Daily Bulletin

Technology


Microsoft has just released the June Patch Tuesday updates and it is a hot one! There are 49 unique vulnerabilities, six of which have been detected in exploits in the wild. Many of the exploited vulnerabilities are only rated as Important and have lower CVSSv3 base scores, which can cause them to be missed in prioritization in some organizations. This brings a very important prioritization challenge to the forefront this month. Vendor severity ratings and scoring systems like CVSS may not reflect the real-world risk in many cases. Adopting a Risk-based Vulnerability Management approach and using additional risk indicators and telemetry on real-world attack trends is vital to stay ahead of threats like modern ransomware.

 

Microsoft resolved an Information Disclosure vulnerability in Windows Kernel (CVE-2021-31955).  The vulnerability affects Windows 10 1809, Server 2019 and later versions of the Windows OS. This vulnerability allows an attacker to access the contents of Kernel memory from a user mode process, granting access to sensitive information. The vulnerability is rated as Important and has a CVSSv3 base score of 5.5, which could be missed in some organizations' prioritization.

 

Microsoft resolved an Elevation of Privilege vulnerability in Windows NTFS (CVE-2021-31956) which could allow an attacker could convince a local user to open a malicious file, or in the case the attacker is already on the system, run a specially crafted application to exploit the vulnerability and take control of the affected system. This vulnerability affects Windows 7, Server 2008 and later Windows OS versions. The vulnerability is rated as Important and has a CVSSv3 base score of 7.8, which could be missed in some organizations' prioritization.

 

Microsoft resolved a Remote Code Execution vulnerability (CVE-2021-33742) which could allow an attacker to remotely execute code on the target system. To exploit the vulnerability, the attacker must convince a user to take an action — but this is a small barrier for threat actors. The exploit does not require any privileges to exploit the vulnerability. This vulnerability affects Windows 7, Server 2008 and later Windows OS versions and is rated as Critical with a CVSSv3 base score of 7.5.

 

Microsoft resolved an Elevation of Privilege vulnerability(CVE-2021-31199) in Microsoft Enhanced Cryptographic Provider which could allow an attacker to elevate from a low privilege to gain access to more information on the system and modify some data. This vulnerability is related to a previously exploited Adobe vulnerability. To fully resolve the threat there are three vulnerabilities that must be resolved. “Microsoft CVE-2021-31201 and CVE-2021-31199 address vulnerabilities that are related to Adobe's CVE-2021-28550, released in Adobe Security Bulletin ID APSB21-29. Customers running affected versions of Microsoft Windows should install the June security updates to be fully protected from these three vulnerabilities.” This vulnerability affects Windows 7, Server 2008 and later Windows OS versions and is rated as Important with a CVSSv3 base score of 5.2, which could be missed in some organizations' prioritization.

 

Microsoft resolved an Elevation of Privilege vulnerability (CVE-2021-31201) in Microsoft Enhanced Cryptographic Provider which could allow an attacker to elevate from a low privilege to gain access to more information on the system and ability to modify some data. This vulnerability is related to a previously exploited Adobe vulnerability. To fully resolve the threat there are three vulnerabilities that must be resolved. “Microsoft CVE-2021-31201 and CVE-2021-31199 address vulnerabilities that are related to Adobe's CVE-2021-28550, released in Adobe Security Bulletin ID APSB21-29. Customers running affected versions of Microsoft Windows should install the June security updates to be fully protected from these three vulnerabilities.” This vulnerability affects Windows 7, Server 2008 and later Windows OS versions and is rated as Important with a CVSSv3 base score of 5.2, which could be missed in some organizations' prioritization.

 

Microsoft resolved an Elevation of Privilege vulnerability (CVE-2021-33739) in Microsoft DWM Core Library which could allow an attacker to elevate from no authorization to full control of the system without the need for user interaction. The attacker can use a variety of methods to access a system and, once on, would be able to run an executable or script to gain control of the affected system. This vulnerability only affects Windows 10 1909, Server 2004 and later Windows OSs. The vulnerability is rated as Important and has a CVSSv3 base score of 8.4, which could be missed in some organizations' prioritization.

 

The Windows OS updates this month are the top priority and resolve all of the Zero Day vulnerabilities that Microsoft has resolved. Prioritize the OS update to reduce this risk quickly.

 

The Productivity Commission has released proposals to bolster Australians' right to repair. But do they go far enough?

arrow_forward

What is adaptive clothing and how can it make life easier for people with a disability?

arrow_forward

Most Australian households are well-positioned for electric vehicles – and an emissions ceiling would help

arrow_forward

The Conversation
INTERWEBS DIGITAL AGENCY

Business News

Top 3 Things to Consider When Finding the Best Amazon Marketing Agency

It is true that selling on Amazon is not a walk in the park - with intense competition and a big reputation, many sellers on the platform are finding themselves overworked simply trying to keep up...

Daily Bulletin - avatar Daily Bulletin

Marketing tips to help brands to be more present

Are you looking for marketing tips? Well, in this post we will share important marketing tips that can help the brand to be more present. A / B Test your shopping journey AB testing is  a scient...

Daily Bulletin - avatar Daily Bulletin

4 Things To Look For In A Customs Broker

Running a business entails the teamwork of many professionals. Some work within the four walls of the main business premises while others work outside. One of those who work in the field is a cust...

NewsServices.com - avatar NewsServices.com