Microsoft has released important “Patch Tuesday” monthly security updates. These should applied promptly as some of these vulnerabilities have potential to be actively exploited in-the-wild later:

360 Mobile Vision - 360mobilevision.com North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - 360mobilevision.com is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

https://isc.sans.edu/forums/diary/Microsoft+June+2021+Patch+Tuesday/27506/

https://blog.talosintelligence.com/2021/06/microsoft-patch-tuesday-for-june-2021.htm

https://www.zerodayinitiative.com/blog/2021/6/8/the-june-2021-security-update-review

https://us-cert.cisa.gov/ncas/current-activity/2021/06/08/microsoft-releases-june-2021-security-updates

https://msrc.microsoft.com/update-guide/releaseNote/2021-Jun

https://patchtuesdaydashboard.com/

https://portal.msrc.microsoft.com/en-us/security-guidance/summary

This month we got patches for 50 vulnerabilities. Of these, 5 are critical, 2 were previously disclosed and 6 is already being exploited according to Microsoft.

The highlight this time, of course, goes to the 6 zero-days: an elevation of privileges vulnerability on Microsoft DWM Core Library (CVE-2021-33739) – the only previously disclosed, an elevation of privilege vulnerability on Windows NTFS (CVE-2021-31956), an information disclosure vulnerability on Windows Kernel (CVE-2021-31955), an elevation of privilege vulnerability on Microsoft Enhanced Cryptographic Provider (CVE-2021-31201 and CVE-2021-31199) and, more importaltly, a remote code execution vulnerability affecting Windows MSHTML Platform (CVE-2021-33742).

Apart from the zero-days, there is an important security feature bypass Vulnerability Kerberos AppContainer (CVE-2021-31962). According to the advisory, in an enterprise environment this vulnerability might allow an attacker to bypass Kerberos authentication, to authenticate to an arbitrary service principal name. This vulnerability was associated to the highest CVSS this month: 9.4.

By admin