Threat Response – Multiple critical zero day vulnerabilities in Microsoft Windows

09-06-2021

A SAFE DIGITAL JOURNEY

On Tuesday June 8th (“Patch Tuesday”) Microsoft released patches for multiple vulnerabilities, among which seven zero-day vulnerabilities. Of these, six are actively being exploited [1]. We advise to install these patches as soon as possible.

Description
On Tuesday June 8th Microsoft released patches for a large number of vulnerabilities, of which seven zero-day vulnerabilities. The zero-day vulnerabilities are tracked under the following CVE-numbers:

  • CVE-2021-31955 – Windows Kernel Information Disclosure Vulnerability
  • CVE-2021-31956 – Windows NTFS Elevation of Privilege Vulnerability
  • CVE-2021-33739 – Microsoft DWM Core Library Elevation of Privilege Vulnerability
  • CVE-2021-33742 – Windows MSHTML Platform Remote Code Execution Vulnerability
  • CVE-2021-31199 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
  • CVE-2021-31201 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
  • CVE-2021-31968 – Windows Remote Desktop Services Denial of Service Vulnerability

In [2] you can find an overview of all patched vulnerabilities including their CVSS-score. Microsoft’s official release notes can be found at [3].

Impact
Of the patched vulnerabilities, several are very severe. Some of them, at least six, are actively being exploited.
Therefore we assess the impact as high.

Risk
Because some of these vulnerabilities are under active abuse, we estimate the risk as high.

What should you do?
Install the updates that were released yesterday as soon as possible.

What will Northwave do?
Northwave is researching the possibilities of monitoring for exploit attempts. When possible, we will add these capabilities to the Northwave Detection Platform.
Northwave will monitor any developments regarding this vulnerability. If new critical information about this threat arises we will reach out to you. If you need additional information you can call us by phone or send us an email.

Phone number: +31 (0)30-303 1244 (during business hours)
E-mail: [email protected]
Do you have an incident right now? Call our CERT number: +31 (0)85-0437 909 or 0800-1744 (alleen vanuit Nederland)

Disclaimer applies, see below.

Sources

[1]: https://www.bleepingcomputer.com/news/microsoft/microsoft-june-2021-patch-tuesday-fixes-6-exploited-zero-days-50-flaws/
[2]: https://isc.sans.edu/forums/diary/Microsoft+June+2021+Patch+Tuesday/27506/
[3]: https://msrc.microsoft.com/update-guide/releaseNote/2021-Jun

 

Disclaimer
Northwave has made every effort to make this information accurate and reliable. However, the information provided is without warranty of any kind and its use is at the sole risk of the user. Northwave does not accept any responsibility or liability for the accuracy, content, completeness, legality or reliability of the information provided. We shall not be liable for any loss or damage of whatever nature, direct or indirect, consequential or other, whether arising in contract, tort or otherwise, which may arise as a result of your use of, or inability to use, this information or any additional information provided by us in direct or indirect relation to the information provided here.