31983.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | Standard Windows Application | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
tenable: CVE-2021-31983, CVE-2021-31946 and CVE-2021-31945 are RCE vulnerabilities in Microsoft’s Paint 3D, which replaced the original MS Paint. All three received a CVSSv3 score of 7.8 and a severity of Important with an “Exploitation Less Likely” designation. These vulnerabilities are more interesting than concerning. They all require user interaction and the application will automatically update in most cases. However, all three vulnerabilities were discovered by several different researchers including Mat Powell from Trend Micro Zero Day Initiative, Li Qiao of Baidu Security Lab, and garmin working with Trend Micro Zero Day Initiative. One can only speculate why these researchers were examining Paint all at once, unless more information becomes available. Paint 3D wasn’t able to provide any insights either.
15. Remote Code Execution - VP9 Video Extensions (CVE-2021-31967) - High [443]
Description: VP9 Video Extensions Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | VP9 is an open and royalty-free video coding format developed by Google | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
16. Remote Code Execution - Paint 3D (CVE-2021-31983) - High [443]
Description: Paint 3D Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31945, CVE-2021-31946.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | Standard Windows Application | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
tenable: CVE-2021-31983, CVE-2021-31946 and CVE-2021-31945 are RCE vulnerabilities in Microsoft’s Paint 3D, which replaced the original MS Paint. All three received a CVSSv3 score of 7.8 and a severity of Important with an “Exploitation Less Likely” designation. These vulnerabilities are more interesting than concerning. They all require user interaction and the application will automatically update in most cases. However, all three vulnerabilities were discovered by several different researchers including Mat Powell from Trend Micro Zero Day Initiative, Li Qiao of Baidu Security Lab, and garmin working with Trend Micro Zero Day Initiative. One can only speculate why these researchers were examining Paint all at once, unless more information becomes available. Paint 3D wasn’t able to provide any insights either.
17. Security Feature Bypass - Windows TCP/IP Driver (CVE-2021-31970) - High [433]
Description: Windows TCP/IP Driver Security Feature Bypass Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.9 | 14 | A kernel mode driver | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
18. Remote Code Execution - Microsoft SharePoint (CVE-2021-26420) - High [429]
Description: Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31963, CVE-2021-31966.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | Microsoft SharePoint | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.1. Based on Microsoft data |
19. Remote Code Execution - Microsoft SharePoint (CVE-2021-31963) - High [429]
Description: Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26420, CVE-2021-31966.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | Microsoft SharePoint | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.1. Based on Microsoft data |
qualys: CVE-2021-31963 – Microsoft SharePoint Server Remote Code Execution Vulnerability
20. Remote Code Execution - Microsoft SharePoint (CVE-2021-31966) - High [429]
Description: Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26420, CVE-2021-31963.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | Microsoft SharePoint | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.2. Based on Microsoft data |
21. Security Feature Bypass - Windows HTML Platform (CVE-2021-31971) - High [428]
Description: Windows HTML Platform Security Feature Bypass Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.8. Based on Microsoft data |
22. Remote Code Execution - Microsoft Excel (CVE-2021-31939) - High [424]
Description: Microsoft Excel Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
tenable: CVE-2021-31939 is a use-after-free (UAF) vulnerability in Microsoft Excel that could lead to RCE if an attacker is able to convince a target into opening a crafted file. Researchers Sagi Tzadik and Netanel Ben-Simon of Check Point Research wrote a blog post describing their research and fuzzing of Microsoft Office, targeting the MSGraph COM component (MSGraph.Chart.8, GRAPH.EXE). This led to the discovery of CVE-2021-31939 along with three additional CVE’s patched in the May 2021 Patch Tuesday update; CVE-2021-31179, CVE-2021-31174, and CVE-2021-31178.
tenable: CVE-2021-31939 is also credited to Zhangjie and willJ from cdsrc, Anonymous working with Trend Micro Zero Day Initiative, Jinquan(@jq0904) of DBAPPSecurity Lieying Lab and Ryelv of Tencent. CVE-2021-31939 received a 5.5 CVSSv3 score and is labeled as “Exploitation Less Likely” by Microsoft with no currently known proof-of-concept code available.
