{"id": "CVE-2021-33742", "bulletinFamily": "NVD", "title": "CVE-2021-33742", "description": "Windows MSHTML Platform Remote Code Execution Vulnerability", "published": "2021-06-08T23:15:00", "modified": "2021-06-14T14:48:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33742", "reporter": "secure@microsoft.com", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33742"], "cvelist": ["CVE-2021-33742"], "immutableFields": [], "type": "cve", "lastseen": "2021-06-15T07:41:27", "edition": 2, "viewCount": 36, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:19A3B42A-68BD-48E1-847B-9BA88408EF2B"]}, {"type": "mscve", "idList": ["MS:CVE-2021-33742"]}, {"type": "thn", "idList": ["THN:BBBFDA7EEE18F813A5DA572FD390D528", "THN:1DDE95EA33D4D9F304973569FC787451", "THN:7D7C05739ECD847B8CDEEAF930C51BF8"]}, {"type": "threatpost", "idList": ["THREATPOST:61CC1EAC83030C2B053946454FE77AC3", "THREATPOST:EA23582BD77C428ACE9B9DB7D5741EB6", "THREATPOST:DE317ED7C5E4858FE861A15F96F6BCFD"]}, {"type": "krebs", "idList": ["KREBS:E374075CAB55D7AB06EBD73CB87D33CD"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_JUN_5003681.NASL", "SMB_NT_MS21_JUN_5003695.NASL", "SMB_NT_MS21_JUN_5003697.NASL", "SMB_NT_MS21_JUN_5003637.NASL", "SMB_NT_MS21_JUN_5003638.NASL", "SMB_NT_MS21_JUN_5003646.NASL", "SMB_NT_MS21_JUN_5003635.NASL", "SMB_NT_MS21_JUN_5003687.NASL", "SMB_NT_MS21_JUN_5003694.NASL"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:84CB84E43C5F560FDE9B8B7E65F7C4A3"]}, {"type": "avleonov", "idList": ["AVLEONOV:9D3D76F4CC74C7ABB8000BC6AFB2A2CE"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:E44F025D612AC4EA5DF9F2B56FF8680C"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:23EF75126B24C22C999DAD4D7A2E9DF5"]}], "modified": "2021-06-15T07:41:27", "rev": 2}, "score": {"value": 2.5, "vector": "NONE", "modified": "2021-06-15T07:41:27", "rev": 2}, "twitter": {"counter": 34, "tweets": [{"link": "https://twitter.com/VulmonFeeds/status/1415698032184733704", "text": "CVE-2021-33742\n\nMicrosoft Windows MSHTML Platform Remote Code Execution Vulnerabi...\n\nhttps://t.co/9IKAnXjaQF?amp=1\n\nVulnerability Alert Subscriptions: https://t.co/hrQhy5uz4x?amp=1"}, {"link": "https://twitter.com/ET_Labs/status/1415804300157128707", "text": "14 new OPEN, 28 new PRO (14 + 14) Tofsee, ReverseRAT, Candiru,\nMargulasRAT, and IE MSHTML Out-of-Bounds Write Inbound\n(CVE-2021-33742)\n\nhttps://t.co/Y93thVWXZK?amp=1"}, {"link": "https://twitter.com/ipssignatures/status/1415839100029054979", "text": "It is the first time for me to know a protection/signature/rule for the vulnerability CVE-2021-33742.\n/hashtag/Snb4obka5dznba?src=hashtag_click"}, {"link": "https://twitter.com/catnap707/status/1415847095278338048", "text": "Google\u304c\u300c\u30ed\u30b7\u30a2\u653f\u5e9c\u7cfb\u30cf\u30c3\u30ab\u30fc\u304ciOS\u306e\u30bc\u30ed\u30c7\u30a4\u8106\u5f31\u6027\u3092\u7a81\u3044\u3066\u30e8\u30fc\u30ed\u30c3\u30d1\u306e\u653f\u5e9c\u95a2\u4fc2\u8005\u3092\u653b\u6483\u3057\u3066\u3044\u305f\u300d\u3068\u5831\u544a - GIGAZINE\nhttps://t.co/8NFhNrKumE?amp=1\n\"CVE-2021-1879\u3068\u540c\u6642\u306b\u5831\u544a\u3055\u308c\u305f\u8106\u5f31\u6027\u306f\u3001Chrome\u306b\u95a2\u9023\u3059\u308bCVE-2021-21166\u3068CVE-2021-30551\u3001Internet Explorer\u306b\u95a2\u9023\u3059\u308bCVE-2021-33742\u3067\u3057\u305f\""}, {"link": "https://twitter.com/ando_Tw/status/1416101478519902208", "text": "Chorome\u306b2\u4ef6\u3001IE\u3068Safari\u306b1\u4ef6\u305a\u3064\u8a08\uff14\u4ef6\u306e\u8106\u5f31\u6027\u304c\u30ed\u30b7\u30a2\u7cfb\u306e\u8907\u6570\u306eactor\u306b\u3088\u3063\u3066\u5229\u7528\u3055\u308c\u3001\u300c\u30d1\u30c3\u30c1\u304c\u5f53\u305f\u308b\u524d\u653b\u6483\u300d\u304c\u5c55\u958b\u3055\u308c\u3066\u3044\u308b\u3068\u3059\u308b\u8a18\u4e8b\u3002\u5bfe\u8c61\u306fCVE-2021-21166, CVE-2021-30551(Chorome), CVE-2021-1844(Safari),CVE-2021-33742(IE)\u3002\n\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3057\u3088\u3046\u306d\u3002"}, {"link": "https://twitter.com/elhackernet/status/1416093774468370432", "text": "Grupo de An\u00e1lisis de Amenazas de /hashtag/Google?src=hashtag_click comparte detalles sobre 4 campa\u00f1as 0-days dirigidas a 4 vulnerabilidades: \n- CVE-2021-21166 y CVE-2021-30551 en Chrome\n- CVE-2021-33742 en Internet Explorer\n- CVE- 2021-1879 en WebKit (Safari) \nR\u00e9cord 0-days en 2021\nhttps://t.co/qhvGWRdCJ0?amp=1"}, {"link": "https://twitter.com/RubertPereira/status/1416097334358941702", "text": "Grupo de An\u00e1lisis de Amenazas de /hashtag/Google?src=hashtag_click comparte detalles sobre 4 campa\u00f1as 0-days dirigidas a 4 vulnerabilidades: \n- CVE-2021-21166 y CVE-2021-30551 en Chrome\n- CVE-2021-33742 en Internet Explorer\n- CVE- 2021-1879 en WebKit (Safari) \nR\u00e9cord 0-days en 2021\n\u2026"}, {"link": "https://twitter.com/Securityblog/status/1416677823562014724", "text": "CVE-2021-33742: Internet Explorer out-of-bounds write in MSHTML | 0-days In-the-Wild https://t.co/PHu6cvR3g6?amp=1"}, {"link": "https://twitter.com/XssPayloads/status/1417021561702436872", "text": "CVE-2021-33742 PoC by /ifsecure \n<script>\nvar b = document.createElement(\"html\");\nb.innerHTML = Array(40370176).toString();\nb.innerHTML = \"\";\n</script>"}, {"link": "https://twitter.com/BeClever_ITS/status/1417391488686862336", "text": "Reportados 4 /hashtag/0day?src=hashtag_click explotados activamente en IE, Safari y Chrome. \n CVE-2021-21166, CVE-2021-30551 y CVE-2021-33742: ejecutan c\u00f3digo arbitrario\n CVE-2021-1879: A trav\u00e9s de LinkedIn, exfiltra informaci\u00f3n de cookies de sesi\u00f3n y p\u00e1ginas web abiertas"}], "modified": "2021-06-15T07:41:27"}, "exploitation": {"wildExploited": true, "wildExploitedSources": [{"type": "attackerkb", "idList": ["AKB:19A3B42A-68BD-48E1-847B-9BA88408EF2B"]}], "modified": "2021-06-15T07:41:27"}, "vulnersScore": 2.5}, "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2008:sp2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_7:-"], "affectedSoftware": [{"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "1809"}, {"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "1607"}, {"cpeName": "microsoft:windows_server_2008", "name": "microsoft windows server 2008", "operator": "eq", "version": "r2"}, {"cpeName": "microsoft:windows_rt_8.1", "name": "microsoft windows rt 8.1", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_server_2019", "name": "microsoft windows server 2019", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_server_2016", "name": "microsoft windows server 2016", "operator": "eq", "version": "1909"}, {"cpeName": "microsoft:windows_server_2012", "name": "microsoft windows server 2012", "operator": "eq", "version": "r2"}, {"cpeName": "microsoft:windows_server_2016", "name": "microsoft windows server 2016", "operator": "eq", "version": "2004"}, {"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "21h1"}, {"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "2004"}, {"cpeName": "microsoft:windows_server_2012", "name": "microsoft windows server 2012", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_8.1", "name": "microsoft windows 8.1", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "20h2"}, {"cpeName": "microsoft:windows_7", "name": "microsoft windows 7", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_server_2008", "name": "microsoft windows server 2008", "operator": "eq", "version": "sp2"}, {"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "1909"}, {"cpeName": "microsoft:windows_server_2016", "name": "microsoft windows server 2016", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_server_2016", "name": "microsoft windows server 2016", "operator": "eq", "version": "20h2"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33742", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33742"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-noinfo"], "scheme": null}

{"attackerkb": [{"lastseen": "2021-07-20T20:09:23", "description": "Windows MSHTML Platform Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**NinjaOperator** at June 16, 2021 10:56pm UTC reported:\n\nWindows MSHTML Platform (Microsoft proprietary browser engine) enables RCE and is being actively exploited in limited campaigns. \n\uf0a7 Exploitation requires user interaction; thus, feasible threat scenarios include drive-by download, exploit kits, and phishing links. \n\uf0a7 A commercial exploit company reportedly provided the exploit code to Eastern European and Middle Eastern state-sponsored actors\n\n**gwillcox-r7** at June 17, 2021 5:25pm UTC reported:\n\nWindows MSHTML Platform (Microsoft proprietary browser engine) enables RCE and is being actively exploited in limited campaigns. \n\uf0a7 Exploitation requires user interaction; thus, feasible threat scenarios include drive-by download, exploit kits, and phishing links. \n\uf0a7 A commercial exploit company reportedly provided the exploit code to Eastern European and Middle Eastern state-sponsored actors\n\nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-08T00:00:00", "type": "attackerkb", "title": "CVE-2021-33742", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-33742"], "modified": "2021-06-15T00:00:00", "id": "AKB:19A3B42A-68BD-48E1-847B-9BA88408EF2B", "href": "https://attackerkb.com/topics/oLB20MCHnO/cve-2021-33742", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mscve": [{"lastseen": "2021-07-31T11:19:49", "description": "Windows MSHTML Platform Remote Code Execution Vulnerability \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-08T07:00:00", "type": "mscve", "title": "Windows MSHTML Platform Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-33742"], "modified": "2021-06-08T07:00:00", "id": "MS:CVE-2021-33742", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33742", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "threatpost": [{"lastseen": "2021-06-10T20:47:57", "description": "Google is warning that a bug in its Chrome web browser is actively under attack, and it is urging users to upgrade to the latest 91.0.4472.101 version to mitigate the issue.\n\nIn all, Google rolled out fixes for 14 bugs impacting its Windows, Mac and Linux browsers as part of its June update [to the Chrome desktop browser](<https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html>).\n\n\u201cGoogle is aware that an exploit for CVE-2021-30551 exists in the wild,\u201d wrote Chrome technical program manager Prudhvikumar Bommana [in a Wednesday post](<https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html>). That exploit is identified as a type confusion bug within Google\u2019s V8 open-source JavaScript and WebAssembly engine. \n[](<https://threatpost.com/newsletter-sign/>)The confusion vulnerability is tied to the browser\u2019s ActionScript Virtual Machine. \u201cUsually, when a piece of code doesn\u2019t verify the type of object that is passed to it, and uses it blindly without type-checking, it leads to type confusion,\u201d according to a [technical description of the bug](<https://www.microsoft.com/security/blog/2015/06/17/understanding-type-confusion-vulnerabilities-cve-2015-0336/#:~:text=The%20vulnerability%20is%20a%20%E2%80%9Ctype,it%20leads%20to%20type%20confusion.>).\n\n## **Possible Wider Impact of Exploited Chrome Browser Bug **\n\nThe update coincides with the release of the Android Chrome browser to Chrome 91 (91.0.4472.101), also [on Wednesday](<https://chromereleases.googleblog.com/2021/06/chrome-for-android-update_01297860997.html>). While the desktop and mobile versions of the Chrome web browser share the same version number, it is unclear if the updated Android Chrome browser is impacted by the same vulnerabilities.\n\nAlso unclear is if Microsoft\u2019s Edge browser, based on the Chromium open-source browser codebase (principally developed and maintained by Google), is also impacted.\n\nIn related news, on Tuesday, Microsoft released a patch for vulnerabilities under active attack, including [CVE-2021-33742](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33742>), impacting its Edge browser. That bug [is a remote-code execution](<https://threatpost.com/microsoft-patch-tuesday-in-the-wild-exploits/166724/>) (RCE) vulnerability within the Edge browser\u2019s MSHTML component.\n\n\u201cThe MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control,\u201d Microsoft explained.\n\n## **Critical Browser Cache Bug: CVE-2021-30544**\n\nAs part of the June Chrome update, Google patched a critical use-after-free bug (CVE-2021-30544) within the browser\u2019s optimization engine called BFCache. This browser component enables back-and-forward navigation between cached webpages within Chrome.\n\nAs customary with recently disclosed bugs, Google did not release the details tied to any of the vulnerabilities patched Wednesday. \u201cAccess to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven\u2019t yet fixed,\u201d the Google advisory stated.\n\nGoogle credits Rong Jian and Guang Gong of 360 Alpha Lab for finding the BFCache bug in May. For their bug hunting efforts, the pair earned $25,000.\n\n**Download our exclusive FREE Threatpost Insider eBook, ****_\u201c_**[**_2021: The Evolution of Ransomware_**](<https://threatpost.com/ebooks/2021-the-evolution-of-ransomware/?utm_source=April_eBook&utm_medium=ART&utm_campaign=ART>)**_,\u201d_**** to help hone your cyber-defense strategies against this growing scourge. We go beyond the status quo to uncover what\u2019s next for ransomware and the related emerging risks. Get the whole story and **[**DOWNLOAD**](<https://threatpost.com/ebooks/2021-the-evolution-of-ransomware/?utm_source=April_eBook&utm_medium=ART&utm_campaign=ART>)** the eBook now \u2013 on us!