Daily Bulletin


Technology

  • Written by Chris Goettl, Senior Director of Product Management and Security, Ivanti

Microsoft has just released the June Patch Tuesday updates and it is a hot one! There are 49 unique vulnerabilities, six of which have been detected in exploits in the wild. Many of the exploited vulnerabilities are only rated as Important and have lower CVSSv3 base scores, which can cause them to be missed in prioritization in some organizations. This brings a very important prioritization challenge to the forefront this month. Vendor severity ratings and scoring systems like CVSS may not reflect the real-world risk in many cases. Adopting a Risk-based Vulnerability Management approach and using additional risk indicators and telemetry on real-world attack trends is vital to stay ahead of threats like modern ransomware.

 

Microsoft resolved an Information Disclosure vulnerability in Windows Kernel (CVE-2021-31955).  The vulnerability affects Windows 10 1809, Server 2019 and later versions of the Windows OS. This vulnerability allows an attacker to access the contents of Kernel memory from a user mode process, granting access to sensitive information. The vulnerability is rated as Important and has a CVSSv3 base score of 5.5, which could be missed in some organizations' prioritization.

 

Microsoft resolved an Elevation of Privilege vulnerability in Windows NTFS (CVE-2021-31956) which could allow an attacker could convince a local user to open a malicious file, or in the case the attacker is already on the system, run a specially crafted application to exploit the vulnerability and take control of the affected system. This vulnerability affects Windows 7, Server 2008 and later Windows OS versions. The vulnerability is rated as Important and has a CVSSv3 base score of 7.8, which could be missed in some organizations' prioritization.

 

Microsoft resolved a Remote Code Execution vulnerability (CVE-2021-33742) which could allow an attacker to remotely execute code on the target system. To exploit the vulnerability, the attacker must convince a user to take an action — but this is a small barrier for threat actors. The exploit does not require any privileges to exploit the vulnerability. This vulnerability affects Windows 7, Server 2008 and later Windows OS versions and is rated as Critical with a CVSSv3 base score of 7.5.

 

Microsoft resolved an Elevation of Privilege vulnerability(CVE-2021-31199) in Microsoft Enhanced Cryptographic Provider which could allow an attacker to elevate from a low privilege to gain access to more information on the system and modify some data. This vulnerability is related to a previously exploited Adobe vulnerability. To fully resolve the threat there are three vulnerabilities that must be resolved. “Microsoft CVE-2021-31201 and CVE-2021-31199 address vulnerabilities that are related to Adobe's CVE-2021-28550, released in Adobe Security Bulletin ID APSB21-29. Customers running affected versions of Microsoft Windows should install the June security updates to be fully protected from these three vulnerabilities.” This vulnerability affects Windows 7, Server 2008 and later Windows OS versions and is rated as Important with a CVSSv3 base score of 5.2, which could be missed in some organizations' prioritization.

 

Microsoft resolved an Elevation of Privilege vulnerability (CVE-2021-31201) in Microsoft Enhanced Cryptographic Provider which could allow an attacker to elevate from a low privilege to gain access to more information on the system and ability to modify some data. This vulnerability is related to a previously exploited Adobe vulnerability. To fully resolve the threat there are three vulnerabilities that must be resolved. “Microsoft CVE-2021-31201 and CVE-2021-31199 address vulnerabilities that are related to Adobe's CVE-2021-28550, released in Adobe Security Bulletin ID APSB21-29. Customers running affected versions of Microsoft Windows should install the June security updates to be fully protected from these three vulnerabilities.” This vulnerability affects Windows 7, Server 2008 and later Windows OS versions and is rated as Important with a CVSSv3 base score of 5.2, which could be missed in some organizations' prioritization.

 

Microsoft resolved an Elevation of Privilege vulnerability (CVE-2021-33739) in Microsoft DWM Core Library which could allow an attacker to elevate from no authorization to full control of the system without the need for user interaction. The attacker can use a variety of methods to access a system and, once on, would be able to run an executable or script to gain control of the affected system. This vulnerability only affects Windows 10 1909, Server 2004 and later Windows OSs. The vulnerability is rated as Important and has a CVSSv3 base score of 8.4, which could be missed in some organizations' prioritization.

 

The Windows OS updates this month are the top priority and resolve all of the Zero Day vulnerabilities that Microsoft has resolved. Prioritize the OS update to reduce this risk quickly.

 

Writers Wanted

Diverse spokespeople and humour: how the government's next ad campaign could boost COVID vaccine uptake

arrow_forward

Let's talk about what each uni does, but don't make it a choice between teaching or research

arrow_forward

The Advantages Of Using Betting Apps in Australia

arrow_forward

The Conversation
INTERWEBS DIGITAL AGENCY

Politics

Prime Minister interview with Karl Stefanovic and Allison Langdon

Karl Stefanovic: PM, good morning to you. Do you have blood on your hands?   PRIME MINISTER: No, it's obviously absurd. What we're doing here is we've got a temporary pause in place because we'v...

Karl Stefanovic and Allison Langdon - avatar Karl Stefanovic and Allison Langdon

Prime Minister Scott Morrison delivered Keynote Address at AFR Business Summit

Well, thank you all for the opportunity to come and be with you here today. Can I also acknowledge the Gadigal people, the Eora Nation, the elders past and present and future. Can I also acknowled...

Scott Morrison - avatar Scott Morrison

Morrison Government commits record $9B to social security safety net

The Morrison Government is enhancing our social security safety net by increasing support for unemployed Australians while strengthening their obligations to search for work.   From March the ...

Scott Morrison - avatar Scott Morrison

Business News

Boom in Aussies buying up restaurants, pubs, hotels and bars in regional centres

With international borders closed, regional Australia is seeing a dramatic surge in popularity as people move out of the cities and into their quaint communities. City slickers are looking for new...

Tess Sanders Lazarus - avatar Tess Sanders Lazarus

5 Signs Your Business Needs Onboarding Software

Onboarding software is the technology that automates a smooth transition for new hires from before the interview to the first day on the job. High-quality onboarding platforms feature a digital da...

Onboarded - avatar Onboarded

What Is COVID 19 Risk Assessment for Vulnerable Workers and Why Your Business Needs it

During the height of the COVID-19 pandemic, governments strongly advised people to just stay at home as a critical effort to stop the spread of the virus. This led to many businesses temporarily s...

NewsServices.com - avatar NewsServices.com