June 2021 Patch Tuesday: 6 In-the-wild exploits to patch

While we have another reprieve this month in terms of total count of vulnerabilities addressed by Microsoft, we do have an increase in zero day vulnerabilities and some notable Adobe updates. This is the second month in a row we’ve seen roughly half the normal number of vulnerabilities addressed by Microsoft—down from last month’s 55 vulnerabilities to just 50—but the increase in zero day vulnerabilities to six is, of course, a concern.

The six zero day vulnerabilities plus one more from Microsoft should be at the top of your priority list, along with some Adobe Acrobat and Reader vulnerabilities that allow arbitrary code execution simply by opening a document.

Microsoft vulnerabilities

This month Microsoft brings a smaller total count of patches, but more actively exploited vulnerabilities than usual. There are six listed as being under active exploitation with a seventh zero day vulnerability that isn’t reported as being under active exploitation but is listed as “Exploitation More Likely.”

  • CVE-2021-31955—Windows Kernel Information Disclosure Vulnerability
  • CVE-2021-31956—Windows NTFS Elevation of Privilege Vulnerability
  • CVE-2021-33739—Microsoft DWM Core Library Elevation of Privilege Vulnerability
  • CVE-2021-33742—Windows MSHTML Platform Remote Code Execution Vulnerability
  • CVE-2021-31199—Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
  • CVE-2021-31201—Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
  • CVE-2021-31968—Windows Remote Desktop Services Denial of Service Vulnerability

Two additional vulnerabilities of note are CVE-2021-31962, the Kerberos AppContainer Security feature Bypass Vulnerability, with a CVSS of 9.4, and CVE-2021-31985, Microsoft Defender Remote Code Execution with a CVSS of 7.8. While both are marked as “Exploitation Less Likely,” once leveraged they could be one of the more damaging vulnerabilities for domain environments.

Cumulative updates

KB5003637 for Windows 10 2004 and Windows 10 20H2, and KB5003635 for Windows 10 1909 were released this month. Both apply security fixes and a collection of bug fixes. Nothing too special of note aside from improvements to performance associated with file management and non-descript security improvements for human input devices.

Third-party vulnerabilities: Adobe

This month there are more vulnerabilities related to Adobe than last month. CVE-2021-28554, CVE-2021-28554, CVE-2021-28552, and CVE-2021-28632 are all related to Adobe Reader and Acrobat. They all carry CVSS 7.8 scores and all can allow for arbitrary code execution. Make sure these are on your radar and be sure to update Reader DC to 20.21.005.20148 and Adobe Reader 2020 to 2020.004.30005.

There are a total of 41 vulnerabilities over 10 different products this month, so if you have Adobe products in your environments you should check here for more.

Browsers

June 4 saw Microsoft Edge stable channel update to 91.0.864.41 to address CVE-2021-33741.

Google Chrome also saw an update to 91.0.4472.101 to deal with CVE-2021-30551, which bad actors used as part of a chain attack that also leveraged CVE-2021-33742. While this chain attack isn’t seeing widespread use, it will likely propagate as more threat groups reverse engineer or gain access to PoCs.

Summary

As always there is plenty to do following another Patch Tuesday. Microsoft has several zero day vulnerabilities that should get immediate attention but those can be addressed easily by patch management within N-able RMM or N-central® set to approval on Critical severity. Chrome should also get a little extra attention this month to make sure it’s updated. Schedule reboots prior to patch windows or run an automated task prior to patch windows to stop Chrome processes; that will improve your success rate when applying Chrome updates via third-party patching.

Lewis Pope is the Head Security Nerd at N-able. You can follow him on:

Twitter: @cybersec_nerd

Linkedin: thesecuritypope

Twitch: cybersec_nerd

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a trial.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site