Microsoft Patch Tuesday – June 2021 - Hexafusion Blog | Hexafusion

Hexafusion Blog

Microsoft Patch Tuesday – June 2021

microsoft-patch-tuesday

It's the second tuesday of the month: time for the Microsoft Patch Tuesday, June 2021 edition. This month, it contains 52 fixes for several security flaws for Windows and other products. We have discussed the most critical ones and made a list of all the other vulnerabilities.

CVE-2021-31963 - Microsoft SharePoint Server Remote Code Execution Vulnerability

An RCE vulnerability is detected within the SharePoint Server of Microsoft containing a very high CVSS 3.0 score of 7.1. It's less likely that this vulnerability will be exploited but we advise you to run our report and update all the installations within your network.

CVE-2021-31985 - Microsoft Defender Remote Code Execution Vulnerability

Microsoft Defender contains a Remote Code Execution (RCE) vulnerability for which exploitation by an attacker is more likely to happen. It has a very high CVSS 3.0 of 7.8 rating which suggests that you update your Defender installations right now.

CVE-2021-31959 - Critical Remote Code Execution Flaws

There has been a scripting engine memory corruption vulnerability within Windows RT, Windows 7, Windows 8, Windows 10, Windows Server 2008 R2, Windows Server 2012 (R2) and Windows Server 2016. In order for an attacker to exploit the vulnerability, the user must open a specially crafted file.

Six Exploited Zero-Day Vulnerabilities

We have detected a total of six zero-day vulnerabilities which have been patched in this months Patch Tuesday:

CVE Number CVE Title
CVE-2021-31955 Windows Kernel Information Disclosure Vulnerability
CVE-2021-31956 Windows NTFS Elevation of Privilege Vulnerability
CVE-2021-33739 Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2021-33742 Windows MSHTML Platform Remote Code Execution Vulnerability
CVE-2021-31199 Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
CVE-2021-31201 Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability

Patch Tuesday June 2021 CVE Codes & Titles

CVE Code CVE Descriptions
CVE-2021-33742 Windows MSHTML Platform Remote Code Execution Vulnerability
CVE-2021-33739 Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2021-31985 Microsoft Defender Remote Code Execution Vulnerability
CVE-2021-31983 Paint 3D Remote Code Execution Vulnerability
CVE-2021-31980 Microsoft Intune Management Extension Remote Code Execution Vulnerability
CVE-2021-31978 Microsoft Defender Denial of Service Vulnerability
CVE-2021-31977 Windows Hyper-V Denial of Service Vulnerability
CVE-2021-31976 Server for NFS Information Disclosure Vulnerability
CVE-2021-31975 Server for NFS Information Disclosure Vulnerability
CVE-2021-31974 Server for NFS Denial of Service Vulnerability
CVE-2021-31973 Windows GPSVC Elevation of Privilege Vulnerability
CVE-2021-31972 Event Tracing for Windows Information Disclosure Vulnerability
CVE-2021-31971 Windows HTML Platform Security Feature Bypass Vulnerability
CVE-2021-31970 Windows TCP/IP Driver Security Feature Bypass Vulnerability
CVE-2021-31969 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2021-31968 Windows Remote Desktop Services Denial of Service Vulnerability
CVE-2021-31967 VP9 Video Extensions Remote Code Execution Vulnerability
CVE-2021-31966 Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-31965 Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2021-31964 Microsoft SharePoint Server Spoofing Vulnerability
CVE-2021-31963 Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-31962 Kerberos AppContainer Security Feature Bypass Vulnerability
CVE-2021-31960 Windows Bind Filter Driver Information Disclosure Vulnerability
CVE-2021-31959 Scripting Engine Memory Corruption Vulnerability
CVE-2021-31958 Windows NTLM Elevation of Privilege Vulnerability
CVE-2021-31957 .NET Core and Visual Studio Denial of Service Vulnerability
CVE-2021-31956 Windows NTFS Elevation of Privilege Vulnerability
CVE-2021-31955 Windows Kernel Information Disclosure Vulnerability
CVE-2021-31954 Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2021-31953 Windows Filter Manager Elevation of Privilege Vulnerability
CVE-2021-31952 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2021-31951 Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-31950 Microsoft SharePoint Server Spoofing Vulnerability
CVE-2021-31949 Microsoft Outlook Remote Code Execution Vulnerability
CVE-2021-31948 Microsoft SharePoint Server Spoofing Vulnerability
CVE-2021-31946 Paint 3D Remote Code Execution Vulnerability
CVE-2021-31945 Paint 3D Remote Code Execution Vulnerability
CVE-2021-31944 3D Viewer Information Disclosure Vulnerability
CVE-2021-31943 3D Viewer Remote Code Execution Vulnerability
CVE-2021-31942 3D Viewer Remote Code Execution Vulnerability
CVE-2021-31941 Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2021-31940 Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2021-31939 Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-31938 Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vulnerability
CVE-2021-31201 Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
CVE-2021-31199 Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
CVE-2021-28455 Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability
CVE-2021-26420 Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-26414 Windows DCOM Server Security Feature Bypass
CVE-2021-1675 Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2020-0835 Windows Defender Antimalware Platform Hard Link Elevation of Privilege Vulnerability
ADV990001 Latest Servicing Stack Updates

Prometheus Ransomware Targets Dozens of Businesses...
Hackers‌ ‌Actively‌ ‌Exploiting‌ ‌0-Day‌ ‌in WordP...

By accepting you will be accessing a service provided by a third-party external to https://hexafusion.com/