Microsoft’s June 2021 Security Updates Fix Multiple Products’ High-Risk Vulnerabilities

Microsoft’s June 2021 Security Updates Fix Multiple Products’ High-Risk Vulnerabilities

June 16, 2021 | Jie Ji

Overview

According to NSFOCUS CERT’s monitoring, Microsoft released June 2021 Security Updates on June 9 to fix 50 vulnerabilities, including high-risk remote code execution and privilege escalation, in widely used products like Windows, Microsoft Office, Microsoft Edge, Visual Studio, and SharePoint Server.

In the vulnerabilities fixed by this month’s security updates, there are five critical vulnerabilities and 45 important ones. Affected users are advised to patch their installations as soon as possible. For the complete list of vulnerabilities, see the appendix.

NSFOCUS Remote Security Assessment System (RSAS) can detect most of the vulnerabilities (including high-risk ones such as CVE-2021-31959, CVE-2021-31963, and CVE-2021-33742) fixed by these security updates. Customers are advised to immediately update the plug-in package of their RSAS to V6.0R02F01.2305, which is available at http://update.nsfocus.com/update/listRsasDetail/v/vulsys.

Reference link:

https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-Jun

Description of Major Vulnerabilities

Based on the product popularity and vulnerability criticality, we have selected the vulnerabilities with a big impact that users should keep their eyes open for:

Windows MSHTML Platform  Remote Code Execution Vulnerability (CVE-2021-33742)

Windows MSHTML Platform is prone to a remote code execution vulnerability caused by the MSHTML rendering engine Trident. An unauthorized, remote attacker could exploit this vulnerability to take control of a user’s computer system by tricking the user into opening a crafted file or visiting a malicious website. Currently, this vulnerability is found to be exploited in the wild.

For vulnerability details, visit the following link:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33742

Microsoft Defender Remote Code Execution Vulnerability (CVE-2021-31985)

Microsoft Defender is prone to a remote code execution vulnerability that allows attackers to bypass Defender’s defenses and execute arbitrary code on the target system by tricking a user into opening a crafted binary.

For vulnerability details, visit the following link:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31985

Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-31963)

Microsoft SharePoint Server is prone to a remote code execution vulnerability that allows authenticated attackers to conduct a deserialization attack via a malicious HTTP request, hence takeover of the target server.

For vulnerability details, visit the following link:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31963

Kerberos AppContainer Security Feature Bypass Vulnerability (CVE-2021-31962)

Kerberos AppContainer is prone to a security feature bypass vulnerability that allows attackers to bypass Kerberos authentication and authenticate to an arbitrary service principal name.

For vulnerability details, visit the following link:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31962

Windows Print Spooler Privilege Escalation Vulnerability (CVE-2021-1675)

Windows Print Spooler is prone to a privilege escalation vulnerability. Print Spooler is a service in Windows for managing print jobs. Microsoft takes this vulnerability as a local privilege escalation vulnerability with the Important severity level. In fact, under proper conditions in a domain environment, it could allow unauthorized, remote attackers to execute arbitrary code on the domain controller with SYSTEM privileges without requiring any user interaction.

For vulnerability details, visit the following link:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1675

Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability (CVE-2021-31199/CVE-2021-312 01)

Microsoft Enhanced Cryptographic Provider is prone to two privilege escalation vulnerabilities, CVE-2021-31199 and CVE- 2021-31201, that allow local attackers to bypass security restrictions of Microsoft Enhanced Cryptographic Provider and read and modify restricted information. The two vulnerabilities are exploited by attackers in combination with a vulnerability in Adobe Reader (CVE-2021-28550). By tricking a user into opening a crafted PDF file, they could execute arbitrary code remotely. Currently, the two vulnerabilities are found to be exploited in the wild.

For vulnerability details, visit the following link:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31199

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31201

Windows NTFS Privilege Escalation Vulnerability (CVE-2021-31956)

Windows NTFS is prone to a privilege escalation vulnerability, which stems from a heap-based buffer overflow vulnerability in ntfs.sys and allows authenticated attackers to escalate privileges by executing a crafted program. Attackers usually exploit this vulnerability by enticing users to open a crafted file. A researcher from Kaspersky Lab discovered this vulnerability and linked it to PuzzleMaker Group, which uses a Windows Kernel information disclosure vulnerability (CVE-2021-31955) and a Chrome remote code execution vulnerability at the same time to escape Chrome’s sandboxes and gain privileges of the target system. Currently, this vulnerability is found to be exploited in the wild.

For vulnerability details, visit the following link:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31956

Microsoft DWM Core Library Privilege Escalation Vulnerability (CVE-2021-33739)

Microsoft DWM Core Library is prone to a privilege escalation vulnerability that allows authenticated attackers to escalate privileges by executing a crafted program. Attackers usually exploit this vulnerability by enticing users to open a crafted file. Currently, vulnerability details have been published and the vulnerability is found to be exploited in this wild.

For vulnerability details, visit the following link: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33739

Scope of Impact

The following table lists affected products and versions that require special attention. Please view Microsoft’s security updates for other products affected by these vulnerabilities.