**\n", "cvss3": {}, "published": "2021-06-10T20:07:53", "type": "threatpost", "title": "Chrome Browser Bug Under Active Attack", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2015-0336", "CVE-2021-30544", "CVE-2021-30551", "CVE-2021-33742"], "modified": "2021-06-10T20:07:53", "id": "THREATPOST:DE317ED7C5E4858FE861A15F96F6BCFD", "href": "https://threatpost.com/chrome-browser-bug-under-attack/166804/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-15T11:25:30", "description": "Threat actors used a Safari zero-day flaw to send malicious links to government officials in Western Europe via LinkedIn before researchers from Google discovered and reported the vulnerability.\n\nThat\u2019s the word from researchers from Google Threat Analysis Group (TAG) and Google Project Zero, who Wednesday [posted a blog](<https://blog.google/threat-analysis-group/how-we-protect-users-0-day-attacks/>) shedding more light on several zero-day flaws that they discovered so far this year. Researchers in particular detailed how attackers exploited the vulnerabilities\u2014the prevalence of which are on the rise\u2013before they were addressed by their respective vendors.\n\nTAG researchers discovered the Safari WebKit flaw, tracked as [CVE-\u200b2021-1879](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1879>), on March 19. The vulnerability allowed for the processing of maliciously crafted web content for universal cross site scripting and was addressed by Apple in [an update](<https://support.apple.com/en-us/HT212256>) later that month.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nBefore the fix, researchers assert Russian-language threat actors were exploiting the vulnerability in the wild by using LinkedIn Messaging to send government officials from Western European countries malicious links that could collect website-authentication cookies, according to the post by Maddie Stone and Clement Lecigne from Google TAG.\n\n\u201cIf the target visited the link from an iOS device, they would be redirected to an attacker-controlled domain that served the next-stage payloads,\u201d they wrote.\n\nThe exploit, which targeted iOS versions 12.4 through 13.7, would turn off [Same-Origin-Policy](<https://en.wikipedia.org/wiki/Same-origin_policy>) protections on an infected device to collect authentication cookies from several popular websites\u2013including Google, Microsoft, LinkedIn, Facebook and Yahoo\u2013and then send them via WebSocket to an attacker-controlled IP, researchers wrote. The victim would need to have a session open on these websites from Safari for cookies to be successfully exfiltrated.\n\nMoreover, the campaign targeting iOS devices coincided with others from the same threat actor\u2014which Microsoft has identified as Nobelium\u2013targeting users on Windows devices to deliver Cobalt Strike, researchers wrote. Security firm Volexity described one of these attacks [in a report](<https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/>) posted online in May, the researchers added.\n\nNobellium is believed to be a Russia-based threat group responsible for the [expansive cyber-espionage SolarWinds](<https://threatpost.com/feds-russia-culprit-solarwinds/162785/>) campaign, which affected numerous U.S. government agencies and tech companies, including Microsoft.\n\n## **Other Zero-Day Attacks**\n\nGoogle researchers also linked three additional zero-day flaws they identified this year to a commercial surveillance vendor, according to [Google TAG\u2019s Shane Huntley](<https://twitter.com/ShaneHuntley/status/1415340345500463113>). Two of those vulnerabilities\u2013[CVE-2021-21166](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21166>) and [CVE-2021-30551](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30551>)\u2014were found in Chrome, and one, tracked as [CVE-2021-33742](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33742>), in Internet Explorer.\n\nCVE-2021-21166 and CVE-2021-30551, two Chrome rendered remote-code execution (RCE) flaws, were identified separately but later believed to be used by the same actor, researchers wrote in the blog. Google researchers discovered the former in February and the latter in June.\n\n\u201cBoth of these 0-days were delivered as one-time links sent by email to the targets, all of whom we believe were in Armenia,\u201d Stone and Lecigne wrote. \u201cThe links led to attacker-controlled domains that mimicked legitimate websites related to the targeted users.\u201d\n\nWhen prospective victims clicked the link, they were redirected to a webpage that would fingerprint their device, collect system information about the client, and generate ECDH keys to encrypt the exploits, researchers wrote. This info\u2014which included screen resolution, timezone, languages, browser plugins, and available MIME types\u2014would then be sent back to the exploit server and used by attackers to decide whether or not an exploit should be delivered to the target, they said.\n\nResearchers also identified a separate campaigned in April that also targeted Armenian users by leveraging CVE-2021-26411, an RCE bug found in Internet Explorer (IE). The campaign loaded web content within IE that contained malicious Office documents, researchers wrote.\n\n\u201cThis happened by either embedding a remote ActiveX object using a Shell.Explorer.1 OLE object or by spawning an Internet Explorer process via VBA macros to navigate to a web page,\u201d Stone and Lecigne explained.\n\nAt the time, researchers said they were unable to recover the next-stage payload, but successfully recovered the exploit after discovering an early June campaign from the same actors. Microsoft patched the flaw later that month, they said.\n\n\n\nClick to Zoom CREDIT: TAG\n\n## **Why There is an Increase in Zero-Days?**\n\nAll in all, security researchers have identified 33 [zero-day flaws](<https://threatpost.com/kaseya-patches-zero-days-revil-attacks/167670/>) so far in 2021, which is 11 more than the total number from 2020, according to the post.\n\nWhile that trend reflects an increase in the number of these types of vulnerabilities that exist, Google researchers \u201cbelieve greater detection and disclosure efforts are also contributing to the upward trend,\u201d they wrote.\n\nStill, it\u2019s highly possible that attackers are indeed using more [zero-day exploits](<https://threatpost.com/zero-day-wipe-my-book-live/167422/>) for a few reasons, researchers noted. One is that the increase and maturation of security technologies and features means attackers also have to level up, which in turn requires more [zero-day vulnerabilities](<https://threatpost.com/solarwinds-hotfix-zero-day-active-attack/167704/>) for functional attack chains, they said.\n\nThe growth of mobile platforms also has resulted in an increase in the number of products that threat actors want to target\u2014hence more reason to use zero-day exploits, researchers observed. Perhaps inspired by this increase in demand, commercial vendors also are selling more access to zero-days than in the early 2010s, they said.\n\nFinally, the maturation of security protections and strategies also inspires sophistication on the part of attackers as well, boosting the need for them to use zero-day flaws to convince victims to install malware, researchers noted.\n\n\u201cDue to advancements in security, these actors now more often have to use 0-day exploits to accomplish their goals,\u201d Stone and Lecigne wrote.\n\n_**Check out our free **_[_**upcoming live and on-demand webinar events**_](<https://threatpost.com/category/webinars/>)_** \u2013 unique, dynamic discussions with cybersecurity experts and the Threatpost community.**_\n", "cvss3": {}, "published": "2021-07-15T11:04:49", "type": "threatpost", "title": "Safari Zero-Day Used in Malicious LinkedIn Campaign", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-1879", "CVE-2021-21166", "CVE-2021-26411", "CVE-2021-30551", "CVE-2021-33742"], "modified": "2021-07-15T11:04:49", "id": "THREATPOST:EA23582BD77C428ACE9B9DB7D5741EB6", "href": "https://threatpost.com/safari-zero-day-linkedin/167814/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-06-08T22:18:00", "bulletinFamily": "info", "cvelist": ["CVE-2021-21224", "CVE-2021-28550", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31955", "CVE-2021-31956", "CVE-2021-31963", "CVE-2021-31968", "CVE-2021-31985", "CVE-2021-33739", "CVE-2021-33742"], "description": "Microsoft jumped on 50 vulnerabilities in this month\u2019s [Patch Tuesday update](<https://msrc.microsoft.com/update-guide>), issuing fixes for CVEs in Microsoft Windows, .NET Core and Visual Studio, Microsoft Office, Microsoft Edge (Chromium-based and EdgeHTML), SharePoint Server, Hyper-V, Visual Studio Code \u2013 Kubernetes Tools, Windows HTML Platform, and Windows Remote Desktop.\n\nFive of the CVEs are rated Critical and 45 are rated Important in severity. Microsoft reported that six of the bugs are currently under active attack, while three are publicly known at the time of release.\n\nThe number might seem light \u2013 it represents six fewer patches than Microsoft [released in May](<https://threatpost.com/wormable-windows-bug-dos-rce/166057/>) \u2013 but the number of critical vulnerabilities ticked up to five month-over-month.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nThose actively exploited vulnerabilities can enable an attacker to hijack a system. They have no workarounds, so some security experts are recommending that they be patched as the highest priority.\n\nThe six CVEs under active attack in the wild include four elevation of privilege vulnerabilities, one information disclosure vulnerability and one remote code execution (RCE) vulnerability.\n\n## Critical Bugs of Note\n\n[CVE-2021-31985](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31985>) is a critical RCE vulnerability in Microsoft\u2019s Defender antimalware software that should grab attention. A similar, critical bug in Defender was [patched in January](<https://threatpost.com/critical-microsoft-defender-bug-exploited/162992/>). The most serious of the year\u2019s first Patch Tuesday, that earlier Defender bug was an RCE vulnerability that came under active exploit.\n\nAnother critical flaw is [CVE-2021-31963](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31963>), a Microsoft SharePoint Server RCE vulnerability. Jay Goodman, director of product marketing at Automox, said in a [blog post](<https://blog.automox.com/automox-experts-weigh-in-june-patch-tuesday-2021>) that an attacker exploiting this vulnerability \u201ccould take control of a system where they would be free to install programs, view or change data, or create new accounts on the target system with full user rights.\u201d \nWhile Microsoft reports that this vulnerability is less likely to be exploited,Goodman suggested that organizations don\u2019t let it slide: \u201cPatching critical vulnerabilities in the 72-hour window before attackers can weaponize is an important first step to maintaining a safe and secure infrastructure,\u201d he observed.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2021/06/08141612/Sophos-impact-chart-June-21-patch-Tuesday-e1623176186946.png>)\n\nA year-to-date summary of 2021 Microsoft vulnerability releases as of June. Source: Sophos\n\n## Bugs Exploited in the Wild\n\nMicrosoft fixed a total of seven zero-day vulnerabilities. One was [CVE-2021-31968](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31968>), Windows Remote Desktop Services Denial of Service Vulnerability that was publicly disclosed but hasn\u2019t been seen in attacks. It was issued a CVSS score of 7.5.\n\nThese are the six flaws that MIcrosoft said are under active attack, all of them also zero days.\n\n * [CVE-2021-31955](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31955>) \u2013 Windows Kernel Information Disclosure Vulnerability. Rating: Important. CVSS 5.5\n * [CVE-2021-31956](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31956>) \u2013 Windows NTFS Elevation of Privilege Vulnerability. Rating: Important. CVSS 7.8\n * [CVE-2021-33739](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33739>) \u2013 Microsoft DWM Core Library Elevation of Privilege Vulnerability. Rating: Important. CVSS 8.4\n * [CVE-2021-33742](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33742>) \u2013 Windows MSHTML Platform Remote Code Execution Vulnerability. Rating: **Critical**. CVSS 7.5\n * [CVE-2021-31199](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31199>) \u2013 Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability. Rating: Important. CVSS 5.2\n * [CVE-2021-31201](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31201>) \u2013 Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability. Rating: Important. CVSS 5.2\n\n## CVE-2021-33742\n\nThis RCE vulnerability exploits MSHTML, a component used by the Internet Explorer engine to read and display content from websites.The bug could allow an attacker to execute code on a target system if a user views specially crafted web content. The [Zero Day Initiative](<https://www.zerodayinitiative.com/blog/2021/6/8/the-june-2021-security-update-review>)\u2018s (ZDI\u2019s) Dustin Childs noted in his Patch Tuesday analysis that since the vulnerability is in the Trident (MSHTML) engine itself, many different applications are affected, not just Internet Explorer. \u201cIt\u2019s not clear how widespread the active attacks are, but considering the vulnerability impacts all supported Windows versions, this should be at the top of your test and deploy list,\u201d he recommended.\n\nThe vulnerability doesn\u2019t require special privilege to exploit, though the attack complexity is high, if that\u2019s any consolation. An attacker would need to do some extra legwork to pull it off, noted Satnam Narang, staff research engineer at Tenable, in an email to Threatpost on Tuesday.\n\nImmersive Labs\u2019 Kevin Breen, director of cyber threat research, noted that visiting a website in a vulnerable browser is \u201ca simple way for attackers to deliver this exploit.\u201d He told Threatpost via email on Tuesday that since the library is used by other services and applications, \u201cemailing HTML files as part of a phishing campaign is also a viable method of delivery.