23. Remote Code Execution - Microsoft Office Graphics (CVE-2021-31940) - High [424]
Description: Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31941.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Microsoft Office Graphics | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
24. Remote Code Execution - Microsoft Office Graphics (CVE-2021-31941) - High [424]
Description: Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31940.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Microsoft Office Graphics | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
25. Remote Code Execution - Microsoft Outlook (CVE-2021-31949) - High [410]
Description: Microsoft Outlook Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.3. Based on Microsoft data |
26. Security Feature Bypass - Windows DCOM Server (CVE-2021-26414) - High [401]
Description: Windows DCOM Server Security Feature Bypass
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Windows component | |
| 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.8. Based on Microsoft data |
27. 
Denial of Service - Windows Remote Desktop Services (CVE-2021-31968) - High [401]
Description: Windows Remote Desktop Services Denial of Service Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data |
28. Denial of Service - Server for NFS (CVE-2021-31974) - High [401]
Description: Server for NFS Denial of Service Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data |
29. Elevation of Privilege - Windows Kernel (CVE-2021-31951) - Medium [379]
Description: Windows Kernel Elevation of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows Kernel | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
30. Elevation of Privilege - Windows NTLM (CVE-2021-31958) - Medium [379]
Description: Windows NTLM Elevation of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.9 | 14 | A suite of security protocols to authenticate users' identity and protect the integrity and confidentiality of their activity | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data |
31. Denial of Service - Windows Hyper-V (CVE-2021-31977) - Medium [377]
Description: Windows Hyper-V Denial of Service Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.7 | 15 | Denial of Service | |
| 0.6 | 14 | Hardware virtualization component of the client editions of Windows NT | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.6. Based on Microsoft data |
32. Denial of Service - ASP.NET (CVE-2021-31957) - Medium [374]
Description: ASP.NET Denial of Service Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | An open-source, server-side web-application framework designed for web development | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.9. Based on Microsoft data |
33. Denial of Service - Microsoft Defender (CVE-2021-31978) - Medium [374]
Description: Microsoft Defender Denial of Service Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Anti-malware component of Microsoft Windows | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
34. Remote Code Execution - Microsoft Intune Management Extension (CVE-2021-31980) - Medium [367]
Description: Microsoft Intune Management Extension Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.3 | 14 | Optional agent for Microsoft Intune | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.1. Based on Microsoft data |
35. Elevation of Privilege - Windows Kernel-Mode Driver (CVE-2021-31952) - Medium [360]
Description: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
36. Elevation of Privilege - Windows Filter Manager (CVE-2021-31953) - Medium [360]
Description: Windows Filter Manager Elevation of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
37. Elevation of Privilege - Windows Common Log File System Driver (CVE-2021-31954) - Medium [360]
Description: Windows Common Log File System Driver Elevation of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
38. Elevation of Privilege - Windows Cloud Files Mini Filter Driver (CVE-2021-31969) - Medium [360]
Description: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
39. Elevation of Privilege - Windows GPSVC (CVE-2021-31973) - Medium [360]
Description: Windows GPSVC Elevation of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
40. Information Disclosure - Server for NFS (CVE-2021-31975) - Medium [340]
Description: Server for NFS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-31976.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data |
41. Information Disclosure - Server for NFS (CVE-2021-31976) - Medium [340]
Description: Server for NFS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-31975.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data |
42. Spoofing - Microsoft SharePoint (CVE-2021-31948) - Medium [321]
Description: Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-31950, CVE-2021-31964.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Spoofing | |
| 0.7 | 14 | Microsoft SharePoint | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.6. Based on Microsoft data |
43. Spoofing - Microsoft SharePoint (CVE-2021-31964) - Medium [321]
Description: Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-31948, CVE-2021-31950.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Spoofing | |
| 0.7 | 14 | Microsoft SharePoint | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.6. Based on Microsoft data |
44. 
