On June 2021 Patch Tuesday, Microsoft addressed 50 vulnerabilities; and out of these, 5 were critical and 45 were important bugs. 3 vulnerabilities were previously known, and 6 are being actively exploited by attackers. The 6 exploited vulnerabilities are: CVE-2021-31955, CVE-2021-31956, CVE-2021-33739, CVE-2021-33742, CVE-2021-31199, & CVE-2021-31201.
CVE-2021-31955 and CVE-2021-31956 are Windows Kernel Information Disclosure vulnerability and Windows NTFS Elevation of Privilege vulnerability respectively, which have been discovered by Kaspersky Lab researchers. According to Bharat Jogi, Senior Manager, Vulnerability and Threat Research at Qualys, “these two vulnerabilities were being used in conjunction with Google Chrome and were at the root of a chain of exploits in highly targeted attacks against multiple companies.”
CVE-2021-33739 – is a Microsoft DWM Core Library Elevation of Privilege Vulnerability.
CVE-2021-33742 is a Windows MSHTML Platform Remote Code Execution Vulnerability – a component used by the Internet Explorer engine to read and display content from websites. As the library is used by other services and applications, emailing HTML files as part of a phishing campaign is also a viable method of delivery.
CVE-2021-31199 and CVE-2021-31201 are Microsoft Enhanced Cryptographic Provider Elevation of Privilege vulnerabilities. Both these CVEs can be collectively used as an initial infection point via targeted phishing attacks, targeting Adobe Reader users on Windows via PDF files.
In a report released today by Kaspersky, researchers have explained that the CVE-2021-31955 and CVE-2021-31956 zero-day vulnerabilities were used in attacks by a new threat actor group known as PuzzleMaker.
Multiple products of Microsoft Windows.
The OS giant has released a security guidance for June 2021 Patch Tuesday CVEs.
Qualys customers can scan their network with QID 91722 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage on latest vulnerabilities.
References and Sources