Overview
According to NSFOCUS CERT’s monitoring, Microsoft released June 2021 Security Updates on June 9 to fix 50 vulnerabilities, including high-risk remote code execution and privilege escalation, in widely used products like Windows, Microsoft Office, Microsoft Edge, Visual Studio, and SharePoint Server.
In the vulnerabilities fixed by this month’s security updates, there are five critical vulnerabilities and 45 important ones. Affected users are advised to patch their installations as soon as possible. For the complete list of vulnerabilities, see the appendix.
NSFOCUS Remote Security Assessment System (RSAS) can detect most of the vulnerabilities (including high-risk ones such as CVE-2021-31959, CVE-2021-31963, and CVE-2021-33742) fixed by these security updates. Customers are advised to immediately update the plug-in package of their RSAS to V6.0R02F01.2305, which is available at http://update.nsfocus.com/update/listRsasDetail/v/vulsys.
Reference link:
https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-Jun
Description of Major Vulnerabilities
Based on the product popularity and vulnerability criticality, we have selected the vulnerabilities with a big impact that users should keep their eyes open for:
Windows MSHTML Platform Remote Code Execution Vulnerability (CVE-2021-33742)
Windows MSHTML Platform is prone to a remote code execution vulnerability caused by the MSHTML rendering engine Trident. An unauthorized, remote attacker could exploit this vulnerability to take control of a user’s computer system by tricking the user into opening a crafted file or visiting a malicious website. Currently, this vulnerability is found to be exploited in the wild.
For vulnerability details, visit the following link:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33742
Microsoft Defender Remote Code Execution Vulnerability (CVE-2021-31985)
Microsoft Defender is prone to a remote code execution vulnerability that allows attackers to bypass Defender’s defenses and execute arbitrary code on the target system by tricking a user into opening a crafted binary.
For vulnerability details, visit the following link:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31985
Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-31963)
Microsoft SharePoint Server is prone to a remote code execution vulnerability that allows authenticated attackers to conduct a deserialization attack via a malicious HTTP request, hence takeover of the target server.
For vulnerability details, visit the following link:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31963
Kerberos AppContainer Security Feature Bypass Vulnerability (CVE-2021-31962)
Kerberos AppContainer is prone to a security feature bypass vulnerability that allows attackers to bypass Kerberos authentication and authenticate to an arbitrary service principal name.
For vulnerability details, visit the following link:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31962
Windows Print Spooler Privilege Escalation Vulnerability (CVE-2021-1675)
Windows Print Spooler is prone to a privilege escalation vulnerability. Print Spooler is a service in Windows for managing print jobs. Microsoft takes this vulnerability as a local privilege escalation vulnerability with the Important severity level. In fact, under proper conditions in a domain environment, it could allow unauthorized, remote attackers to execute arbitrary code on the domain controller with SYSTEM privileges without requiring any user interaction.
For vulnerability details, visit the following link:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1675
Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability (CVE-2021-31199/CVE-2021-312 01)
Microsoft Enhanced Cryptographic Provider is prone to two privilege escalation vulnerabilities, CVE-2021-31199 and CVE- 2021-31201, that allow local attackers to bypass security restrictions of Microsoft Enhanced Cryptographic Provider and read and modify restricted information. The two vulnerabilities are exploited by attackers in combination with a vulnerability in Adobe Reader (CVE-2021-28550). By tricking a user into opening a crafted PDF file, they could execute arbitrary code remotely. Currently, the two vulnerabilities are found to be exploited in the wild.
For vulnerability details, visit the following link:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31199
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31201
Windows NTFS Privilege Escalation Vulnerability (CVE-2021-31956)
Windows NTFS is prone to a privilege escalation vulnerability, which stems from a heap-based buffer overflow vulnerability in ntfs.sys and allows authenticated attackers to escalate privileges by executing a crafted program. Attackers usually exploit this vulnerability by enticing users to open a crafted file. A researcher from Kaspersky Lab discovered this vulnerability and linked it to PuzzleMaker Group, which uses a Windows Kernel information disclosure vulnerability (CVE-2021-31955) and a Chrome remote code execution vulnerability at the same time to escape Chrome’s sandboxes and gain privileges of the target system. Currently, this vulnerability is found to be exploited in the wild.
For vulnerability details, visit the following link:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31956
Microsoft DWM Core Library Privilege Escalation Vulnerability (CVE-2021-33739)
Microsoft DWM Core Library is prone to a privilege escalation vulnerability that allows authenticated attackers to escalate privileges by executing a crafted program. Attackers usually exploit this vulnerability by enticing users to open a crafted file. Currently, vulnerability details have been published and the vulnerability is found to be exploited in this wild.