Memory Corruption - Microsoft Scripting Engine (CVE-2021-31959) - Medium [316]
Description: Scripting Engine Memory Corruption Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.6 | 15 | Memory Corruption | |
| 0.6 | 14 | Microsoft Scripting Engine | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.4. Based on Microsoft data |
qualys: CVE-2021-31959 – Scripting Engine Memory Corruption Vulnerability
45. Information Disclosure - Windows Bind Filter Driver (CVE-2021-31960) - Medium [313]
Description: Windows Bind Filter Driver Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
46. Information Disclosure - Event Tracing for Windows (CVE-2021-31972) - Medium [313]
Description: Event Tracing for Windows Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
47. Information Disclosure - Microsoft SharePoint (CVE-2021-31965) - Medium [294]
Description: Microsoft SharePoint Server Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.7 | 14 | Microsoft SharePoint | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.7. Based on Microsoft data |
48. Information Disclosure - 3D Viewer (CVE-2021-31944) - Medium [281]
Description: 3D Viewer Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.7 | 14 | Standard Windows Application | |
| 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.0. Based on Microsoft data |
49. Elevation of Privilege - Visual Studio Code Kubernetes Tools Extension (CVE-2021-31938) - Medium [233]
Description: Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.2 | 14 | Extension for Visual Studio Code IDE | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.3. Based on Microsoft data |
Remote Code Execution (2)qualys: CVE-2021-33742 – Windows MSHTML Platform Remote Code Execution Vulnerability
tenable: CVE-2021-33742 is a RCE vulnerability in the Windows MSHTML Platform, Microsoft’s proprietary browser engine. The vulnerability received a CVSSv3 score of 7.5 and has been exploited in the wild as a zero-day. CVE-2021-33742 requires user interaction to exploit, so an attacker would need to entice a victim to open a crafted file or visit a malicious website using an affected application.This vulnerability affects all currently supported versions of Microsoft Windows. Microsoft also noted in their release that while the MSHTML Platform was designed for Internet Explorer, which has been retired, the underlying platforms including MSHTML are supported. Discovery of the vulnerability is credited to Clément Lecigne of Google’s Threat Analysis Group (TAG). Shane Huntley, director of the Google TAG says that, while they plan to share more details about the attack in the future, they have linked it to a “commercial exploit company” that has provided “capability for limited nation state Eastern Europe / Middle East targeting.”
tenable: More details will be on CVE-2021-33742 will come from the team, but for context this seem to be a commercial exploit company providing capability for limited nation state Eastern Europe / Middle East targeting.
tenable: More details will be on CVE-2021-33742 will come from the team, but for context this seem to be a commercial exploit company providing capability for limited nation state Eastern Europe / Middle East targeting. — Shane Huntley (@ShaneHuntley) June 8, 2021
rapid7: It is another low volume Patch Tuesday this month as Microsoft releases fixes for 50 vulnerabilities. This should not diminish the importance of speedily applying the updates. 6 of the vulnerabilities being patched this month are 0-days under active exploitation (CVE-2021-31955, CVE-2021-31956, CVE-2021-33739, CVE-2021-33742, CVE-2021-31199, and CVE-2021-31201). These patches should be given immediate priority. Luckily they can all be addressed by normal operating system patches and should not require additional manual intervention. Additionally, Enterprises should take action on CVE-2021-31962 if they use Kerberos in their environment as it may allow an attacker to bypass Kerberos authentication altogether.
rapid7: Windows MSHTML Platform Remote Code Execution Vulnerability (CVE-2021-33742). This is the only 0-day vulnerability this month which results in a remote code execution. The vulnerability lies within the MSHTML platform which is used by Internet Explorer 11 and Edge Legacy. While these two products are no longer fully supported (Edge Legacy is end of life and IE 11 is no longer supported on certain platforms) the underlying HTML libraries continue to be updated as other applications can make use of it. Further details for this vulnerability will be published by Google's Threat Analysis Group within the next 30 days.
zdi: CVE-2021-33742 - Windows MSHTML Platform Remote Code Execution Vulnerability. This bug could allow an attacker to execute code on a target system if a user views specially crafted web content. Since the vulnerability is in the Trident (MSHTML) engine itself, many different applications are impacted – not just Internet Explorer. It’s not clear how widespread the active attacks are, but considering the vulnerability impacts all supported Windows versions, this should be at the top of your test and deploy list.
