If you haven’t yet applied Microsoft’s monthly round of security patches, IT administrators should do so immediately to prevent malicious actors from exploiting 50 security flaws, including six zero-day vulnerabilities that were being actively exploited.
The patches remedy vulnerabilities that could allow hackers to perform attacks utilizing remote code execution, denial of service, privilege escalation and memory corruption.
Of the 50 vulnerabilities, five are rated Critical, and 45 are rated Important.
According to Zero Day Initiative, the patches fix security holes in Windows, .Net Core and Visual Studio, Microsoft Office, Microsoft Edge (Chromium-based and EdgeHTML), SharePoint Server, Hyper-V, Visual Studio Code-Kubernetes Tools, Windows HTML Platform, and Windows Remote Desktop. Eight of the 50 vulnerabilities came through the ZDI program.
Here is a further breakdown of the more critical vulnerabilities, according to Zero Day Initiative’s (ZDI) blog on the updates:
- CVE-2021-33742 – This bug in Windows MSHTML Platform could allow a hacker to execute code on a targeted system if a user views specially crafted web content. The vulnerability is in the Trident (MSHTML) engine itself, so many different applications can be impacted – not just Internet Explorer. ZDI recommends starting with this one.
- CVE-2021-31199/CVE-2021-31201 – These two vulnerabilities in Microsoft Enhanced Cryptographic are linked to an Adobe Reader code execution bug disclosed last month and could lead to an escalation of privilege attack. The two bugs disclosed by Microsoft were the privilege escalation bugs that led to the code execution exploit, ZDI says.
- CVE-2021-31956 – This vulnerability is in Windows NTFS and is a privilege elevation bug that could have been used in conjunction with an information disclosure bug that was also under active attack. “It’s possible these bugs were used in conjunction, as that is a common technique – use a memory leak to get the address needed to escalate privileges. These bugs are important on their own and could be even worse when combined,” ZDI says.
- CVE – 2021-31962 – According to ZDI, this vulnerability allows a bad actor to bypass Kerberos authentication and potentially authenticate to an arbitrary service principal name (SPN). This vulnerability scored the highest CVSS for June at 9.4 and could allow an attacker to bypass authentication to any service accessed via an SPN. “Given that SPN authentication is crucial to security in Kerberos deployments, this patch should be given highest priority,” ZDI says.