For vulnerability details, visit the following link: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33739
Scope of Impact
The following table lists affected products and versions that require special attention. Please view Microsoft’s security updates for other products affected by these vulnerabilities.
| CVE ID | Affected Products and Versions |
| CVE-2021-33742 | Windows Server 2012 R2 Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems |
| CVE-2021-31985 | Microsoft Malware Protection Engine < 1.1.18200.3 |
| CVE-2021-31963 | Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 |
| CVE-2021-31962 CVE-2021-1675 CVE-2021-31199 CVE-2021-31201 CVE-2021-31956 | Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems |
| CVE-2021-33739 | Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems |
Mitigation
Patch Update
Currently, Microsoft has released security updates to fix the preceding vulnerabilities in product versions supported by Microsoft. Affected users are strongly advised to apply these updates as soon as possible. These updates are available at the following link:
https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-Jun
Note: Windows Update may fail due to network and computer environment issues. Therefore, users are advised to check whether the patches are successfully applied immediately upon installation.
Right-click the Start button and choose Settings (N) > Update & Security > Windows Update to view the message on the page. Alternatively, you can view historical updates by clicking View update history.
If an update fails to be successfully installed, you can click the update name to open the Microsoft’s official update download page. Users are advised to click the links on the page to visit the “Microsoft Update Catalog” website to download and install independent packages.
Appendix: Vulnerability List
| Affected Product | CVE ID | Vulnerability Title | Severity |
| Windows | CVE-2021-31959 | Scripting Engine Memory Leak Vulnerability | Critical |
| Microsoft Office | CVE-2021-31963 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2021-31967 | VP9 Video Extensions Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2021-33742 | Windows MSHTML Platform Remote Code Execution Vulnerability | Critical |
| System Center | CVE-2021-31985 | Microsoft Defender Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2021-1675 | Windows Print Spooler Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-26414 | Windows DCOM Server Security Feature Bypass | Important |
| Microsoft Office | CVE-2021-26420 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Visual Studio Code -Kubernetes Tools | CVE-2021-31938 | Microsoft VsCode Kubernetes Tools Extension Privilege Escalation Vulnerability | Important |
| Microsoft Office | CVE-2021-31939 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2021-31940 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2021-31941 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important |
| Apps | CVE-2021-31942 | 3D Viewer Remote Code Execution Vulnerability | Important |
| Apps | CVE-2021-31943 | 3D Viewer Remote Code Execution Vulnerability | Important |
| Apps | CVE-2021-31944 | 3D Viewer Information Disclosure Vulnerability | Important |
| Apps | CVE-2021-31945 | Paint 3D Remote Code Execution Vulnerability | Important |
| Apps | CVE-2021-31946 | Paint 3D Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-31951 | Windows Kernel Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-31952 | Windows Kernel-Mode Driver Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-31953 | Windows Filter Manager Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-31954 | Windows Common Log File System Driver Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-31955 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows | CVE-2021-31956 | Windows NTFS Privilege Escalation Vulnerability | Important |
| .NET, .NET Core, Visual Studio, Microsoft Visual Studio | CVE-2021-31957 | ASP.NET Denial-of-Service Vulnerability | Important |
| Windows | CVE-2021-31958 | Windows NTLM Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-31960 | Windows Bind Filter Driver Information Disclosure Vulnerability | Important |
| Windows | CVE-2021-31962 | Kerberos AppContainer Security Feature Bypass Vulnerability | Important |
| Microsoft Office | CVE-2021-31964 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft Office | CVE-2021-31965 | Microsoft SharePoint Server Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2021-31966 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Apps | CVE-2021-31980 | Microsoft Intune Management Extension Remote Code Execution Vulnerability | Important |
| Apps | CVE-2021-31983 | Paint 3D Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-33739 | Microsoft DWM Core Library Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-31199 | Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-31201 | Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability | Important |
| Microsoft Office | CVE-2021-31948 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft Office | CVE-2021-31949 | Microsoft Outlook Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2021-31950 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Windows | CVE-2021-31968 | Windows Remote Desktop Services Denial-of-Service Vulnerability | Important |
| Windows | CVE-2021-31969 | Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-31970 | Windows TCP/IP Driver Security Feature Bypass Vulnerability | Important |
| Windows | CVE-2021-31971 | Windows HTML Platform Security Feature Bypass Vulnerability | Important |
| Windows | CVE-2021-31972 | Event Tracing for Windows Information Disclosure Vulnerability | Important |
| Windows | CVE-2021-31973 | Windows GPSVC Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-31974 | Server for NFS Denial-of-Service Vulnerability | Important |
| Windows | CVE-2021-31975 | Server for NFS Information Disclosure Vulnerability | Important |
| Windows | CVE-2021-31976 | Server for NFS Information Disclosure Vulnerability | Important |
| Windows | CVE-2021-31977 | Windows Hyper-V Denial-of-Service Vulnerability | Important |
| System Center | CVE-2021-31978 | Microsoft Defender Denial-of-Service Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2021-33741 | Microsoft Edge (Chromium-based) Privilege Escalation Vulnerability | Important |
Statement
This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.
