Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2021.0116
Microsoft Patch Tuesday update for Windows for June 2021
9 June 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Windows
Windows RT
Windows Server
VP9 Video Extensions
Operating System: Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Increased Privileges -- Remote with User Interaction
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Unauthorised Access -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-33742 CVE-2021-33739 CVE-2021-31977
CVE-2021-31976 CVE-2021-31975 CVE-2021-31974
CVE-2021-31973 CVE-2021-31972 CVE-2021-31971
CVE-2021-31970 CVE-2021-31969 CVE-2021-31968
CVE-2021-31967 CVE-2021-31962 CVE-2021-31960
CVE-2021-31959 CVE-2021-31958 CVE-2021-31956
CVE-2021-31955 CVE-2021-31954 CVE-2021-31953
CVE-2021-31952 CVE-2021-31951 CVE-2021-31201
CVE-2021-31199 CVE-2021-26414 CVE-2021-1675
OVERVIEW
Microsoft has released its monthly security patch update for the
month of June 2021.
This update resolves 27 vulnerabilities across the following
products: [1]
VP9 Video Extensions
Windows 10
Windows 8.1
Windows RT 8.1
Windows Server
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Windows Server 2019
IMPACT
Microsoft has given the following details regarding these vulnerabilities.
Details Impact Severity
CVE-2021-1675 Elevation of Privilege Important
CVE-2021-26414 Security Feature Bypass Important
CVE-2021-31199 Elevation of Privilege Important
CVE-2021-31201 Elevation of Privilege Important
CVE-2021-31951 Elevation of Privilege Important
CVE-2021-31952 Elevation of Privilege Important
CVE-2021-31953 Elevation of Privilege Important
CVE-2021-31954 Elevation of Privilege Important
CVE-2021-31955 Information Disclosure Important
CVE-2021-31956 Elevation of Privilege Important
CVE-2021-31958 Elevation of Privilege Important
CVE-2021-31959 Remote Code Execution Critical
CVE-2021-31960 Information Disclosure Important
CVE-2021-31962 Security Feature Bypass Important
CVE-2021-31967 Remote Code Execution Critical
CVE-2021-31968 Denial of Service Important
CVE-2021-31969 Elevation of Privilege Important
CVE-2021-31970 Security Feature Bypass Important
CVE-2021-31971 Security Feature Bypass Important
CVE-2021-31972 Information Disclosure Important
CVE-2021-31973 Elevation of Privilege Important
CVE-2021-31974 Denial of Service Important
CVE-2021-31975 Information Disclosure Important
CVE-2021-31976 Information Disclosure Important
CVE-2021-31977 Denial of Service Important
CVE-2021-33739 Elevation of Privilege Important
CVE-2021-33742 Remote Code Execution Critical
MITIGATION
Microsoft recommends updating the software with the version made
available on the Microsoft Update Catalogue for the following
Knowledge Base articles. [1].
KB5003635, KB5003636, KB5003637, KB5003638, KB5003646
KB5003671, KB5003681, KB5003687, KB5003696, KB5003697
REFERENCES
[1] Microsoft Security Update Guidance
https://portal.msrc.microsoft.com/en-us/security-guidance
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYMAPC+NLKJtyKPYoAQjUtQ//VpHJTGq2o8ERrUWTxKZAjjo/v12jp40j
l0FR+QMD39ywj6tJwJrVWCWsI5xmAPNixpSqY6M5feuUsTMPMdW8+/eMtaSYvS3p
+bsIv8wr7hQv3B7SR52wvRXD4UZKDVVGyroe0ItHhjm1R5Vrdx0p+pKwNdQmlKkx
7IbN9POIWoeIisqgdeSvaEvdD0U1z4/ttrfEi5R1vxf709gRMeus5/0F7QFgGook
hmcBFy+HOqaG6ICepAXnM0DgTcjeEzcJRZjOmhmUU2codKRv24PDl9V/gJvj7mUO
FsGtIYdjTm0CmlZeHNWNNR4JV4HQx+vfv4QVXU8FA7rFgcmsHxuE5KBWmfjxQitn
AwZ+WPovbOlSf3ewtrLbG5NuxdLuJeC4B/olkuefSubdP53MIO5CAufYkaCXaTLF
7Ha1OlPD8Zdj9w7q2JQhEuFKyH0954zWCXLmYl0ythkoLIbmwL2YcSLc7WSavI9/
fpHe+6X6eJd0paXDkUgdZ2Tme1Z8IQ/agpJkXADhwoN5hxb3Djjwgwox2frPAcgJ
FLSNMRL+5VRDCaPi4373NZfNC2KGu9PN6S7FIAtRWMmQ6J9ISh6CQPbgwkohth9F
s/qDT4reMpIDUmGk599pBdmlBiekIQ5EJ33/wzkP7DV6mh1/c3HodMkk/+Wz1/H7
Dn/SuzHSElY=
=T4QD
-----END PGP SIGNATURE-----