\u201d\n\n[Sophos decreed](<https://news.sophos.com/en-us/2021/06/08/six-in-the-wild-exploits-patched-in-microsofts-june-security-fix-release/>) this one to be the top concern of this month\u2019s crop, given that it\u2019s already being actively exploited by malicious actors.\n\n## CVE-2021-31955, CVE-2021-31956: Used in PuzzleMaker Targeted Malware\n\nCVE-2021-31955 is an information disclosure vulnerability in the Windows Kernel, while CVE-2021-31956 is an elevation of privilege vulnerability in Windows NTFS. The ZDI\u2019s Childs noted that CVE-2021-31956 was reported by the same researcher who found CVE-2021-31955, an information disclosure bug also listed as under active attack. They could be linked, he suggested: \u201cIt\u2019s possible these bugs were used in conjunction, as that is a common technique \u2013 use a memory leak to get the address needed to escalate privileges. These bugs are important on their own and could be even worse when combined. Definitely prioritize the testing and deployment of these patches.\u201d\n\nHe was spot-on. On Tuesday, Kaspersky announced that its researchers had discovered a highly targeted malware campaign launched in April against multiple companies, in which a previously unknown threat actor used a chain of Chrome and Windows zero-day exploits: Namely, these two.\n\nIn a press release, Kaspersky said that one of the exploits was used for RCE in the Google Chrome web browser, while the other was an elevation of privilege exploit fine-tuned to target \u201cthe latest and most prominent builds\u201d of Windows 10.\n\n\u201cRecent months have seen a wave of advanced threat activity exploiting zero-days in the wild,\u201d according to the release. \u201cIn mid-April, Kaspersky experts discovered yet a new series of highly targeted exploit attacks against multiple companies that allowed the attackers to stealthily compromise the targeted networks.\u201d\n\nKaspersky hasn\u2019t yet found a connection between these attacks and any known threat actors, so it\u2019s gone ahead and dubbed the actor PuzzleMaker. It said that all the attacks were conducted through Chrome and used an exploit that allowed for RCE. Kaspersky researchers weren\u2019t able to retrieve the code for the exploit, but the timeline and availability suggests the attackers were using the now-patched [CVE-2021-21224](<https://www.cvedetails.com/cve/CVE-2021-21224>) vulnerability in Chrome and Chromium browsers that allows attackers to exploit the Chrome renderer process (the processes that are responsible for what happens inside users\u2019 tabs).\n\nKaspersky experts did find and analyze the second exploit, however: An elevation of privilege exploit that exploits two distinct vulnerabilities in the Microsoft Windows OS kernel: CVE-2021-31955 and CVE-2021-31956. The CVE-2021-31955 bug \u201cis affiliated with SuperFetch, a feature first introduced in Windows Vista that aims to reduce software loading times by pre-loading commonly used applications into memory,\u201d they explained.\n\nThe second flaw, CVE-2021-31956, is an Elevation of Privilege vulnerability and heap-based buffer overflow. Kaspersky said that attackers used this vulnerability alongside Windows Notification Facility (WNF) \u201cto create arbitrary memory read/write primitives and execute malware modules with system privileges.\u201d\n\n\u201cOnce the attackers have used both the Chrome and Windows exploits to gain a foothold in the targeted system, the stager module downloads and executes a more complex malware dropper from a remote server,\u201d they continued. \u201cThis dropper then installs two executables, which pretend to be legitimate files belonging to Microsoft Windows OS. The second of these two executables is a remote shell module, which is able to download and upload files, create processes, sleep for certain periods of time, and delete itself from the infected system.\u201d\n\nBoris Larin, senior security researcher with Kaspersky\u2019s Global Research and Analysis Team (GReAT), said that the team hasn\u2019t been able to link these highly targeted attacks to any known threat actor: Hence the name PuzzleMaker and the determination to closely monitor the security landscape \u201cfor future activity or new insights about this group,\u201d he was quoted as saying in the press release.\n\nIf the current trend is any indication, expect to see more of the same, Larin said. \u201cOverall, of late, we\u2019ve been seeing several waves of high-profile threat activity being driven by zero-day exploits,\u201d he said. \u201cIt\u2019s a reminder that zero days continue to be the most effective method for infecting targets. Now that these vulnerabilities have been made publicly known, it\u2019s possible that we\u2019ll see an increase of their usage in attacks by this and other threat actors. That means it\u2019s very important for users to download the latest patch from Microsoft as soon as possible.\u201d\n\n## CVE-2021-31199/CVE-2021-31201\n\nThe two Enhanced Cryptographic Provider Elevation of Privilege vulnerabilities are linked to the Adobe Reader bug that [came under active attack](<https://threatpost.com/adobe-zero-day-bug-acrobat-reader/166044/>) last month (CVE-2021-28550), ZDI explained. \u201cIt\u2019s common to see privilege escalation paired with code execution bugs, and it seems these two vulnerabilities were the privilege escalation part of those exploits,\u201d he explained. \u201cIt is a bit unusual to see a delay between patch availability between the different parts of an active attack, but good to see these holes now getting closed.\u201d\n\n## CVE-2021-33739\n\nBreen noted that privilege escalation vulnerabilities such as this one in the Microsoft DWM Core Library are just as valuable to attackers as RCEs. \u201cOnce they have gained an initial foothold, they can move laterally across the network and uncover further ways to escalate to system or domain-level access,\u201d he said. \u201cThis can be hugely damaging in the event of ransomware attacks, where high privileges can enable the attackers to stop or destroy backups and other security tools.\u201d\n\n**Download our exclusive FREE Threatpost Insider eBook, ****_\u201c_**[**_2021: The Evolution of Ransomware_**](<https://threatpost.com/ebooks/2021-the-evolution-of-ransomware/?utm_source=April_eBook&utm_medium=ART&utm_campaign=ART>)**_,\u201d_**** to help hone your cyber-defense strategies against this growing scourge. We go beyond the status quo to uncover what\u2019s next for ransomware and the related emerging risks. Get the whole story and **[**DOWNLOAD**](<https://threatpost.com/ebooks/2021-the-evolution-of-ransomware/?utm_source=April_eBook&utm_medium=ART&utm_campaign=ART>)** the eBook now \u2013 on us!**\n", "modified": "2021-06-08T21:45:12", "published": "2021-06-08T21:45:12", "id": "THREATPOST:61CC1EAC83030C2B053946454FE77AC3", "href": "https://threatpost.com/microsoft-patch-tuesday-in-the-wild-exploits/166724/", "type": "threatpost", "title": "Microsoft Patch Tuesday Fixes 6 In-The-Wild Exploits", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "thn": [{"lastseen": "2021-07-15T14:34:30", "description": "[](<https://thehackernews.com/images/-xmPJ5TMTpac/YO_wfpf1LkI/AAAAAAAADM4/xSKsZYAbLBYJjYvNQilqUM9z0lf0Rx7_gCLcBGAsYHQ/s0/chrome.jpg>)\n\nThreat intelligence researchers from Google on Wednesday [shed more light](<https://blog.google/threat-analysis-group/how-we-protect-users-0-day-attacks/>) on four in-the-wild zero-days in Chrome, Safari, and Internet Explorer browsers that were exploited by malicious actors in different campaigns since the start of the year.\n\nWhat's more, three of the four zero-days were engineered by commercial providers and sold to and used by government-backed actors, contributing to an uptick in real-world attacks. The list of now-patched vulnerabilities is as follows -\n\n * [**CVE-2021-1879**](<https://thehackernews.com/2021/03/apple-issues-urgent-patch-update-for.html>): Use-After-Free in QuickTimePluginReplacement (Apple WebKit)\n * [**CVE-2021-21166**](<https://thehackernews.com/2021/03/new-chrome-0-day-bug-under-active.html>): Chrome Object Lifecycle Issue in Audio\n * [**CVE-2021-30551**](<https://thehackernews.com/2021/06/new-chrome-0-day-bug-under-active.html>): Chrome Type Confusion in V8\n * [**CVE-2021-33742**](<https://thehackernews.com/2021/06/update-your-windows-computers-to-patch.html>): Internet Explorer out-of-bounds write in MSHTML\n\nBoth Chrome zero-days \u2014 CVE-2021-21166 and CVE-2021-30551 \u2014 are believed to have been used by the same actor, and were delivered as one-time links sent via email to targets located in Armenia, with the links redirecting unsuspecting users to attacker-controlled domains that masqueraded as legitimate websites of interest to the recipients.\n\n[](<https://go.thn.li/1-free-300-7> \"Stack Overflow Teams\" )\n\nThe malicious websites took charge of fingerprinting the devices, including collecting system information about the clients, before delivering a second-stage payload.\n\nWhen Google rolled out a patch for CVE-2021-30551, Shane Huntley, Director of Google's Threat Analysis Group (TAG), revealed that the vulnerability was leveraged by the same actor that abused CVE-2021-33742, an actively exploited remote code execution flaw in Windows MSHTML platform that was addressed by Microsoft as part of its [Patch Tuesday update](<https://thehackernews.com/2021/06/update-your-windows-computers-to-patch.html>) on June 8.\n\nThe two zero-days were provided by a commercial exploit broker to a nation-state adversary, which used them in limited attacks against targets in Eastern Europe and the Middle East, Huntley previously added.\n\n[](<https://thehackernews.com/images/--ol-CfJ3-bE/YO_tDkpfuNI/AAAAAAAADMw/bonGU0wpX_QzAsMNe5_Eh_0_Nb4OAma_QCLcBGAsYHQ/s0/zero-day.jpg>)\n\nNow according to a technical report published by the team, all the three zero-days were \"developed by the same commercial surveillance company that sold these capabilities to two different government-backed actors,\" adding the Internet Explorer flaw was used in a campaign targeting Armenian users with malicious Office documents that loaded web content within the web browser.\n\nGoogle did not disclose the identities of the exploit broker or the two threat actors that used the vulnerabilities as part of their attacks.\n\n## SolarWinds Hackers Exploited iOS Zero-Day\n\nThe Safari zero-day, in contrast, concerned a WebKit flaw that could enable adversaries to process maliciously crafted web content that may result in universal cross-site scripting attacks. The issue was rectified by Apple on March 26, 2021.\n\nAttacks leveraging CVE-2021-1879, which Google attributed to a \"likely Russian government-backed actor,\" were executed by means of sending malicious links to government officials over LinkedIn that, when clicked from an iOS device, redirected the user to a rogue domain that served the next-stage payloads.\n\n[](<https://go.thn.li/privileged_728> \"Prevent Data Breaches\" )\n\nIt's worth noting that the offensive also mirrors a [wave of targeted attacks](<https://thehackernews.com/2021/05/solarwinds-hackers-target-think-tanks.html>) unleashed by Russian hackers tracked as Nobelium, which was found abusing the vulnerability to strike government agencies, think tanks, consultants, and non-governmental organizations as part of an email phishing campaign.\n\nNobelium, a threat actor linked to the Russian Foreign Intelligence Service (SVR), is also suspected of orchestrating the [SolarWinds supply chain attack](<https://thehackernews.com/2020/12/us-agencies-and-fireeye-were-hacked.html>) late last year. It's known by other aliases such as APT29, UNC2452 (FireEye), SolarStorm (Unit 42), StellarParticle (Crowdstrike), Dark Halo (Volexity), and Iron Ritual (Secureworks).\n\n\"Halfway into 2021, there have been [33 zero-day exploits](<https://googleprojectzero.github.io/0days-in-the-wild/rca.html>) used in attacks that have been publicly disclosed this year \u2014 11 more than the total number from 2020,\" TAG researchers Maddie Stone and Clement Lecigne noted. \"While there is an increase in the number of zero-day exploits being used, we believe greater detection and disclosure efforts are also contributing to the upward trend.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {}, "published": "2021-07-15T08:25:00", "type": "thn", "title": "Google Details iOS, Chrome, IE Zero-Day Flaws Exploited Recently in the Wild", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-1879", "CVE-2021-21166", "CVE-2021-30551", "CVE-2021-33742"], "modified": "2021-07-15T12:45:33", "id": "THN:BBBFDA7EEE18F813A5DA572FD390D528", "href": "https://thehackernews.com/2021/07/google-details-ios-chrome-ie-zero-day.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-06-10T10:29:53", "bulletinFamily": "info", "cvelist": ["CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-30551", "CVE-2021-33742"], "description": "[](<https://thehackernews.com/images/--v2cn8JGV00/YMGRd9cFvrI/AAAAAAAACz4/i5Stk6m4GEgwbul82T6lZeEbdMMNfofJQCLcBGAsYHQ/s0/chrome-zero-day-vulnerability.jpg>)\n\nAttention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update it immediately to the latest version Google released earlier today.\n\nThe internet services company has rolled out an urgent update to the browser to address 14 newly discovered security issues, including a zero-day flaw that it says is being actively exploited in the wild.\n\nTracked as [CVE-2021-30551](<https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html>), the vulnerability stems from a type confusion issue in its V8 open-source and JavaScript engine. Sergei Glazunov of Google Project Zero has been credited with discovering and reporting the flaw.