Elevation of Privilege (4)qualys: CVE-2021-33739 – Microsoft DWM Core Library Elevation of Privilege Vulnerability
tenable: CVE-2021-33739 is an EoP vulnerability in the Microsoft Desktop Window Manager (DWM) core library, dwmcore.dll. It was discovered and reported to Microsoft by researchers at DBAPPSecurity Threat Intelligence Center. In February, DBAPPSecurity Threat Intelligence Center disclosed another zero-day vulnerability, CVE-2021-1732, an elevation of privilege vulnerability in Win32k linked to a threat actor known as BITTER APT. In April, researchers at Kaspersky disclosed CVE-2021-28310, an elevation of privilege zero-day vulnerability in Microsoft DWM Core Library that they connected to multiple threat actors including BITTER APT. While it has not yet been confirmed, it is possible this is another zero-day leveraged by BITTER APT in the wild.
rapid7: It is another low volume Patch Tuesday this month as Microsoft releases fixes for 50 vulnerabilities. This should not diminish the importance of speedily applying the updates. 6 of the vulnerabilities being patched this month are 0-days under active exploitation (CVE-2021-31955, CVE-2021-31956, CVE-2021-33739, CVE-2021-33742, CVE-2021-31199, and CVE-2021-31201). These patches should be given immediate priority. Luckily they can all be addressed by normal operating system patches and should not require additional manual intervention. Additionally, Enterprises should take action on CVE-2021-31962 if they use Kerberos in their environment as it may allow an attacker to bypass Kerberos authentication altogether.
rapid7: CVE-2021-31955, CVE-2021-31956, CVE-2021-33739, CVE-2021-31199, and CVE-2021-31201. The rest of the 0-days this month can result in elevation of privilege. These vulnerabilities are often chained with other vulnerabilities in order to achieve code execution as an Administrator. Luckily for defenders, these vulnerabilities are simply patched using the traditional update methods.
qualys: CVE-2021-31956 – Windows NTFS Elevation of Privilege Vulnerability
tenable: CVE-2021-31955 is an information disclosure vulnerability in the Windows Kernel (ntoskrnl.exe). It was discovered by researchers at Kaspersky and is associated with a “wave of highly targeted attacks” by a group they call PuzzleMaker. An attacker could use this vulnerability to disclose information from the system, such as kernel addresses. They could then combine this with CVE-2021-31956 to elevate privileges on the targeted system.
tenable: CVE-2021-31956 is an EoP vulnerability within Windows NTFS (New Technology File System) which could allow a local user to elevate their privileges on an affected system. A local user could exploit the flaw with a crafted application in order to take control of a system. This vulnerability affects all currently supported Windows variants including Windows Server and Windows Server Core Installations. Microsoft notes that this flaw has been actively exploited in the wild as a zero-day. Like CVE-2021-31955, this vulnerability is credited to researchers at Kaspersky, who have linked this vulnerability to an attack chain from the PuzzleMaker Group, which includes the use of an unidentified Google Chrome zero-day vulnerability.
rapid7: It is another low volume Patch Tuesday this month as Microsoft releases fixes for 50 vulnerabilities. This should not diminish the importance of speedily applying the updates. 6 of the vulnerabilities being patched this month are 0-days under active exploitation (CVE-2021-31955, CVE-2021-31956, CVE-2021-33739, CVE-2021-33742, CVE-2021-31199, and CVE-2021-31201). These patches should be given immediate priority. Luckily they can all be addressed by normal operating system patches and should not require additional manual intervention. Additionally, Enterprises should take action on CVE-2021-31962 if they use Kerberos in their environment as it may allow an attacker to bypass Kerberos authentication altogether.
rapid7: CVE-2021-31955, CVE-2021-31956, CVE-2021-33739, CVE-2021-31199, and CVE-2021-31201. The rest of the 0-days this month can result in elevation of privilege. These vulnerabilities are often chained with other vulnerabilities in order to achieve code execution as an Administrator. Luckily for defenders, these vulnerabilities are simply patched using the traditional update methods.
zdi: CVE-2021-31956 - Windows NTFS Elevation of Privilege Vulnerability. This is another of the bugs listed as under active attack this month. This was reported by the same researcher who found CVE-2021-31955, an information disclosure bug also listed as under active attack. It's possible these bugs were used in conjunction, as that is a common technique - use a memory leak to get the address needed to escalate privileges. These bugs are important on their own and could be even worse when combined. Definitely prioritize the testing and deployment of these patches.
