Patch Tuesday Commentary from Ivanti

Microsoft has just released the June Patch Tuesday updates and it is a hot one! There are 49 unique vulnerabilities, six of which have been detected in exploits in the wild. Many of the exploited vulnerabilities are only rated as Important and have lower CVSSv3 base scores, which can cause them to be missed in prioritization in some organizations. This brings a very important prioritization challenge to the forefront this month. Vendor severity ratings and scoring systems like CVSS may not reflect the real-world risk in many cases. Adopting a Risk-based Vulnerability Management approach and using additional risk indicators and telemetry on real-world attack trends is vital to stay ahead of threats like modern ransomware.

 

Microsoft resolved an Information Disclosure vulnerability in Windows Kernel (CVE-2021-31955).  The vulnerability affects Windows 10 1809, Server 2019 and later versions of the Windows OS. This vulnerability allows an attacker to access the contents of Kernel memory from a user mode process, granting access to sensitive information. The vulnerability is rated as Important and has a CVSSv3 base score of 5.5, which could be missed in some organizations' prioritization.

 

Microsoft resolved an Elevation of Privilege vulnerability in Windows NTFS (CVE-2021-31956) which could allow an attacker could convince a local user to open a malicious file, or in the case the attacker is already on the system, run a specially crafted application to exploit the vulnerability and take control of the affected system. This vulnerability affects Windows 7, Server 2008 and later Windows OS versions. The vulnerability is rated as Important and has a CVSSv3 base score of 7.8, which could be missed in some organizations' prioritization.

 

Microsoft resolved a Remote Code Execution vulnerability (CVE-2021-33742) which could allow an attacker to remotely execute code on the target system. To exploit the vulnerability, the attacker must convince a user to take an action — but this is a small barrier for threat actors. The exploit does not require any privileges to exploit the vulnerability. This vulnerability affects Windows 7, Server 2008 and later Windows OS versions and is rated as Critical with a CVSSv3 base score of 7.5.

 

Microsoft resolved an Elevation of Privilege vulnerability(CVE-2021-31199) in Microsoft Enhanced Cryptographic Provider which could allow an attacker to elevate from a low privilege to gain access to more information on the system and modify some data. This vulnerability is related to a previously exploited Adobe vulnerability. To fully resolve the threat there are three vulnerabilities that must be resolved. “Microsoft CVE-2021-31201 and CVE-2021-31199 address vulnerabilities that are related to Adobe's CVE-2021-28550, released in Adobe Security Bulletin ID APSB21-29. Customers running affected versions of Microsoft Windows should install the June security updates to be fully protected from these three vulnerabilities.” This vulnerability affects Windows 7, Server 2008 and later Windows OS versions and is rated as Important with a CVSSv3 base score of 5.2, which could be missed in some organizations' prioritization.

 

Microsoft resolved an Elevation of Privilege vulnerability (CVE-2021-31201) in Microsoft Enhanced Cryptographic Provider which could allow an attacker to elevate from a low privilege to gain access to more information on the system and ability to modify some data. This vulnerability is related to a previously exploited Adobe vulnerability. To fully resolve the threat there are three vulnerabilities that must be resolved. “Microsoft CVE-2021-31201 and CVE-2021-31199 address vulnerabilities that are related to Adobe's CVE-2021-28550, released in Adobe Security Bulletin ID APSB21-29. Customers running affected versions of Microsoft Windows should install the June security updates to be fully protected from these three vulnerabilities.” This vulnerability affects Windows 7, Server 2008 and later Windows OS versions and is rated as Important with a CVSSv3 base score of 5.2, which could be missed in some organizations' prioritization.

 

Microsoft resolved an Elevation of Privilege vulnerability (CVE-2021-33739) in Microsoft DWM Core Library which could allow an attacker to elevate from no authorization to full control of the system without the need for user interaction. The attacker can use a variety of methods to access a system and, once on, would be able to run an executable or script to gain control of the affected system. This vulnerability only affects Windows 10 1909, Server 2004 and later Windows OSs. The vulnerability is rated as Important and has a CVSSv3 base score of 8.4, which could be missed in some organizations' prioritization.

 

The Windows OS updates this month are the top priority and resolve all of the Zero Day vulnerabilities that Microsoft has resolved. Prioritize the OS update to reduce this risk quickly.