\n\n[](<https://go.thn.li/s-header-300-4> \"Stack Overflow Teams\" )\n\nAlthough the search giant's Chrome team issued a terse statement acknowledging \"an exploit for CVE-2021-30551 exists in the wild,\" Shane Huntley, Director of Google's Threat Analysis Group, [hinted](<https://twitter.com/ShaneHuntley/status/1402712986289016835>) that the vulnerability was leveraged by the same actor that abused [CVE-2021-33742](<https://thehackernews.com/2021/06/update-your-windows-computers-to-patch.html>), an actively exploited remote code execution flaw in Windows MSHTML platform that was addressed by Microsoft as part of its Patch Tuesday update on June 8.\n\n[](<https://thehackernews.com/images/-XI4fkisfDp0/YMGPq0RtpKI/AAAAAAAACzw/d0mpshr20nw2j--sOXxBrrTJIj2IP95ewCLcBGAsYHQ/s0/chrome-zero-day.jpg>)\n\nThe two zero-days are said to have been provided by a commercial exploit broker to a nation-state actor, which used them in limited attacks against targets in Eastern Europe and the Middle East, Huntley said.\n\nMore technical details about the nature of the attacks are to be released in the coming weeks so as to allow a majority of the users to install the update and prevent other threat actors from creating exploits targeting the flaw.\n\n[](<https://go.thn.li/ransomware_728> \"Prevent Ransomware Attacks\" )\n\nWith the latest fix, Google has addressed a total of seven zero-days in Chrome since the start of the year \u2014\n\n * [**CVE-2021-21148**](<https://thehackernews.com/2021/02/new-chrome-browser-0-day-under-active.html>) \\- Heap buffer overflow in V8\n * [**CVE-2021-21166**](<https://thehackernews.com/2021/03/new-chrome-0-day-bug-under-active.html>) \\- Object recycle issue in audio\n * [**CVE-2021-21193**](<https://thehackernews.com/2021/03/another-google-chrome-0-day-bug-found.html>) \\- Use-after-free in Blink\n * [**CVE-2021-21206**](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Use-after-free in Blink\n * [**CVE-2021-21220**](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Insufficient validation of untrusted input in V8 for x86_64\n * [**CVE-2021-21224**](<https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html>) \\- Type confusion in V8\n\nChrome users can update to the latest version (91.0.4472.101) by heading to Settings &gt; Help &gt; About Google Chrome to mitigate the risk associated with the flaw.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "modified": "2021-06-10T10:25:50", "published": "2021-06-10T04:14:00", "id": "THN:7D7C05739ECD847B8CDEEAF930C51BF8", "href": "https://thehackernews.com/2021/06/new-chrome-0-day-bug-under-active.html", "type": "thn", "title": "New Chrome 0-Day Bug Under Active Attacks \u2013 Update Your Browser ASAP!", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-06-09T18:30:03", "description": "[](<https://thehackernews.com/images/-Oinzu8T6SmI/YMBZ7WkhbJI/AAAAAAAACzI/kVA4Ura4Yl4MrNb_jPNPBtgjkBj1DSs1wCLcBGAsYHQ/s0/microsoft-windows-update.jpg>)\n\nMicrosoft on Tuesday released another round of [security updates](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Jun>) for Windows operating system and other supported software, squashing 50 vulnerabilities, including six zero-days that are said to be under active attack.\n\nThe flaws were identified and resolved in Microsoft Windows, .NET Core and Visual Studio, Microsoft Office, Microsoft Edge (Chromium-based and EdgeHTML), SharePoint Server, Hyper-V, Visual Studio Code - Kubernetes Tools, Windows HTML Platform, and Windows Remote Desktop.\n\n[](<https://go.thn.li/1-728-6> \"Stack Overflow Teams\" )\n\nOf these 50 bugs, five are rated Critical, and 45 are rated Important in severity, with three of the issues publicly known at the time of release. The vulnerabilities that being actively exploited are listed below -\n\n * [**CVE-2021-33742**](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33742>) (CVSS score: 7.5) - Windows MSHTML Platform Remote Code Execution Vulnerability\n * [**CVE-2021-33739**](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33739>) (CVSS score: 8.4) - Microsoft DWM Core Library Elevation of Privilege Vulnerability\n * [**CVE-2021-31199**](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31199>) (CVSS score: 5.2) - Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability\n * [**CVE-2021-31201**](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31201>) (CVSS score: 5.2) - Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability\n * [**CVE-2021-31955**](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31955>) (CVSS score: 5.5) - Windows Kernel Information Disclosure Vulnerability\n * [**CVE-2021-31956**](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31956>) (CVSS score: 7.8) - Windows NTFS Elevation of Privilege Vulnerability\n\nMicrosoft didn't disclose the nature of the attacks, how widespread they are, or the identities of the threat actors exploiting them. But the fact that four of the six flaws are privilege escalation vulnerabilities suggests that attackers could be leveraging them as part of an infection chain to gain elevated permissions on the targeted systems to execute malicious code or leak sensitive information.\n\nThe Windows maker also noted that both CVE-2021-31201 and CVE-2021-31199 address flaws related to [CVE-2021-28550](<https://thehackernews.com/2021/05/alert-hackers-exploit-adobe-reader-0.html>), an arbitrary code execution vulnerability rectified by Adobe last month that it said was being \"exploited in the wild in limited attacks targeting Adobe Reader users on Windows.\"\n\nGoogle's Threat Analysis Group, which has been acknowledged as having reported CVE-2021-33742 to Microsoft, [said](<https://twitter.com/ShaneHuntley/status/1402320072123719690>) \"this seem[s] to be a commercial exploit company providing capability for limited nation state Eastern Europe / Middle East targeting.\"\n\nRussian cybersecurity firm Kaspersky, for its part, detailed that CVE-2021-31955 and CVE-2021-31956 were abused in a Chrome zero-day exploit chain ([CVE-2021-21224](<https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html>)) in a series of highly targeted attacks against multiple companies on April 14 and 15. The intrusions were attributed to a new threat actor dubbed \"PuzzleMaker.\"\n\n\"While we were not able to retrieve the exploit used for remote code execution (RCE) in the Chrome web browser, we were able to find and analyze an elevation of privilege (EoP) exploit that was used to escape the sandbox and obtain system privileges,\" Kaspersky Lab researchers [said](<https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/>).\n\nElsewhere, Microsoft fixed numerous remote code execution vulnerabilities spanning Paint 3D, Microsoft SharePoint Server, Microsoft Outlook, Microsoft Office Graphics, Microsoft Intune Management Extension, Microsoft Excel, and Microsoft Defender, as well as several privilege escalation flaws in Microsoft Edge, Windows Filter Manager, Windows Kernel, Windows Kernel-Mode Driver, Windows NTLM Elevation, and Windows Print Spooler.\n\n[](<https://go.thn.li/auth_728> \"Enterprise Password Management\" )\n\nTo install the latest security updates, Windows users can head to Start &gt; Settings &gt; Update &amp; Security &gt; Windows Update or by selecting Check for Windows updates.\n\n### Software Patches From Other Vendors\n\nAlongside Microsoft, a number of other vendors have also released a slew of patches on Tuesday, including \u2014\n\n * [Adobe](<https://helpx.adobe.com/security.html>)\n * [Android](<https://source.android.com/security/bulletin/2021-06-01>)\n * [Dell](<https://www.dell.com/support/security/>)\n * [Intel](<https://blogs.intel.com/technology/2021/06/intel-security-advisories-for-june-2021/>)\n * Linux distributions [SUSE](<https://lists.suse.com/pipermail/sle-security-updates/2021-June/thread.html>), [Oracle Linux](<https://linux.oracle.com/ords/f?p=105:21>), and [Red Hat](<https://access.redhat.com/security/security-updates/#/security-advisories?q=&p=2&sort=portal_publication_date%20desc&rows=10&portal_advisory_type=Security%20Advisory&documentKind=Errata>)\n * [SAP](<https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999>) (with cybersecurity firm Onapsis [credited](<https://onapsis.com/blog/sap-security-patch-day-june-2021-multiple-memory-corruption-vulnerabilities-can-lead-system>) with identifying 20 of the 40 remediated flaws)\n * [Schneider Electric](<https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp>), and\n * [Siemens](<https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications>)\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {}, "published": "2021-06-09T06:07:00", "type": "thn", "title": "Update Your Windows Computers to Patch 6 New In-the-Wild Zero-Day Bugs", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-21224", "CVE-2021-28550", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31955", "CVE-2021-31956", "CVE-2021-33739", "CVE-2021-33742"], "modified": "2021-06-09T16:52:54", "id": "THN:1DDE95EA33D4D9F304973569FC787451", "href": "https://thehackernews.com/2021/06/update-your-windows-computers-to-patch.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "krebs": [{"lastseen": "2021-06-15T08:32:06", "description": "**Microsoft** today released another round of security updates for **Windows** operating systems and supported software, _including fixes for six zero-day bugs that malicious hackers already are exploiting in active attacks._\n\n\n\nJune&#x27;s Patch Tuesday addresses just 49 security holes -- about half the normal number of vulnerabilities lately. But what this month lacks in volume it makes up for in urgency: Microsoft warns that bad guys are leveraging a half-dozen of those weaknesses to break into computers in targeted attacks.\n\nAmong the zero-days are:\n\n-[CVE-2021-33742](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33742>), a remote code execution bug in a Windows HTML component. \n-[CVE-2021-31955](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31955>), an information disclosure bug in the Windows Kernel \n-[CVE-2021-31956](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31956>), an elevation of privilege flaw in Windows NTFS \n-[CVE-2021-33739](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33739>), an elevation of privilege flaw in the Microsoft Desktop Window Manager \n-[CVE-2021-31201](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31201>), an elevation of privilege flaw in the Microsoft Enhanced Cryptographic Provider \n-[CVE-2021-31199](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31199>), an elevation of privilege flaw in the Microsoft Enhanced Cryptographic Provider\n\n**Kevin Breen**, director of cyber threat research at **Immersive Labs**, said elevation of privilege flaws are just as valuable to attackers as remote code execution bugs: Once the attacker has gained an initial foothold, he can move laterally across the network and uncover further ways to escalate to system or domain-level access.\n\n&quot;This can be hugely damaging in the event of ransomware attacks, where high privileges can enable the attackers to stop or destroy backups and other security tools,&quot; Breen said. &quot;The &#x27;exploit detected&#x27; tag means attackers are actively using them, so for me, it\u2019s the most important piece of information we need to prioritize the patches.&quot;\n\nMicrosoft also patched five critical bugs -- flaws that can be remotely exploited to seize control over the targeted Windows computer without any help from users. [CVE-2021-31959](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31959>) affects everything from **Windows 7** through **Windows 10** and **Server** versions **2008**,** 2012**, **2016** and **2019**.\n\n**Sharepoint** also got a critical update in [CVE-2021-31963](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31963>); Microsoft says this one is less likely to be exploited, but then critical Sharepoint flaws are a favorite target of ransomware criminals.\n\nInterestingly, two of the Windows zero-day flaws -- CVE-2021-31201 and CVE-2021-31199 -- are related to a patch **Adobe** released recently for [CVE-2021-28550](<https://helpx.adobe.com/security/products/acrobat/apsb21-29.html>), a flaw in **Adobe Acrobat** and **Reader** that also is being actively exploited.\n\n&quot;Attackers have been seen exploiting these vulnerabilities by sending victims specially crafted PDFs, often attached in a phishing email, that when opened on the victim&#x27;s machine, the attacker is able to gain arbitrary code execution,&quot; said** Christopher Hass**, director of information security and research at **Automox**. &quot;There are no workarounds for these vulnerabilities, patching as soon as possible is highly recommended.&quot;\n\nIn addition to updating Acrobat and Reader, Adobe patched flaws in a slew of other products today, including **Adobe Connect,** **Photoshop**, and **Creative Cloud**. The full list is [here](<https://helpx.adobe.com/security.html>), with links to updates.\n\nThe usual disclaimer:\n\nBefore you update with this month\u2019s patch batch, please make sure you have backed up your system and/or important files. It\u2019s not uncommon for Windows updates to hose one\u2019s system or prevent it from booting properly, and some updates even have been known to erase or corrupt files.\n\nSo do yourself a favor and backup _before_ installing any patches. Windows 10 even has [some built-in tools](<https://lifehacker.com/how-to-back-up-your-computer-automatically-with-windows-1762867473>) to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.\n\nAnd if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, see [this guide](<https://www.computerworld.com/article/3543189/check-to-make-sure-you-have-windows-updates-paused.html>).\n\nAs always, if you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there\u2019s a better-than-even chance other readers have experienced the same and may chime in here with some helpful tips.