qualys: CVE-2021-31201 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
qualys: CVE-2021-31199 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
rapid7: It is another low volume Patch Tuesday this month as Microsoft releases fixes for 50 vulnerabilities. This should not diminish the importance of speedily applying the updates. 6 of the vulnerabilities being patched this month are 0-days under active exploitation (CVE-2021-31955, CVE-2021-31956, CVE-2021-33739, CVE-2021-33742, CVE-2021-31199, and CVE-2021-31201). These patches should be given immediate priority. Luckily they can all be addressed by normal operating system patches and should not require additional manual intervention. Additionally, Enterprises should take action on CVE-2021-31962 if they use Kerberos in their environment as it may allow an attacker to bypass Kerberos authentication altogether.
rapid7: CVE-2021-31955, CVE-2021-31956, CVE-2021-33739, CVE-2021-31199, and CVE-2021-31201. The rest of the 0-days this month can result in elevation of privilege. These vulnerabilities are often chained with other vulnerabilities in order to achieve code execution as an Administrator. Luckily for defenders, these vulnerabilities are simply patched using the traditional update methods.
zdi: CVE-2021-31199/CVE-2021-31201 - Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability. These two bugs are linked to the Adobe Reader bug listed as under active attack last month (CVE-2021-28550). It’s common to see privilege escalation paired with code execution bugs, and it seems these two vulnerabilities were the privilege escalation part of those exploits. It is a bit unusual to see a delay between patch availability between the different parts of an active attack, but good to see these holes now getting closed.
Information Disclosure (1)qualys: CVE-2021-31955 – Windows Kernel Information Disclosure Vulnerability
tenable: CVE-2021-31955 is an information disclosure vulnerability in the Windows Kernel (ntoskrnl.exe). It was discovered by researchers at Kaspersky and is associated with a “wave of highly targeted attacks” by a group they call PuzzleMaker. An attacker could use this vulnerability to disclose information from the system, such as kernel addresses. They could then combine this with CVE-2021-31956 to elevate privileges on the targeted system.
tenable: CVE-2021-31956 is an EoP vulnerability within Windows NTFS (New Technology File System) which could allow a local user to elevate their privileges on an affected system. A local user could exploit the flaw with a crafted application in order to take control of a system. This vulnerability affects all currently supported Windows variants including Windows Server and Windows Server Core Installations. Microsoft notes that this flaw has been actively exploited in the wild as a zero-day. Like CVE-2021-31955, this vulnerability is credited to researchers at Kaspersky, who have linked this vulnerability to an attack chain from the PuzzleMaker Group, which includes the use of an unidentified Google Chrome zero-day vulnerability.
rapid7: It is another low volume Patch Tuesday this month as Microsoft releases fixes for 50 vulnerabilities. This should not diminish the importance of speedily applying the updates. 6 of the vulnerabilities being patched this month are 0-days under active exploitation (CVE-2021-31955, CVE-2021-31956, CVE-2021-33739, CVE-2021-33742, CVE-2021-31199, and CVE-2021-31201). These patches should be given immediate priority. Luckily they can all be addressed by normal operating system patches and should not require additional manual intervention. Additionally, Enterprises should take action on CVE-2021-31962 if they use Kerberos in their environment as it may allow an attacker to bypass Kerberos authentication altogether.
rapid7: CVE-2021-31955, CVE-2021-31956, CVE-2021-33739, CVE-2021-31199, and CVE-2021-31201. The rest of the 0-days this month can result in elevation of privilege. These vulnerabilities are often chained with other vulnerabilities in order to achieve code execution as an Administrator. Luckily for defenders, these vulnerabilities are simply patched using the traditional update methods.
zdi: CVE-2021-31956 - Windows NTFS Elevation of Privilege Vulnerability. This is another of the bugs listed as under active attack this month. This was reported by the same researcher who found CVE-2021-31955, an information disclosure bug also listed as under active attack. It's possible these bugs were used in conjunction, as that is a common technique - use a memory leak to get the address needed to escalate privileges. These bugs are important on their own and could be even worse when combined. Definitely prioritize the testing and deployment of these patches.
