|
|
|
This alert from Novacoast is intended to brief users and administrators on newly discovered threats, vulnerabilities, and critical software updates. |
|
|
||||||||||||
Microsoft June 2021 Patch Tuesday: 49 Vulnerabilities Patched, Six Zero-DaysMicrosoft has released patches for five critical vulnerabilities and 44 significant vulnerabilities across numerous product lines. Several of the vulnerabilities have already been exploited in the wild as zero-days. Two of the vulnerabilities chain with a Chrome vulnerability to gain access to target machines to deploy malware.
|
| CVE-2021-33742 | Windows MSHTML Platform Remote Code Execution Vulnerability (CVSS 7.5) |
| CVE-2021-31939 | Microsoft Excel Remote Code Execution Vulnerability (CVSS 7.8) |
| CVE-2021-33739 | Microsoft DWM Core Library Elevation of Privilege Vulnerability (CVSS 8.4) |
| CVE-2021-31983 | Paint 3D Remote Code Execution Vulnerability (CVSS 7.8) |
| CVE-2021-31956 | Windows NTFS Elevation of Privilege Vulnerability (CVSS 7.8) |
| CVE-2021-31955 | Windows Kernel Information Disclosure Vulnerability (CVSS 5.5) |
Technical Details
PuzzleMaker Group Attack Chain
“A wave of highly targeted attacks” against several organizations utilizing vulnerabilities detected by Kaspersky Technologies on April 14 and 15, 2021, were reported to Microsoft and included in the June 2021 patch:
CVE-2021-21224 is a V8 type confusion vulnerability in Google Chrome in versions prior to 90.0.4430.85 that allows remote attackers to execute arbitrary code inside an HTML page sandbox. This CVE is not included in the Microsoft June Patch, but it is likely the first vulnerability exploited in the chain attack used by the PuzzleMaker Group.
CVE-2021-31955 is a Win Kernel information disclosure vulnerability in ntoskrnl.exe used to expose kernel addresses. The vulnerability allows the attacker to read kernel memory contents and is the second vulnerability in the PuzzleMaker Group chain attack.
CVE-2021-31956 is a heap buffer overflow vulnerability in the Win NTFS driver used to elevate privileges. Once privileges are elevated, the attacker can control the affected system and deploy malware.
Other Vulnerabilities
The other forty-seven vulnerabilities patched include a vulnerability possibly linked to BITTER APT and a Critical CVE detected by Google’s Threat Analysis Group (TAG) that "seems to be a commercial exploit company providing capability for limited nation state Eastern Europe/Middle East targeting."
What’s at risk?
Many of the vulnerabilities provide opportunity for an attacker to take control of the system and deploy malware on the affected system.
Affected Versions
- All Chrome versions prior to 90.0.4430.85
- Unpatched Microsoft systems
What can I do to protect against this vulnerability?
To protect against compromise, update Google Chrome to version 90.0.4430.85 and apply the June 2021 MS Security Updates to all Microsoft systems. The patches are available from Microsoft.
Still have questions?
Call the Novacoast SOC at (866) 863-9575 to speak with our briefed technicians who can advise and assist you.
Resources
Cybersecurity and Infrastructure Security Agency article
https://us-cert.cisa.gov/ncas/current-activity/2021/06/08/microsoft-releases-june-2021-security-updates
Microsoft’s June 2021 Security Updates Article
https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-Jun
Microsoft’s June 2021 Update Guide
https://msrc.microsoft.com/update-guide/deployments
Securelist by Kaspersky’s PuzzleMaker article
https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/
ZDNet’s PuzzleMaker article
https://www.zdnet.com/article/puzzlemaker-attacks-exploit-windows-chrome-zero-day-vulnerabilities/?ftag=CAD2e14604
Tenable’s blog post on the June 2021 Patch
https://www.tenable.com/blog/microsoft-june-2021-patch-tuesday-49-cves-cve-2021-31955-cve-2021-31956-and-cve-2021-33742
DW
- Novacoast Inc 1505 Chapala St. Santa Barbara CA 93101 United States of America
- View web version | Unsubscribe