\n\nFor a quick visual breakdown of each update released today and its severity level, check out the [this Patch Tuesday post](<https://isc.sans.edu/forums/diary/Microsoft+June+2021+Patch+Tuesday/27506/>) from the **SANS Internet Storm Center**.", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-08T20:53:28", "type": "krebs", "title": "Microsoft Patches Six Zero-Day Security Holes", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28550", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31955", "CVE-2021-31956", "CVE-2021-31959", "CVE-2021-31963", "CVE-2021-33739", "CVE-2021-33742"], "modified": "2021-06-08T20:53:28", "id": "KREBS:E374075CAB55D7AB06EBD73CB87D33CD", "href": "https://krebsonsecurity.com/2021/06/microsoft-patches-six-zero-day-security-holes/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-07-29T03:55:27", "description": "The remote Windows host is missing security update 5003695. It is, therefore, affected by multiple vulnerabilities", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-08T00:00:00", "title": "KB5003695: Windows Server 2008 Security Update (June 2021)", "type": "nessus", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31973", "CVE-2021-31954", "CVE-2021-31953", "CVE-2021-31201", "CVE-2021-31199", "CVE-2021-26414", "CVE-2021-1675", "CVE-2021-31971", "CVE-2021-33742", "CVE-2021-31958", "CVE-2021-31962", "CVE-2021-31956"], "modified": "2021-06-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_JUN_5003695.NASL", "href": "https://www.tenable.com/plugins/nessus/150357", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150357);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/16\");\n\n script_cve_id(\n \"CVE-2021-1675\",\n \"CVE-2021-26414\",\n \"CVE-2021-31199\",\n \"CVE-2021-31201\",\n \"CVE-2021-31953\",\n \"CVE-2021-31954\",\n \"CVE-2021-31956\",\n \"CVE-2021-31958\",\n \"CVE-2021-31962\",\n \"CVE-2021-31971\",\n \"CVE-2021-31973\",\n \"CVE-2021-33742\"\n );\n script_xref(name:\"MSKB\", value:\"5003661\");\n script_xref(name:\"MSKB\", value:\"5003695\");\n script_xref(name:\"MSFT\", value:\"MS21-5003661\");\n script_xref(name:\"MSFT\", value:\"MS21-5003695\");\n script_xref(name:\"IAVA\", value:\"2021-A-0280-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0279-S\");\n\n script_name(english:\"KB5003695: Windows Server 2008 Security Update (June 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5003695. It is, therefore, affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5003695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5003661\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update 5003695\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31956\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-06';\nkbs = make_list(\n '5003695',\n '5003661'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.0', \n sp:2,\n rollup_date:'06_2021',\n bulletin:bulletin,\n rollup_kb_list:[5003695, 5003661])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-29T03:55:27", "description": "The remote Windows host is missing security update 5003694. It is, therefore, affected by multiple vulnerabilities", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-08T00:00:00", "title": "KB5003694: Windows Server 2008 R2 Security Update (June 2021)", "type": "nessus", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31973", "CVE-2021-31954", "CVE-2021-31953", "CVE-2021-31201", "CVE-2021-31199", "CVE-2021-26414", "CVE-2021-1675", "CVE-2021-31971", "CVE-2021-33742", "CVE-2021-31968", "CVE-2021-31958", "CVE-2021-31959", "CVE-2021-31962", "CVE-2021-31956"], "modified": "2021-06-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_JUN_5003694.NASL", "href": "https://www.tenable.com/plugins/nessus/150368", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150368);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/27\");\n\n script_cve_id(\n \"CVE-2021-1675\",\n \"CVE-2021-26414\",\n \"CVE-2021-31199\",\n \"CVE-2021-31201\",\n \"CVE-2021-31953\",\n \"CVE-2021-31954\",\n \"CVE-2021-31956\",\n \"CVE-2021-31958\",\n \"CVE-2021-31959\",\n \"CVE-2021-31962\",\n \"CVE-2021-31968\",\n \"CVE-2021-31971\",\n \"CVE-2021-31973\",\n \"CVE-2021-33742\"\n );\n script_xref(name:\"MSKB\", value:\"5003667\");\n script_xref(name:\"MSKB\", value:\"5003694\");\n script_xref(name:\"MSFT\", value:\"MS21-5003667\");\n script_xref(name:\"MSFT\", value:\"MS21-5003694\");\n script_xref(name:\"IAVA\", value:\"2021-A-0280-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0279-S\");\n\n script_name(english:\"KB5003694: Windows Server 2008 R2 Security Update (June 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5003694. It is, therefore, affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5003694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5003667\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update 5003694\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31956\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-06';\nkbs = make_list(\n '5003694',\n '5003667'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.1', \n sp:1,\n rollup_date:'06_2021',\n bulletin:bulletin,\n rollup_kb_list:[5003694, 5003667])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-29T03:55:27", "description": "The remote Windows host is missing security update 5003697. It is, therefore, affected by multiple vulnerabilities", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-08T00:00:00", "title": "KB5003697: Windows Server 2012 Security Update (June 2021)", "type": "nessus", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31973", "CVE-2021-31954", "CVE-2021-31953", "CVE-2021-31976", "CVE-2021-31201", "CVE-2021-31199", "CVE-2021-26414", "CVE-2021-1675", "CVE-2021-31971", "CVE-2021-33742", "CVE-2021-31974", "CVE-2021-31975", "CVE-2021-31968", "CVE-2021-31970", "CVE-2021-31958", "CVE-2021-31959", "CVE-2021-31962", "CVE-2021-31956"], "modified": "2021-06-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_JUN_5003697.NASL", "href": "https://www.tenable.com/plugins/nessus/150363", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150363);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/27\");\n\n script_cve_id(\n \"CVE-2021-1675\",\n \"CVE-2021-26414\",\n \"CVE-2021-31199\",\n \"CVE-2021-31201\",\n \"CVE-2021-31953\",\n \"CVE-2021-31954\",\n \"CVE-2021-31956\",\n \"CVE-2021-31958\",\n \"CVE-2021-31959\",\n \"CVE-2021-31962\",\n \"CVE-2021-31968\",\n \"CVE-2021-31970\",\n \"CVE-2021-31971\",\n \"CVE-2021-31973\",\n \"CVE-2021-31974\",\n \"CVE-2021-31975\",\n \"CVE-2021-31976\",\n \"CVE-2021-33742\"\n );\n script_xref(name:\"MSKB\", value:\"5003697\");\n script_xref(name:\"MSFT\", value:\"MS21-5003697\");\n script_xref(name:\"IAVA\", value:\"2021-A-0280-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0279-S\");\n\n script_name(english:\"KB5003697: Windows Server 2012 Security Update (June 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5003697. It is, therefore, affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5003697\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update 5003697\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31956\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-06';\nkbs = make_list(\n '5003697'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.2', \n sp:0,\n rollup_date:'06_2021',\n bulletin:bulletin,\n rollup_kb_list:[5003697])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-29T03:55:26", "description": "The remote Windows host is missing security update 5003681. It is, therefore, affected by multiple vulnerabilities", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-08T00:00:00", "title": "KB5003681: Windows Server 2012 R2 Security Update (June 2021)", "type": "nessus", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31973", "CVE-2021-31954", "CVE-2021-31953", "CVE-2021-31976", "CVE-2021-31201", "CVE-2021-31199", "CVE-2021-26414", "CVE-2021-1675", "CVE-2021-31971", "CVE-2021-33742", "CVE-2021-31974", "CVE-2021-31975", "CVE-2021-31968", "CVE-2021-31970", "CVE-2021-31958", "CVE-2021-31959", "CVE-2021-31962", "CVE-2021-31972", "CVE-2021-31956"], "modified": "2021-06-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_JUN_5003681.NASL", "href": "https://www.tenable.com/plugins/nessus/150354", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150354);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/27\");\n\n script_cve_id(\n \"CVE-2021-1675\",\n \"CVE-2021-26414\",\n \"CVE-2021-31199\",\n \"CVE-2021-31201\",\n \"CVE-2021-31953\",\n \"CVE-2021-31954\",\n \"CVE-2021-31956\",\n \"CVE-2021-31958\",\n \"CVE-2021-31959\",\n \"CVE-2021-31962\",\n \"CVE-2021-31968\",\n \"CVE-2021-31970\",\n \"CVE-2021-31971\",\n \"CVE-2021-31972\",\n \"CVE-2021-31973\",\n \"CVE-2021-31974\",\n \"CVE-2021-31975\",\n \"CVE-2021-31976\",\n \"CVE-2021-33742\"\n );\n script_xref(name:\"MSKB\", value:\"5003671\");\n script_xref(name:\"MSKB\", value:\"5003681\");\n script_xref(name:\"MSFT\", value:\"MS21-5003671\");\n script_xref(name:\"MSFT\", value:\"MS21-5003681\");\n script_xref(name:\"IAVA\", value:\"2021-A-0280-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0279-S\");\n\n script_name(english:\"KB5003681: Windows Server 2012 R2 Security Update (June 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5003681. It is, therefore, affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5003681\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5003671\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update 5003681\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31956\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-06';\nkbs = make_list(\n '5003681',\n '5003671'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.3', \n sp:0,\n rollup_date:'06_2021',\n bulletin:bulletin,\n rollup_kb_list:[5003681, 5003671])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-29T03:55:26", "description": "The remote Windows host is missing security update 5003638. It is, therefore, affected by multiple vulnerabilities", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-08T00:00:00", "title": "KB5003638: Windows 10 version 1607 / Windows Server 2016 Security Update (June 2021)", "type": "nessus", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31973", "CVE-2021-31954", "CVE-2021-31953", "CVE-2021-31976", "CVE-2021-31201", "CVE-2021-31199", "CVE-2021-26414", "CVE-2021-1675", "CVE-2021-31971", "CVE-2021-33742", "CVE-2021-31974", "CVE-2021-31975", "CVE-2021-31968", "CVE-2021-31970", "CVE-2021-31958", "CVE-2021-31959", "CVE-2021-31962", "CVE-2021-31972", "CVE-2021-31977", "CVE-2021-31956"], "modified": "2021-06-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_JUN_5003638.NASL", "href": "https://www.tenable.com/plugins/nessus/150367", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150367);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/27\");\n\n script_cve_id(\n \"CVE-2021-1675\",\n \"CVE-2021-26414\",\n \"CVE-2021-31199\",\n \"CVE-2021-31201\",\n \"CVE-2021-31953\",\n \"CVE-2021-31954\",\n \"CVE-2021-31956\",\n \"CVE-2021-31958\",\n \"CVE-2021-31959\",\n \"CVE-2021-31962\",\n \"CVE-2021-31968\",\n \"CVE-2021-31970\",\n \"CVE-2021-31971\",\n \"CVE-2021-31972\",\n \"CVE-2021-31973\",\n \"CVE-2021-31974\",\n \"CVE-2021-31975\",\n \"CVE-2021-31976\",\n \"CVE-2021-31977\",\n \"CVE-2021-33742\"\n );\n script_xref(name:\"MSKB\", value:\"5003638\");\n script_xref(name:\"MSFT\", value:\"MS21-5003638\");\n script_xref(name:\"IAVA\", value:\"2021-A-0280-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0279-S\");\n\n script_name(english:\"KB5003638: Windows 10 version 1607 / Windows Server 2016 Security Update (June 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5003638. It is, therefore, affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5003638\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update 5003638\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31956\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-06';\nkbs = make_list(\n '5003638'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10', \n sp:0,\n os_build:'14393',\n rollup_date:'06_2021',\n bulletin:bulletin,\n rollup_kb_list:[5003638])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-29T03:55:27", "description": "The remote Windows host is missing security update 5003687. It is, therefore, affected by multiple vulnerabilities", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-08T00:00:00", "title": "KB5003687: Windows 10 version 1507 LTS Security Update (June 2021)", "type": "nessus", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31973", "CVE-2021-31954", "CVE-2021-31953", "CVE-2021-31976", "CVE-2021-31201", "CVE-2021-31199", "CVE-2021-26414", "CVE-2021-1675", "CVE-2021-31971", "CVE-2021-33742", "CVE-2021-31974", "CVE-2021-31975", "CVE-2021-31968", "CVE-2021-31970", "CVE-2021-31958", "CVE-2021-31959", "CVE-2021-31962", "CVE-2021-31972", "CVE-2021-31977", "CVE-2021-31956"], "modified": "2021-06-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_JUN_5003687.NASL", "href": "https://www.tenable.com/plugins/nessus/150353", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150353);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/27\");\n\n script_cve_id(\n \"CVE-2021-1675\",\n \"CVE-2021-26414\",\n \"CVE-2021-31199\",\n \"CVE-2021-31201\",\n \"CVE-2021-31953\",\n \"CVE-2021-31954\",\n \"CVE-2021-31956\",\n \"CVE-2021-31958\",\n \"CVE-2021-31959\",\n \"CVE-2021-31962\",\n \"CVE-2021-31968\",\n \"CVE-2021-31970\",\n \"CVE-2021-31971\",\n \"CVE-2021-31972\",\n \"CVE-2021-31973\",\n \"CVE-2021-31974\",\n \"CVE-2021-31975\",\n \"CVE-2021-31976\",\n \"CVE-2021-31977\",\n \"CVE-2021-33742\"\n );\n script_xref(name:\"MSKB\", value:\"5003687\");\n script_xref(name:\"MSFT\", value:\"MS21-5003687\");\n script_xref(name:\"IAVA\", value:\"2021-A-0280-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0279-S\");\n\n script_name(english:\"KB5003687: Windows 10 version 1507 LTS Security Update (June 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5003687. It