Spoofing (1)Remote Code Execution (15)qualys: CVE-2021-31985 – Microsoft Defender Remote Code Execution Vulnerability
qualys: Microsoft released patches addressing a critical RCE vulnerability in its Defender product (CVE-2021-31985). This CVE has a high likelihood of exploitability and is assigned a CVSSv3 base score of 7.8 by the vendor.
tenable: CVE-2021-31983, CVE-2021-31946 and CVE-2021-31945 are RCE vulnerabilities in Microsoft’s Paint 3D, which replaced the original MS Paint. All three received a CVSSv3 score of 7.8 and a severity of Important with an “Exploitation Less Likely” designation. These vulnerabilities are more interesting than concerning. They all require user interaction and the application will automatically update in most cases. However, all three vulnerabilities were discovered by several different researchers including Mat Powell from Trend Micro Zero Day Initiative, Li Qiao of Baidu Security Lab, and garmin working with Trend Micro Zero Day Initiative. One can only speculate why these researchers were examining Paint all at once, unless more information becomes available. Paint 3D wasn’t able to provide any insights either.
qualys: CVE-2021-31963 – Microsoft SharePoint Server Remote Code Execution Vulnerability
tenable: CVE-2021-31939 is a use-after-free (UAF) vulnerability in Microsoft Excel that could lead to RCE if an attacker is able to convince a target into opening a crafted file. Researchers Sagi Tzadik and Netanel Ben-Simon of Check Point Research wrote a blog post describing their research and fuzzing of Microsoft Office, targeting the MSGraph COM component (MSGraph.Chart.8, GRAPH.EXE). This led to the discovery of CVE-2021-31939 along with three additional CVE’s patched in the May 2021 Patch Tuesday update; CVE-2021-31179, CVE-2021-31174, and CVE-2021-31178.
tenable: CVE-2021-31939 is also credited to Zhangjie and willJ from cdsrc, Anonymous working with Trend Micro Zero Day Initiative, Jinquan(@jq0904) of DBAPPSecurity Lieying Lab and Ryelv of Tencent. CVE-2021-31939 received a 5.5 CVSSv3 score and is labeled as “Exploitation Less Likely” by Microsoft with no currently known proof-of-concept code available.
Security Feature Bypass (4)rapid7: It is another low volume Patch Tuesday this month as Microsoft releases fixes for 50 vulnerabilities. This should not diminish the importance of speedily applying the updates. 6 of the vulnerabilities being patched this month are 0-days under active exploitation (CVE-2021-31955, CVE-2021-31956, CVE-2021-33739, CVE-2021-33742, CVE-2021-31199, and CVE-2021-31201). These patches should be given immediate priority. Luckily they can all be addressed by normal operating system patches and should not require additional manual intervention. Additionally, Enterprises should take action on CVE-2021-31962 if they use Kerberos in their environment as it may allow an attacker to bypass Kerberos authentication altogether.
rapid7: Kerberos AppContainer Security Feature Bypass Vulnerability (CVE-2021-31962). While this vulnerability has not been exploited in the wild yet, it would be a rather juicy target for exploit developers. Were this to be exploited it may allow a complete bypass of Kerberos authentication, allowing a connection without a password. Kerberos is generally used in Enterprise environments and as such sysadmins should patch this if they are leveraging the strong cryptography authentication mechanism.
zdi: CVE-2021-31962 - Kerberos AppContainer Security Feature Bypass Vulnerability. This bug allows an attacker to bypass Kerberos authentication and potentially authenticate to an arbitrary service principal name (SPN). This vulnerability earns the highest CVSS for June at 9.4. This could allow an attacker to potentially bypass authentication to access any service that is accessed via an SPN. Given that SPN authentication is crucial to security in Kerberos deployments, this patch should be given highest priority.
Denial of Service (5)Elevation of Privilege (8)Information Disclosure (6)Spoofing (2)Memory Corruption (1)qualys: CVE-2021-31959 – Scripting Engine Memory Corruption Vulnerability