Daily Bulletin

Men's Weekly

.


Microsoft has just released the June Patch Tuesday updates and it is a hot one! There are 49 unique vulnerabilities, six of which have been detected in exploits in the wild. Many of the exploited vulnerabilities are only rated as Important and have lower CVSSv3 base scores, which can cause them to be missed in prioritization in some organizations. This brings a very important prioritization challenge to the forefront this month. Vendor severity ratings and scoring systems like CVSS may not reflect the real-world risk in many cases. Adopting a Risk-based Vulnerability Management approach and using additional risk indicators and telemetry on real-world attack trends is vital to stay ahead of threats like modern ransomware.

 

Microsoft resolved an Information Disclosure vulnerability in Windows Kernel (CVE-2021-31955).  The vulnerability affects Windows 10 1809, Server 2019 and later versions of the Windows OS. This vulnerability allows an attacker to access the contents of Kernel memory from a user mode process, granting access to sensitive information. The vulnerability is rated as Important and has a CVSSv3 base score of 5.5, which could be missed in some organizations' prioritization.

 

Microsoft resolved an Elevation of Privilege vulnerability in Windows NTFS (CVE-2021-31956) which could allow an attacker could convince a local user to open a malicious file, or in the case the attacker is already on the system, run a specially crafted application to exploit the vulnerability and take control of the affected system. This vulnerability affects Windows 7, Server 2008 and later Windows OS versions. The vulnerability is rated as Important and has a CVSSv3 base score of 7.8, which could be missed in some organizations' prioritization.

 

Microsoft resolved a Remote Code Execution vulnerability (CVE-2021-33742) which could allow an attacker to remotely execute code on the target system. To exploit the vulnerability, the attacker must convince a user to take an action — but this is a small barrier for threat actors. The exploit does not require any privileges to exploit the vulnerability. This vulnerability affects Windows 7, Server 2008 and later Windows OS versions and is rated as Critical with a CVSSv3 base score of 7.5.

 

Microsoft resolved an Elevation of Privilege vulnerability(CVE-2021-31199) in Microsoft Enhanced Cryptographic Provider which could allow an attacker to elevate from a low privilege to gain access to more information on the system and modify some data. This vulnerability is related to a previously exploited Adobe vulnerability. To fully resolve the threat there are three vulnerabilities that must be resolved. “Microsoft CVE-2021-31201 and CVE-2021-31199 address vulnerabilities that are related to Adobe's CVE-2021-28550, released in Adobe Security Bulletin ID APSB21-29. Customers running affected versions of Microsoft Windows should install the June security updates to be fully protected from these three vulnerabilities.” This vulnerability affects Windows 7, Server 2008 and later Windows OS versions and is rated as Important with a CVSSv3 base score of 5.2, which could be missed in some organizations' prioritization.

 

Microsoft resolved an Elevation of Privilege vulnerability (CVE-2021-31201) in Microsoft Enhanced Cryptographic Provider which could allow an attacker to elevate from a low privilege to gain access to more information on the system and ability to modify some data. This vulnerability is related to a previously exploited Adobe vulnerability. To fully resolve the threat there are three vulnerabilities that must be resolved. “Microsoft CVE-2021-31201 and CVE-2021-31199 address vulnerabilities that are related to Adobe's CVE-2021-28550, released in Adobe Security Bulletin ID APSB21-29. Customers running affected versions of Microsoft Windows should install the June security updates to be fully protected from these three vulnerabilities.” This vulnerability affects Windows 7, Server 2008 and later Windows OS versions and is rated as Important with a CVSSv3 base score of 5.2, which could be missed in some organizations' prioritization.

 

Microsoft resolved an Elevation of Privilege vulnerability (CVE-2021-33739) in Microsoft DWM Core Library which could allow an attacker to elevate from no authorization to full control of the system without the need for user interaction. The attacker can use a variety of methods to access a system and, once on, would be able to run an executable or script to gain control of the affected system. This vulnerability only affects Windows 10 1909, Server 2004 and later Windows OSs. The vulnerability is rated as Important and has a CVSSv3 base score of 8.4, which could be missed in some organizations' prioritization.

 

The Windows OS updates this month are the top priority and resolve all of the Zero Day vulnerabilities that Microsoft has resolved. Prioritize the OS update to reduce this risk quickly.

 

Business News

How to Extend the Lifespan of Your Conveyor System

It’s easy to forget your conveyor is even there, until it stops. And when it does, you’re in a world of delayed orders, unexpected downtime, and one very expensive headache. But the good news is tha...

Daily Bulletin - avatar Daily Bulletin

Virtual CFO Hiring Checklist: 10 Expert Tips in Australia

Hiring a Virtual CFO (VCFO) is no longer just reserved for large corporations. In today’s business environment, where agility, compliance, and strategic foresight are essential, Australian startups...

Daily Bulletin - avatar Daily Bulletin

Top Mistakes to Avoid When Hiring Office Removalists in Perth

Moving a workplace is more than shifting workstations and computers; it is a complex project that can affect staff morale, customer service and revenue if it goes off-track. Perth’s commercial prope...

Daily Bulletin - avatar Daily Bulletin

LayBy Deals