is, therefore, affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5003687\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update 5003687\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31956\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-06';\nkbs = make_list(\n '5003687'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10', \n sp:0,\n os_build:'10240',\n rollup_date:'06_2021',\n bulletin:bulletin,\n rollup_kb_list:[5003687])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-29T03:55:26", "description": "The remote Windows host is missing security update 5003646. It is, therefore, affected by multiple vulnerabilities", "edition": 8, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-08T00:00:00", "title": "KB5003646: Windows 10 version 1809 / Windows Server 2019 Security Update (June 2021)", "type": "nessus", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31973", "CVE-2021-31954", "CVE-2021-31953", "CVE-2021-31976", "CVE-2021-31201", "CVE-2021-31969", "CVE-2021-31199", "CVE-2021-26414", "CVE-2021-1675", "CVE-2021-31955", "CVE-2021-31971", "CVE-2021-33742", "CVE-2021-31974", "CVE-2021-31975", "CVE-2021-31951", "CVE-2021-31968", "CVE-2021-31970", "CVE-2021-31958", "CVE-2021-31952", "CVE-2021-31959", "CVE-2021-31962", "CVE-2021-31972", "CVE-2021-31977", "CVE-2021-31956"], "modified": "2021-06-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_JUN_5003646.NASL", "href": "https://www.tenable.com/plugins/nessus/150374", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150374);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/27\");\n\n script_cve_id(\n \"CVE-2021-1675\",\n \"CVE-2021-26414\",\n \"CVE-2021-31199\",\n \"CVE-2021-31201\",\n \"CVE-2021-31951\",\n \"CVE-2021-31952\",\n \"CVE-2021-31953\",\n \"CVE-2021-31954\",\n \"CVE-2021-31955\",\n \"CVE-2021-31956\",\n \"CVE-2021-31958\",\n \"CVE-2021-31959\",\n \"CVE-2021-31962\",\n \"CVE-2021-31968\",\n \"CVE-2021-31969\",\n \"CVE-2021-31970\",\n \"CVE-2021-31971\",\n \"CVE-2021-31972\",\n \"CVE-2021-31973\",\n \"CVE-2021-31974\",\n \"CVE-2021-31975\",\n \"CVE-2021-31976\",\n \"CVE-2021-31977\",\n \"CVE-2021-33742\"\n );\n script_xref(name:\"MSKB\", value:\"5003646\");\n script_xref(name:\"MSFT\", value:\"MS21-5003646\");\n script_xref(name:\"IAVA\", value:\"2021-A-0280-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0279-S\");\n\n script_name(english:\"KB5003646: Windows 10 version 1809 / Windows Server 2019 Security Update (June 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5003646. It is, therefore, affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5003646\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update 5003646\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31956\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-06';\nkbs = make_list(\n '5003646'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10', \n sp:0,\n os_build:'17763',\n rollup_date:'06_2021',\n bulletin:bulletin,\n rollup_kb_list:[5003646])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-29T03:55:26", "description": "The remote Windows host is missing security update 5003637. It is, therefore, affected by multiple vulnerabilities", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-08T00:00:00", "title": "KB5003637: Windows 10 version 2004 / Windows 10 version 20H2 / Windows 10 version 21H1 Security Update (June 2021)", "type": "nessus", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31973", "CVE-2021-31954", "CVE-2021-31976", "CVE-2021-31201", "CVE-2021-31969", "CVE-2021-31199", "CVE-2021-26414", "CVE-2021-33739", "CVE-2021-1675", "CVE-2021-31955", "CVE-2021-31971", "CVE-2021-33742", "CVE-2021-31974", "CVE-2021-31975", "CVE-2021-31951", "CVE-2021-31968", "CVE-2021-31970", "CVE-2021-31958", "CVE-2021-31952", "CVE-2021-31959", "CVE-2021-31962", "CVE-2021-31972", "CVE-2021-31960", "CVE-2021-31977", "CVE-2021-31956"], "modified": "2021-06-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_JUN_5003637.NASL", "href": "https://www.tenable.com/plugins/nessus/150370", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150370);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/27\");\n\n script_cve_id(\n \"CVE-2021-1675\",\n \"CVE-2021-26414\",\n \"CVE-2021-31199\",\n \"CVE-2021-31201\",\n \"CVE-2021-31951\",\n \"CVE-2021-31952\",\n \"CVE-2021-31954\",\n \"CVE-2021-31955\",\n \"CVE-2021-31956\",\n \"CVE-2021-31958\",\n \"CVE-2021-31959\",\n \"CVE-2021-31960\",\n \"CVE-2021-31962\",\n \"CVE-2021-31968\",\n \"CVE-2021-31969\",\n \"CVE-2021-31970\",\n \"CVE-2021-31971\",\n \"CVE-2021-31972\",\n \"CVE-2021-31973\",\n \"CVE-2021-31974\",\n \"CVE-2021-31975\",\n \"CVE-2021-31976\",\n \"CVE-2021-31977\",\n \"CVE-2021-33739\",\n \"CVE-2021-33742\"\n );\n script_xref(name:\"MSKB\", value:\"5003637\");\n script_xref(name:\"MSFT\", value:\"MS21-5003637\");\n script_xref(name:\"IAVA\", value:\"2021-A-0280-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0279-S\");\n\n script_name(english:\"KB5003637: Windows 10 version 2004 / Windows 10 version 20H2 / Windows 10 version 21H1 Security Update (June 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5003637. It is, therefore, affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5003637\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update 5003637\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31956\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-06';\nkbs = make_list(\n '5003637'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10', \n sp:0,\n os_build:'19041',\n rollup_date:'06_2021',\n bulletin:bulletin,\n rollup_kb_list:[5003637])\n\n|| smb_check_rollup(os:'10', \n sp:0,\n os_build:'19042',\n rollup_date:'06_2021',\n bulletin:bulletin,\n rollup_kb_list:[5003637])\n\n|| smb_check_rollup(os:'10', \n sp:0,\n os_build:'19043',\n rollup_date:'06_2021',\n bulletin:bulletin,\n rollup_kb_list:[5003637])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-29T03:55:26", "description": "The remote Windows host is missing security update 5003635. It is, therefore, affected by multiple vulnerabilities", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-08T00:00:00", "title": "KB5003635: Windows 10 version 1909 Security Update (June 2021)", "type": "nessus", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31973", "CVE-2021-31954", "CVE-2021-31976", "CVE-2021-31201", "CVE-2021-31969", "CVE-2021-31199", "CVE-2021-26414", "CVE-2021-33739", "CVE-2021-1675", "CVE-2021-31955", "CVE-2021-31971", "CVE-2021-33742", "CVE-2021-31974", "CVE-2021-31975", "CVE-2021-31951", "CVE-2021-31968", "CVE-2021-31970", "CVE-2021-31958", "CVE-2021-31952", "CVE-2021-31959", "CVE-2021-31962", "CVE-2021-31972", "CVE-2021-31977", "CVE-2021-31956"], "modified": "2021-06-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_JUN_5003635.NASL", "href": "https://www.tenable.com/plugins/nessus/150369", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150369);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/27\");\n\n script_cve_id(\n \"CVE-2021-1675\",\n \"CVE-2021-26414\",\n \"CVE-2021-31199\",\n \"CVE-2021-31201\",\n \"CVE-2021-31951\",\n \"CVE-2021-31952\",\n \"CVE-2021-31954\",\n \"CVE-2021-31955\",\n \"CVE-2021-31956\",\n \"CVE-2021-31958\",\n \"CVE-2021-31959\",\n \"CVE-2021-31962\",\n \"CVE-2021-31968\",\n \"CVE-2021-31969\",\n \"CVE-2021-31970\",\n \"CVE-2021-31971\",\n \"CVE-2021-31972\",\n \"CVE-2021-31973\",\n \"CVE-2021-31974\",\n \"CVE-2021-31975\",\n \"CVE-2021-31976\",\n \"CVE-2021-31977\",\n \"CVE-2021-33739\",\n \"CVE-2021-33742\"\n );\n script_xref(name:\"MSKB\", value:\"5003635\");\n script_xref(name:\"MSFT\", value:\"MS21-5003635\");\n script_xref(name:\"IAVA\", value:\"2021-A-0280-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0279-S\");\n\n script_name(english:\"KB5003635: Windows 10 version 1909 Security Update (June 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5003635. It is, therefore, affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5003635\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update 5003635\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31956\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-06';\nkbs = make_list(\n '5003635'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10', \n sp:0,\n os_build: '18363',\n rollup_date:'06_2021',\n bulletin:bulletin,\n rollup_kb_list:[5003635])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "malwarebytes": [{"lastseen": "2021-06-15T08:32:16", "description": "This patch Tuesday harvest was another big one. The Windows updates alone included seven zero-day vulnerability updates, two of them are actively being used in the wild by a group called PuzzleMaker, four others that have also been seen in the wild, plus one other zero-day vulnerability not known to have been actively exploited. Add to that 45 vulnerabilities that were labelled important, and security updates for Android, Adobe, SAP, and Cisco. You can practically see the IT staff scrambling to figure out what to do first and what needs to be checked before applying the patches.\n\n### PuzzleMaker\n\nSecurity researchers have discovered a new threat actor dubbed [PuzzleMaker](<https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/>), that was found using a chain of Google Chrome and Windows 10 zero-day exploits in highly targeted attacks against multiple companies worldwide. Unfortunately the researchers were unable to conclusively identify the Chrome vulnerability that was used (but they do have a suspect). The good news is that the two Windows vulnerabilities in the attack chain were included in the Windows 10 KB5003637 &amp; KB5003635 cumulative updates. These vulnerabilities are listed as [CVE-2021-31955](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31955>), a Windows kernel information disclosure vulnerability, and [CVE-2021-31956](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31956>), a Windows NTFS elevation of privilege vulnerability.\n\n### Other critical issues\n\nThe other critical patches made available by Microsoft this June include these actively exploited vulnerabilities:\n\n * [CVE-2021-33739](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33739>), a Microsoft DWM Core Library Elevation of Privilege Vulnerability.\n * [CVE-2021-33742](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33742>) Windows MSHTML Platform Remote Code Execution Vulnerability.\n * [CVE-2021-31199](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31199>) Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability.\n * [CVE-2021-31201](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31201>) another Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability.\n\nNot (yet) actively exploited zero day vulnerability:\n\n * [CVE-2021-31968](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31968>) Windows Remote Desktop Services Denial of Service Vulnerability.\n\nOther critical updates:\n\n * [CVE-2021-31963](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31963>) Microsoft SharePoint Server Remote Code Execution Vulnerability.\n * [CVE-2021-31959](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31959>) Scripting Engine Memory Corruption Vulnerability.\n * [CVE-2021-31967](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31967>) VP9 Video Extensions Remote Code Execution Vulnerability.\n * [CVE-2021-31985](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31985>) Microsoft Defender Remote Code Execution Vulnerability.\n * [CVE-2021-33742](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33742>) Windows MSHTML Platform Remote Code Execution Vulnerability.\n\n### Android\n\nThe [Android Security Bulletin of June 7](<https://source.android.com/security/bulletin/2021-06-01>) mentions a critical security vulnerability in the System component that &quot;could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process&quot;, which is as bad as it sounds. That vulnerability, listed as [CVE-2021-0507](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-0507>), could allow an attacker to take control of a targeted Android device unless it&#x27;s patched.\n\n### Cisco\n\nCisco has issued a [patch](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c>) for a vulnerability in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense (FTD) Software, that could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message **through** an affected device. SSL/TLS messages sent **to** an affected device do not trigger this vulnerability. Cisco informs us that there is no workaround for this issue. Patching is the only solution.\n\n### SAP\n\nIn the SAP advisory for [Security Patch Day \u2013 June 2021](<https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999>) we can find two issues that are labelled as \u201cHot News\u201d:\n\n * [CVE-2021-276](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27602>)[0](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27602>)[2](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27602>) SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain modules within the application. An attacker with this authorization can inject malicious code in the source rules and perform remote code execution enabling them to compromise the confidentiality, integrity and availability of the application.\n * [CVE-2021-27610](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27610>) Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform.\n\n### Adobe\n\nTo top things off, Adobe has released a giant [Patch ](<https://helpx.adobe.com/security.html>)[Tuesday security update](<https://helpx.adobe.com/security.html>) release that fixes vulnerabilities in ten applications, including Adobe Acrobat (of course), Reader, and Photoshop. Notably five vulnerabilities in Adobe Acrobat and Reader were fixed that address multiple critical vulnerabilities. Acrobat&#x27;s determination to cement its place as [the new Flash](<https://blog.malwarebytes.com/awareness/2021/01/adobe-flash-player-reaches-end-of-life/>) shows no sign of dimming.