Today’s VERT Alert addresses Microsoft’s June 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-947 on Wednesday, June 9th.

In-The-Wild & Disclosed CVEs

CVE-2021-31955

This is one of two vulnerabilities fixed in today’s patch drop which were reported by Kaspersky Lab after detecting exploitation by threat actor PuzzleMaker. This Windows Kernel Information Disclosure could allow an attacker to read kernel memory via a user mode process via a vulnerable function call related to SuperFetch. The vulnerability in ntoskrnl.exe has been exploited in the wild.

Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.

CVE-2021-31956

This is the second of two vulnerabilities fixed in today’s patch drop which were reported by Kaspersky Lab after detecting exploitation by threat actor PuzzleMaker. This vulnerability requires that an authenticated user execute code locally in order to exploit a heap-based buffer overflow in NTFS (ntfs.sys) that will allow for privilege escalation.

Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.

CVE-2021-33739

This CVE describes a publicly disclosed and exploited vulnerability in Desktop Window Manager (DWM) Core that could lead to privilege escalation via the execution of a malicious script or executable by an authenticated user.

Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.

CVE-2021-33742

Google’s Threat Analysis Group (TAG) reported this vulnerability in MSHTML that has been exploited in the wild to Microsoft. Microsoft has included an important to read FAQ entry on this vulnerability. They note that while Internet Explorer 11 is being retired on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying technology – MSHTML, EdgeHTML, and scripting platforms – are still supported. You can read more (Read more...)