CVE IDAffected Products and Versions
CVE-2021-33742Windows Server 2012 R2
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2021-31985Microsoft Malware Protection Engine < 1.1.18200.3
CVE-2021-31963Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Server 2019
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
CVE-2021-31962
CVE-2021-1675
CVE-2021-31199
CVE-2021-31201
CVE-2021-31956
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2  RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016    (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server, version  20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019    (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2021-33739Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems

Mitigation

Patch Update

Currently, Microsoft has released security updates to fix the preceding vulnerabilities in product versions supported by Microsoft. Affected users are strongly advised to apply these updates as soon as possible. These updates are available at the following link:

https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-Jun

Note: Windows Update may fail due to network and computer environment issues. Therefore, users are advised to check whether the patches are successfully applied immediately upon installation.

Right-click the Start button and choose Settings (N) > Update & Security > Windows Update to view the message on the page. Alternatively, you can view historical updates by clicking View update history.

If an update fails to be successfully installed, you can click the update name to open the Microsoft’s official update download page. Users are advised to click the links on the page to visit the “Microsoft Update Catalog” website to download and install independent packages.

Appendix: Vulnerability List

Affected ProductCVE IDVulnerability Title  Severity
WindowsCVE-2021-31959Scripting Engine Memory Leak VulnerabilityCritical
Microsoft OfficeCVE-2021-31963Microsoft SharePoint Server Remote Code Execution VulnerabilityCritical
WindowsCVE-2021-31967VP9 Video Extensions Remote Code Execution VulnerabilityCritical
WindowsCVE-2021-33742Windows MSHTML Platform Remote Code Execution VulnerabilityCritical
System CenterCVE-2021-31985Microsoft Defender Remote Code Execution VulnerabilityCritical
WindowsCVE-2021-1675Windows Print Spooler Privilege Escalation VulnerabilityImportant
WindowsCVE-2021-26414Windows DCOM Server Security Feature BypassImportant
Microsoft OfficeCVE-2021-26420Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Visual Studio Code -Kubernetes ToolsCVE-2021-31938Microsoft VsCode Kubernetes Tools Extension Privilege Escalation VulnerabilityImportant
Microsoft OfficeCVE-2021-31939Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-31940Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-31941Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
AppsCVE-2021-319423D Viewer Remote Code Execution VulnerabilityImportant
AppsCVE-2021-319433D Viewer Remote Code Execution VulnerabilityImportant
AppsCVE-2021-319443D Viewer Information Disclosure VulnerabilityImportant
AppsCVE-2021-31945Paint 3D Remote Code Execution VulnerabilityImportant
AppsCVE-2021-31946Paint 3D Remote Code Execution VulnerabilityImportant
WindowsCVE-2021-31951Windows Kernel Privilege Escalation VulnerabilityImportant
WindowsCVE-2021-31952Windows Kernel-Mode Driver Privilege Escalation VulnerabilityImportant
WindowsCVE-2021-31953Windows Filter Manager Privilege Escalation VulnerabilityImportant
WindowsCVE-2021-31954Windows Common Log File System Driver Privilege Escalation VulnerabilityImportant
WindowsCVE-2021-31955Windows Kernel Information Disclosure VulnerabilityImportant
WindowsCVE-2021-31956Windows NTFS Privilege Escalation VulnerabilityImportant
.NET, .NET Core, Visual Studio, Microsoft Visual StudioCVE-2021-31957ASP.NET Denial-of-Service VulnerabilityImportant
WindowsCVE-2021-31958Windows NTLM Privilege Escalation VulnerabilityImportant
WindowsCVE-2021-31960Windows Bind Filter Driver Information Disclosure VulnerabilityImportant
WindowsCVE-2021-31962Kerberos AppContainer Security Feature Bypass VulnerabilityImportant
Microsoft OfficeCVE-2021-31964Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft OfficeCVE-2021-31965Microsoft SharePoint Server Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2021-31966Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
AppsCVE-2021-31980Microsoft Intune Management Extension Remote Code Execution VulnerabilityImportant
AppsCVE-2021-31983Paint 3D Remote Code Execution VulnerabilityImportant
WindowsCVE-2021-33739Microsoft DWM Core Library Privilege Escalation VulnerabilityImportant
WindowsCVE-2021-31199Microsoft Enhanced Cryptographic Provider Privilege Escalation VulnerabilityImportant
WindowsCVE-2021-31201Microsoft Enhanced Cryptographic Provider Privilege Escalation VulnerabilityImportant
Microsoft OfficeCVE-2021-31948Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft OfficeCVE-2021-31949Microsoft Outlook Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-31950Microsoft SharePoint Server Spoofing VulnerabilityImportant
WindowsCVE-2021-31968Windows Remote Desktop Services Denial-of-Service VulnerabilityImportant
WindowsCVE-2021-31969Windows Cloud Files Mini Filter Driver Privilege Escalation VulnerabilityImportant
WindowsCVE-2021-31970Windows TCP/IP Driver Security Feature Bypass VulnerabilityImportant
WindowsCVE-2021-31971Windows HTML Platform Security Feature Bypass VulnerabilityImportant
WindowsCVE-2021-31972Event Tracing for Windows Information Disclosure VulnerabilityImportant
WindowsCVE-2021-31973Windows GPSVC Privilege Escalation VulnerabilityImportant
WindowsCVE-2021-31974Server for NFS Denial-of-Service VulnerabilityImportant
WindowsCVE-2021-31975Server for NFS Information Disclosure VulnerabilityImportant
WindowsCVE-2021-31976Server for NFS Information Disclosure VulnerabilityImportant
WindowsCVE-2021-31977Windows Hyper-V Denial-of-Service VulnerabilityImportant
System CenterCVE-2021-31978Microsoft Defender Denial-of-Service VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2021-33741Microsoft Edge (Chromium-based) Privilege Escalation VulnerabilityImportant

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.