\n\nSuccessful exploitation could lead to arbitrary code execution in the context of the current user on both Windows and macOS. The same is true for two critical vulnerabilities in Photoshop that could lead to arbitrary code execution in the context of the current user.\n\n### CVE\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). Which is why we try and link you to the Mitre list of CVE\u2019s where possible. It allows interested parties to find and compare vulnerabilities.\n\nHappy patching, everyone!\n\nThe post [Microsoft fixes seven zero-days, including two PuzzleMaker targets, Google fixes serious Android flaw](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/06/microsoft-fixes-seven-zero-days-including-two-puzzlemaker-targets-google-fixes-serious-android-flaw/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-09T14:50:52", "type": "malwarebytes", "title": "Microsoft fixes seven zero-days, including two PuzzleMaker targets, Google fixes serious Android flaw", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-0507", "CVE-2021-27602", "CVE-2021-27610", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31955", "CVE-2021-31956", "CVE-2021-31959", "CVE-2021-31963", "CVE-2021-31967", "CVE-2021-31968", "CVE-2021-31985", "CVE-2021-33739", "CVE-2021-33742"], "modified": "2021-06-09T14:50:52", "id": "MALWAREBYTES:84CB84E43C5F560FDE9B8B7E65F7C4A3", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/06/microsoft-fixes-seven-zero-days-including-two-puzzlemaker-targets-google-fixes-serious-android-flaw/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "avleonov": [{"lastseen": "2021-07-28T14:34:07", "description": "Hello everyone! Let&#x27;s now talk about Microsoft Patch Tuesday vulnerabilities for the second quarter of 2021. April, May and June. Not the most exciting topic, I agree. I am surprised that someone is reading or watching this. For me personally, this is a kind of tradition. Plus this is an opportunity to try Vulristics in action and find possible problems. It is also interesting to see what VM vendors considered critical back then and what actually became critical. I will try to keep this video short.\n\nFirst of all, let&#x27;s take a look at the vulnerabilities from the April Patch Tuesday. 108 vulnerabilities, 55 of them are RCEs. Half of these RCEs (27) are weird RPC vulnerabilities. &quot;Researcher who reported these bugs certainly found quite the attack surface&quot;. The most critical vulnerability is RCE in Exchange (CVE-2021-28480). This is not ProxyLogon, this is another vulnerability. ProxyLogon was in March. And this vulnerability is simply related to ProxyLogon, so it is believed that it is exploited in the wild as well. In the second place this Win32k Elevation of Privilege (CVE-2021-28310). It is clearly mentioned in several sources as being used in real attacks. &quot;Bugs of this nature are typically combined with other bugs, such as a browser bug or PDF exploit, to take over a system&quot;. And the only vulnerability with a public exploit is the Azure DevOps Server Spoofing (CVE-2021-28459). Previously known as Team Foundation Server (\u200bTFS), Azure DevOps Server is a set of collaborative software development tools. It is hosted on-premises. Therefore, this vulnerability can be useful for attackers.\n\nLet&#x27;s take a look at May. A very small Patch Tuesday. There are only 55 vulnerabilities. Vendors mainly wrote about HTTP Protocol Stack Remote Code Execution Vulnerability. But no catastrophe happened. &quot;tenable: On May 16, security researcher 0vercl0k published PoC code to github for CVE-2021-31166. Based on our analysis, this exploit could only result in a denial of service (DoS) condition&quot;. VM vendors also wrote a lot about Hyper-V Remote Code Execution Vulnerability. But there was no real exploitation there either. But a real exploit appeared for Remote Code Execution in Microsoft SharePoint (CVE-2021-31181). And exploitation in the wild was mentioned for Windows Container Manager Service (CVE-2021-31167), which no VM vendor mentioned at all. But the exploitation was &quot;Personally observed in an environment&quot;, so this may not be accurate. Also take a look at Memory Corruption in Microsoft Scripting Engine (CVE-2021-26419) with a public exploit and Information Disclosure in Windows Wireless Networking (CVE-2020-24587) with a sign of exploitation in the wild (but this also may not be accurate).\n\nAnd finally June. There are even fewer vulnerabilities, only 49. But there are a lot of them with a sign of exploitation in the wild. And this information is directly from Microsoft. Windows MSHTML Platform Remote Code Execution (CVE-2021-33742). Elevations of Privilege in Windows NTFS (CVE-2021-31956), Microsoft Enhanced Cryptographic Provider (CVE-2021-31199, CVE-2021-31201), Microsoft DWM Core Library (CVE-2021-33739). Windows Kernel Information Disclosure (CVE-2021-31955). Much more than usual. VM vendors have written the most about EoP in Windows NTFS (CVE-2021-31956). Do you know what vulnerability they didn&#x27;t highlight at all? Elevations of Privilege and later Remote Code Execution in Windows Print Spooler (CVE-2021-1675). The one that started the PrintNightmare story. Very ironic. Also pay attention to Spoofing in Microsoft SharePoint (CVE-2021-31950) for which there is a public Server-Side Request Forgery exploit. VM vendors also did not write anything about this vulnerability in their reviews.\n\nFull Vulristics reports:\n\n * [ms_patch_tuesday_april2021_report_avleonov_comments.html](<https://avleonov.com/vulristics_reports/ms_patch_tuesday_april2021_report_avleonov_comments.html>)\n * [ms_patch_tuesday_may2021_report_avleonov_comments.html](<https://avleonov.com/vulristics_reports/ms_patch_tuesday_may2021_report_avleonov_comments.html>)\n * [ms_patch_tuesday_june2021_report_avleonov_comments.html](<https://avleonov.com/vulristics_reports/ms_patch_tuesday_june2021_report_avleonov_comments.html>)\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-10T00:14:59", "type": "avleonov", "title": "Vulristics: Microsoft Patch Tuesdays Q2 2021", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24587", "CVE-2021-1675", "CVE-2021-26419", "CVE-2021-28310", "CVE-2021-28459", "CVE-2021-28480", "CVE-2021-31166", "CVE-2021-31167", "CVE-2021-31181", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31950", "CVE-2021-31955", "CVE-2021-31956", "CVE-2021-33739", "CVE-2021-33742"], "modified": "2021-07-10T00:14:59", "id": "AVLEONOV:9D3D76F4CC74C7ABB8000BC6AFB2A2CE", "href": "http://feedproxy.google.com/~r/avleonov/~3/zKo35MmSBcA/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "rapid7blog": [{"lastseen": "2021-06-15T09:07:00", "bulletinFamily": "info", "cvelist": ["CVE-2021-1675", "CVE-2021-26414", "CVE-2021-26420", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31938", "CVE-2021-31939", "CVE-2021-31940", "CVE-2021-31941", "CVE-2021-31942", "CVE-2021-31943", "CVE-2021-31944", "CVE-2021-31945", "CVE-2021-31946", "CVE-2021-31948", "CVE-2021-31949", "CVE-2021-31950", "CVE-2021-31951", "CVE-2021-31952", "CVE-2021-31953", "CVE-2021-31954", "CVE-2021-31955", "CVE-2021-31956", "CVE-2021-31957", "CVE-2021-31958", "CVE-2021-31959", "CVE-2021-31960", "CVE-2021-31962", "CVE-2021-31963", "CVE-2021-31964", "CVE-2021-31965", "CVE-2021-31966", "CVE-2021-31967", "CVE-2021-31968", "CVE-2021-31969", "CVE-2021-31970", "CVE-2021-31971", "CVE-2021-31972", "CVE-2021-31973", "CVE-2021-31974", "CVE-2021-31975", "CVE-2021-31976", "CVE-2021-31977", "CVE-2021-31978", "CVE-2021-31980", "CVE-2021-31983", "CVE-2021-31985", "CVE-2021-33739", "CVE-2021-33741", "CVE-2021-33742"], "description": "\n\nIt is another low volume Patch Tuesday this month as Microsoft releases fixes for 50 vulnerabilities. This should not diminish the importance of speedily applying the updates. 6 of the vulnerabilities being patched this month are 0-days under active exploitation ([CVE-2021-31955](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31955>), [CVE-2021-31956](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31956>), [CVE-2021-33739](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33739>), [CVE-2021-33742](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33742>), [CVE-2021-31199](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31199>), and [CVE-2021-31201](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31201>)). These patches should be given immediate priority. Luckily they can all be addressed by normal operating system patches and should not require additional manual intervention. Additionally, Enterprises should take action on [CVE-2021-31962](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31962>) if they use Kerberos in their environment as it may allow an attacker to bypass Kerberos authentication altogether.\n\n## Windows MSHTML Platform Remote Code Execution Vulnerability ([CVE-2021-33742](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33742>))\n\nThis is the only 0-day vulnerability this month which results in a remote code execution. The vulnerability lies within the MSHTML platform which is used by Internet Explorer 11 and Edge Legacy. While these two products are no longer fully supported (Edge Legacy is end of life and IE 11 is no longer supported on certain platforms) the underlying HTML libraries continue to be updated as other applications can make use of it. Further details for this vulnerability will be published by Google's Threat Analysis Group within the next 30 days.\n\n## Kerberos AppContainer Security Feature Bypass Vulnerability ([CVE-2021-31962](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31962>))\n\nWhile this vulnerability has not been exploited in the wild yet, it would be a rather juicy target for exploit developers. Were this to be exploited it may allow a complete bypass of Kerberos authentication, allowing a connection without a password. Kerberos is generally used in Enterprise environments and as such sysadmins should patch this if they are leveraging the strong cryptography authentication mechanism.\n\n## Multiple Elevation of Privilege 0-days \n\n### [CVE-2021-31955](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31955>), [CVE-2021-31956](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31956>), [CVE-2021-33739](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33739>), [CVE-2021-31199](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31199>), and [CVE-2021-31201](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31201>)\n\n \nThe rest of the 0-days this month can result in elevation of privilege. These vulnerabilities are often chained with other vulnerabilities in order to achieve code execution as an Administrator. Luckily for defenders, these vulnerabilities are simply patched using the traditional update methods.\n\n## Summary Tables\n\nHere are this month's patched vulnerabilities split by the product family.\n\n## Apps Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-31945](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31945>) | Paint 3D Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31946](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31946>) | Paint 3D Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31983](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31983>) | Paint 3D Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31980](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31980>) | Microsoft Intune Management Extension Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n[CVE-2021-31942](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31942>) | 3D Viewer Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31943](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31943>) | 3D Viewer Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31944](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31944>) | 3D Viewer Information Disclosure Vulnerability | No | No | 5 | Yes \n \n## Browser Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-33741](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33741>) | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | No | No | 8.2 | Yes \n \n## Developer Tools Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-31938](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31938>) | Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vulnerability | No | No | 7.3 | Yes \n[CVE-2021-31957](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31957>) | .NET Core and Visual Studio Denial of Service Vulnerability | No | No | 5.9 | No \n \n## ESU Windows Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-31968](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31968>) | Windows Remote Desktop Services Denial of Service Vulnerability | No | Yes | 7.5 | No \n[CVE-2021-1675](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1675>) | Windows Print Spooler Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31958](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31958>) | Windows NTLM Elevation of Privilege Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-31956](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31956>) | Windows NTFS Elevation of Privilege Vulnerability | Yes | No | 7.8 | Yes \n[CVE-2021-33742](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33742>) | Windows MSHTML Platform Remote Code Execution Vulnerability | Yes | No | 7.5 | Yes \n[CVE-2021-31971](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31971>) | Windows HTML Platform Security Feature Bypass Vulnerability | No | No | 6.8 | Yes \n[CVE-2021-31973](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31973>) | Windows GPSVC Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31953](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31953>) | Windows Filter Manager Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26414](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26414>) | Windows