[German]On June 8, 2021, Microsoft released security updates for Windows clients and servers, Office, etc.-as well as other products. The June 2021 Patch Tuesday release addresses 49 CVEs, five of which are rated critical. This is the third time in 2021 that Microsoft has patched fewer than 60 CVEs, cyber exposure firm Tenable writes in response, noting that the June release contains the lowest number of patches in a month this year. Nevertheless, users and administrators should install the June 2021 updates on machines as soon as possible.
Advertising
That's because Microsoft has patched six zero-day vulnerabilities that have already been exploited in practice. Among them are four privilege elevation vulnerabilities, one data disclosure vulnerability and one remote code execution vulnerability. Tenable has provided me with the following list of various vulnerabilities that will be closed by the June 2021 update.
- CVE-2021-33742 is a remote code execution vulnerability in the Microsoft Windows MSHTML platform. While this vulnerability does not require any special privileges, the attack complexity for its exploitation is high. This means that an attacker would have to do additional work to successfully exploit this vulnerability. It appears that this has already been the case, although details of how the vulnerability is exploited in practice are not yet known.
- CVE-2021-31955 is a vulnerability in the Windows kernel that can be used to cause data disclosure, while CVE-2021-31956 is a vulnerability in Windows NTFS that allows elevation of privilege. Details about how these vulnerabilities are exploited in practice are not yet known. Both require the attacker to be authenticated on the target system. It is likely that they were exploited either after compromise by the attackers directly or through the use of a malicious file opened by a local user.
- CVE-2021-33739 is a zero-day elevated privilege vulnerability in the Microsoft Desktop Window Manager (DWM) Core Library. By comparison, Microsoft patched two elevated privilege vulnerabilities in February (CVE-2021-1732) and April (CVE-2021-28310) that appear to be associated with a threat actor known as BITTER APT. In the case of CVE-2021-28310, researchers associated the vulnerability with the dwmcore.dll file. Considering that CVE-2021-33739 is attributed to the same researchers who found CVE-2021-1732 in February and was discovered in the same core library as CVE-2021-28310, it is possible that it is another zero-day vulnerability exploited by the same BITTER APT group.
CVE-2021-33739 is a zero-day elevated privilege vulnerability in the Microsoft Desktop Window Manager (DWM) Core Library. By comparison, Microsoft patched two elevated privilege vulnerabilities in February (CVE-2021-1732) and April (CVE-2021-28310) that appear to be associated with a threat actor known as BITTER APT. In the case of CVE-2021-28310, researchers associated the vulnerability with the dwmcore.dll file. Considering that CVE-2021-33739 is attributed to the same researchers who found CVE-2021-1732 in February and was discovered in the same core library as CVE-2021-28310, it is possible that it is another zero-day vulnerability exploited by the same BITTER APT group.
Similar articles:
Microsoft Office Patchday (June 1, 2021)
Microsoft Security Update Summary (June 8, 2021)
Patchday: Windows 10-Updates (June 8, 2021)
Patchday: Windows 8.1/Server 2012-Updates (June 8, 2021)
Patchday: Updates for Windows 7/Server 2008 R2 (June 8, 2021)
Patchday Microsoft Office Updates (June 8, 2021)
Advertising