It's the second tuesday of the month: time for the Microsoft Patch Tuesday, June 2021 edition. This month, it contains 52 fixes for several security flaws for Windows and other products. We have discussed the most critical ones and made a list of all the other vulnerabilities.
CVE-2021-31963 - Microsoft SharePoint Server Remote Code Execution Vulnerability
An RCE vulnerability is detected within the SharePoint Server of Microsoft containing a very high CVSS 3.0 score of 7.1. It's less likely that this vulnerability will be exploited but we advise you to run our report and update all the installations within your network.
CVE-2021-31985 - Microsoft Defender Remote Code Execution Vulnerability
Microsoft Defender contains a Remote Code Execution (RCE) vulnerability for which exploitation by an attacker is more likely to happen. It has a very high CVSS 3.0 of 7.8 rating which suggests that you update your Defender installations right now.
CVE-2021-31959 - Critical Remote Code Execution Flaws
There has been a scripting engine memory corruption vulnerability within Windows RT, Windows 7, Windows 8, Windows 10, Windows Server 2008 R2, Windows Server 2012 (R2) and Windows Server 2016. In order for an attacker to exploit the vulnerability, the user must open a specially crafted file.
Six Exploited Zero-Day Vulnerabilities
We have detected a total of six zero-day vulnerabilities which have been patched in this months Patch Tuesday:
| CVE Number | CVE Title |
| CVE-2021-31955 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2021-31956 | Windows NTFS Elevation of Privilege Vulnerability |
| CVE-2021-33739 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2021-33742 | Windows MSHTML Platform Remote Code Execution Vulnerability |
| CVE-2021-31199 | Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability |
| CVE-2021-31201 | Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability |
Patch Tuesday June 2021 CVE Codes & Titles
| CVE Code | CVE Descriptions |
| CVE-2021-33742 | Windows MSHTML Platform Remote Code Execution Vulnerability |
| CVE-2021-33739 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2021-31985 | Microsoft Defender Remote Code Execution Vulnerability |
| CVE-2021-31983 | Paint 3D Remote Code Execution Vulnerability |
| CVE-2021-31980 | Microsoft Intune Management Extension Remote Code Execution Vulnerability |
| CVE-2021-31978 | Microsoft Defender Denial of Service Vulnerability |
| CVE-2021-31977 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2021-31976 | Server for NFS Information Disclosure Vulnerability |
| CVE-2021-31975 | Server for NFS Information Disclosure Vulnerability |
| CVE-2021-31974 | Server for NFS Denial of Service Vulnerability |
| CVE-2021-31973 | Windows GPSVC Elevation of Privilege Vulnerability |
| CVE-2021-31972 | Event Tracing for Windows Information Disclosure Vulnerability |
| CVE-2021-31971 | Windows HTML Platform Security Feature Bypass Vulnerability |
| CVE-2021-31970 | Windows TCP/IP Driver Security Feature Bypass Vulnerability |
| CVE-2021-31969 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| CVE-2021-31968 | Windows Remote Desktop Services Denial of Service Vulnerability |
| CVE-2021-31967 | VP9 Video Extensions Remote Code Execution Vulnerability |
| CVE-2021-31966 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2021-31965 | Microsoft SharePoint Server Information Disclosure Vulnerability |
| CVE-2021-31964 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2021-31963 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2021-31962 | Kerberos AppContainer Security Feature Bypass Vulnerability |
| CVE-2021-31960 | Windows Bind Filter Driver Information Disclosure Vulnerability |
| CVE-2021-31959 | Scripting Engine Memory Corruption Vulnerability |
| CVE-2021-31958 | Windows NTLM Elevation of Privilege Vulnerability |
| CVE-2021-31957 | .NET Core and Visual Studio Denial of Service Vulnerability |
| CVE-2021-31956 | Windows NTFS Elevation of Privilege Vulnerability |
| CVE-2021-31955 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2021-31954 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2021-31953 | Windows Filter Manager Elevation of Privilege Vulnerability |
| CVE-2021-31952 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
| CVE-2021-31951 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2021-31950 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2021-31949 | Microsoft Outlook Remote Code Execution Vulnerability |
| CVE-2021-31948 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2021-31946 | Paint 3D Remote Code Execution Vulnerability |
| CVE-2021-31945 | Paint 3D Remote Code Execution Vulnerability |
| CVE-2021-31944 | 3D Viewer Information Disclosure Vulnerability |
| CVE-2021-31943 | 3D Viewer Remote Code Execution Vulnerability |
| CVE-2021-31942 | 3D Viewer Remote Code Execution Vulnerability |
| CVE-2021-31941 | Microsoft Office Graphics Remote Code Execution Vulnerability |
| CVE-2021-31940 | Microsoft Office Graphics Remote Code Execution Vulnerability |
| CVE-2021-31939 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2021-31938 | Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vulnerability |
| CVE-2021-31201 | Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability |
| CVE-2021-31199 | Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability |
| CVE-2021-28455 | Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability |
| CVE-2021-26420 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2021-26414 | Windows DCOM Server Security Feature Bypass |
| CVE-2021-1675 | Windows Print Spooler Elevation of Privilege Vulnerability |
| CVE-2020-0835 | Windows Defender Antimalware Platform Hard Link Elevation of Privilege Vulnerability |
| ADV990001 | Latest Servicing Stack Updates |