DCOM Server Security Feature Bypass | No | No | 4.8 | Yes \n[CVE-2021-31954](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31954>) | Windows Common Log File System Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31959](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31959>) | Scripting Engine Memory Corruption Vulnerability | No | No | 6.4 | Yes \n[CVE-2021-31199](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31199>) | Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability | Yes | No | 5.2 | Yes \n[CVE-2021-31201](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31201>) | Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability | Yes | No | 5.2 | Yes \n[CVE-2021-31962](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31962>) | Kerberos AppContainer Security Feature Bypass Vulnerability | No | No | 9.4 | Yes \n \n## Microsoft Office Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-31964](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31964>) | Microsoft SharePoint Server Spoofing Vulnerability | No | No | 7.6 | No \n[CVE-2021-31948](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31948>) | Microsoft SharePoint Server Spoofing Vulnerability | No | No | 7.6 | No \n[CVE-2021-31950](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31950>) | Microsoft SharePoint Server Spoofing Vulnerability | No | No | 7.6 | No \n[CVE-2021-31966](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31966>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 7.2 | No \n[CVE-2021-31963](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31963>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 7.1 | No \n[CVE-2021-26420](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26420>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 7.1 | No \n[CVE-2021-31965](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31965>) | Microsoft SharePoint Server Information Disclosure Vulnerability | No | No | 5.7 | Yes \n[CVE-2021-31949](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31949>) | Microsoft Outlook Remote Code Execution Vulnerability | No | No | 6.7 | Yes \n[CVE-2021-31940](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31940>) | Microsoft Office Graphics Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31941](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31941>) | Microsoft Office Graphics Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31939](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31939>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n## System Center Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-31985](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31985>) | Microsoft Defender Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31978](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31978>) | Microsoft Defender Denial of Service Vulnerability | No | No | 5.5 | Yes \n \n## Windows Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-31970](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31970>) | Windows TCP/IP Driver Security Feature Bypass Vulnerability | No | No | 5.5 | No \n[CVE-2021-31952](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31952>) | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31955](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31955>) | Windows Kernel Information Disclosure Vulnerability | Yes | No | 5.5 | Yes \n[CVE-2021-31951](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31951>) | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31977](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31977>) | Windows Hyper-V Denial of Service Vulnerability | No | No | 8.6 | Yes \n[CVE-2021-31969](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31969>) | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31960](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31960>) | Windows Bind Filter Driver Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-31967](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31967>) | VP9 Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31975](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31975>) | Server for NFS Information Disclosure Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-31976](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31976>) | Server for NFS Information Disclosure Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-31974](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31974>) | Server for NFS Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2021-33739](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33739>) | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Yes | Yes | 8.4 | Yes \n[CVE-2021-31972](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31972>) | Event Tracing for Windows Information Disclosure Vulnerability | No | No | 5.5 | Yes \n \n## Summary Graphs\n\n", "modified": "2021-06-08T10:00:00", "published": "2021-06-08T10:00:00", "id": "RAPID7BLOG:E44F025D612AC4EA5DF9F2B56FF8680C", "href": "https://blog.rapid7.com/2021/06/08/patch-tuesday-june-2021/", "type": "rapid7blog", "title": "Patch Tuesday - June 2021", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "qualysblog": [{"lastseen": "2021-06-15T08:32:22", "description": "### Microsoft Patch Tuesday \u2013 June 2021\n\nMicrosoft patched 50 CVEs in their June 2021 Patch Tuesday release, and five of them are rated as critical severity. Six have applicable exploits.\n\n#### Critical Microsoft Vulnerabilities Patched\n\n[CVE-2021-31985](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31985>) \u2013 Microsoft Defender Remote Code Execution Vulnerability\n\nMicrosoft released patches addressing a critical RCE vulnerability in its Defender product (CVE-2021-31985). This CVE has a high likelihood of exploitability and is assigned a CVSSv3 base score of 7.8 by the vendor.\n\n[CVE-2021-31959](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31959>) \u2013 Scripting Engine Memory Corruption Vulnerability\n\nMicrosoft released patches addressing a critical memory corruption vulnerability in the Chakra JScript scripting engine. This vulnerability impacts Windows RT, Windows 7, Windows 8, Windows 10, Windows Server 2008 R2, Windows Server 2012 (R2) and Windows Server 2016. An adversary can exploit this vulnerability when the target user opens a specially crafted file.\n\n[CVE-2021-31963](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31963>) \u2013 Microsoft SharePoint Server Remote Code Execution Vulnerability\n\nMicrosoft released patches addressing a critical RCE in SharePoint Server. This CVE is assigned a CVSSv3 base score of 7.1 by the vendor.\n\n#### Six 0-Day Vulnerabilities with Exploits in the Wild Patched\n\nThe following vulnerabilities need immediate attention for patching since they have active exploits in the wild:\n\n[CVE-2021-33742](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33742>) \u2013 Windows MSHTML Platform Remote Code Execution Vulnerability \n[CVE-2021-33739](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33739>) \u2013 Microsoft DWM Core Library Elevation of Privilege Vulnerability \n[CVE-2021-31956](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31956>) \u2013 Windows NTFS Elevation of Privilege Vulnerability \n[CVE-2021-31955](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31955>) \u2013 Windows Kernel Information Disclosure Vulnerability \n[CVE-2021-31201](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31201>) \u2013 Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability \n[CVE-2021-31199](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31199>) \u2013 Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability\n\n#### **Qualys QIDs Providing Coverage**\n\nQID| Title| Severity| CVE ID \n---|---|---|--- \n91768| Microsoft .NET Core Security Update June 2021| Medium| CVE-2021-31957 \n91769| Microsoft Visual Studio Security Update for June 2021| Medium| CVE-2021-31957 \n375614| Visual Studio Code Kubernetes Tools Extension Elevation of Privilege Vulnerability| Medium| CVE-2021-31938 \n110383| Microsoft SharePoint Enterprise Server Multiple Vulnerabilities June 2021| High| CVE-2021-31966,CVE-2021-31965,CVE-2021-31964,CVE-2021-31963,CVE-2021-31950,CVE-2021-31948,CVE-2021-26420 \n110384| Microsoft Office and Microsoft Office Services and Web Apps Security Update June 2021| High| CVE-2021-31939,CVE-2021-31941,CVE-2021-31940,CVE-2021-31949 \n110385| Mcrosoft Outlook Remote Code Execution Vulnerability Security Update June 2021| High| CVE-2021-31949,CVE-2021-31941 \n91771| Microsoft Defender Multiple Vulnerabilities - June 2021| Critical| CVE-2021-31978,CVE-2021-31985 \n91772| Microsoft Windows Security Update for June 2021| Critical| CVE-2021-1675,CVE-2021-26414,CVE-2021-31199,CVE-2021-31201,CVE-2021-31951,CVE-2021-31952,CVE-2021-31953,CVE-2021-31954,CVE-2021-31955,CVE-2021-31956,CVE-2021-31958,CVE-2021-31959,CVE-2021-31960,CVE-2021-31962,CVE-2021-31968,CVE-2021-31969,CVE-2021-31970,CVE-2021-31971,CVE-2021-31972,CVE-2021-31973,CVE-2021-31974,CVE-2021-31975,CVE-2021-31976,CVE-2021-31977,CVE-2021-33742 \n91773| Microsoft 3D Viewer Multiple Vulnerabilities - June 2021| High| CVE-2021-31944,CVE-2021-31943,CVE-2021-31942 \n91774| Microsoft Paint 3D Remote Code Execution Vulnerability| High| CVE-2021-31983,CVE-2021-31946,CVE-2021-31945 \n91775| Microsoft Windows VP9 Video Extension Remote Code Execution Vulnerability| Medium| CVE-2021-31967 \n91777| Microsoft Windows DWM Core Library Elevation of Privilege Vulnerability - June 2021 | High| CVE-2021-33739 \n \n### Adobe Patch Tuesday \u2013 June 2021\n\nAdobe addressed 41 CVEs this Patch Tuesday, and 21 of them are rated as critical severity impacting Acrobat and Reader, Adobe Photoshop, Creative Cloud Desktop Application, RoboHelp Server, Adobe After Effects, and Adobe Animate products.\n\nAdobe Security Bulletin| QID| Severity| CVE ID \n---|---|---|--- \nAdobe Animate Multiple Security Vulnerabilities (APSB21-50)| 91770| Medium| CVE-2021-28630,CVE-2021-28619,CVE-2021-28617,CVE-2021-28618,CVE-2021-28621,CVE-2021-28620,CVE-2021-28629,CVE-2021-28622 \nAdobe Security Update for Adobe Acrobat and Reader( APSB21-37)| 375611| High| CVE-2021-28551,CVE-2021-28554,CVE-2021-28552,CVE-2021-28631,CVE-2021-28632 \n \n### Discover Patch Tuesday Vulnerabilities in VMDR\n\nQualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its Knowledge Base (KB).\n\nYou can see all your impacted hosts by these vulnerabilities using the following QQL query:\n\n`vulnerabilities.vulnerability:(qid:`91768` OR qid:`91769` OR qid:`91770` OR qid:`91771` OR qid:`91772` OR qid:`91773` OR qid:`91774` OR qid:`91775` OR qid:`91777` OR qid:`110383` OR qid:`110384` OR qid:`110385` OR qid:`375611` OR qid:`375614`)`\n\n\n\n### Respond by Patching\n\nVMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches in one go.\n\nThe following QQL will return the missing patches pertaining to this Patch Tuesday.\n\n`(qid:`91768` OR qid:`91769` OR qid:`91770` OR qid:`91771` OR qid:`91772` OR qid:`91773` OR qid:`91774` OR qid:`91775` OR qid:`91777` OR qid:`110383` OR qid:`110384` OR qid:`110385` OR qid:`375611` OR qid:`375614`)`\n\n\n\n### Patch Tuesday Dashboard\n\nThe current updated Patch Tuesday dashboards are available in [Dashboard Toolbox: 2021 Patch Tuesday Dashboard](<https://qualys-secure.force.com/discussions/s/article/000006505>).\n\n### Webinar Series: This Month in Patches\n\nTo help customers leverage the seamless integration between Qualys VMDR and Patch Management and reduce the median time to remediate critical vulnerabilities, the Qualys Research team is hosting a monthly webinar series [_This Month in Patches_](<https://www.brighttalk.com/webcast/11673/491681>).\n\nWe discuss some of the key vulnerabilities disclosed in the past month and how to patch them:\n\n * VMware vCenter Server Multiple Vulnerabilities\n * Ubuntu XStream Vulnerabilities\n * Microsoft Patch Tuesday, June 2021\n\n[Join us live or watch on demand](<https://www.brighttalk.com/webcast/11673/491681>)!\n\n### About Patch Tuesday\n\nPatch Tuesday QIDs are published at [Security Alerts](<https://www.qualys.com/research/security-alerts/>), typically late in the evening of [Patch Tuesday](<https://blog.qualys.com/tag/patch-tuesday>), followed shortly after by [PT dashboards](<https://qualys-secure.force.com/discussions/s/article/000006505>).", "cvss3": {}, "published": "2021-06-08T21:19:29", "type": "qualysblog", "title": "Microsoft & Adobe Patch Tuesday (June 2021) \u2013 Microsoft 50 Vulnerabilities with 5 Critical, Adobe 21 Critical Vulnerabilities", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2021-1675", "CVE-2021-26414", "CVE-2021-26420", "CVE-2021-28551", "CVE-2021-28552", "CVE-2021-28554", "CVE-2021-28617", "CVE-2021-28618", "CVE-2021-28619", "CVE-2021-28620", "CVE-2021-28621", "CVE-2021-28622", "CVE-2021-28629", "CVE-2021-28630", "CVE-2021-28631", "CVE-2021-28632", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31938", "CVE-2021-31939", "CVE-2021-31940", "CVE-2021-31941", "CVE-2021-31942", "CVE-2021-31943", "CVE-2021-31944", "CVE-2021-31945", "CVE-2021-31946", "CVE-2021-31948", "CVE-2021-31949", "CVE-2021-31950", "CVE-2021-31951", "CVE-2021-31952", "CVE-2021-31953", "CVE-2021-31954", "CVE-2021-31955", "CVE-2021-31956", "CVE-2021-31957", "CVE-2021-31958", "CVE-2021-31959", "CVE-2021-31960", "CVE-2021-31962", "CVE-2021-31963", "CVE-2021-31964", "CVE-2021-31965", "CVE-2021-31966", "CVE-2021-31967", "CVE-2021-31968", "CVE-2021-31969", "CVE-2021-31970", "CVE-2021-31971", "CVE-2021-31972", "CVE-2021-31973", "CVE-2021-31974", "CVE-2021-31975", "CVE-2021-31976", "CVE-2021-31977", "CVE-2021-31978", "CVE-2021-31983", "CVE-2021-31985", "CVE-2021-33739", "CVE-2021-33742"], "modified": "2021-06-08T21:19:29", "id": "QUALYSBLOG:23EF75126B24C22C999DAD4D7A2E9DF5", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}