Operating System:

[WIN]

Published:

09 June 2021

Protect yourself against future threats.

//Service

Member Security Incident Notifications

Be proactive with your security and receive our daily Member Security Incident Notifications (MSINs) custom to your network.

Read more
Resources > Security Bulletins > ASB-2021.0115 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2021.0115
           Microsoft Patch Tuesday update for Microsoft Extended
                    Security Update (ESU) for June 2021
                                9 June 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          Windows 7
                  Windows Server 2008
Operating System: Windows
Impact/Access:    Execute Arbitrary Code/Commands -- Remote with User Interaction
                  Increased Privileges            -- Remote with User Interaction
                  Denial of Service               -- Remote/Unauthenticated      
                  Unauthorised Access             -- Remote/Unauthenticated      
Resolution:       Patch/Upgrade
CVE Names:        CVE-2021-33742 CVE-2021-31973 CVE-2021-31971
                  CVE-2021-31968 CVE-2021-31962 CVE-2021-31959
                  CVE-2021-31958 CVE-2021-31956 CVE-2021-31954
                  CVE-2021-31953 CVE-2021-31201 CVE-2021-31199
                  CVE-2021-26414 CVE-2021-1675 

OVERVIEW

        Microsoft has released its monthly security patch update for the
        month of June 2021.
        
        This update resolves 14 vulnerabilities across the following
        products: [1]
        
         Windows 7 for 32-bit Systems Service Pack 1
         Windows 7 for x64-based Systems Service Pack 1
         Windows Server 2008 R2 for x64-based Systems Service Pack 1
         Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
         Windows Server 2008 for 32-bit Systems Service Pack 2
         Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
         Windows Server 2008 for x64-based Systems Service Pack 2
         Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)


IMPACT

        Microsoft has given the following details regarding these vulnerabilities.
        
         Details         Impact                   Severity
         CVE-2021-1675   Elevation of Privilege   Important
         CVE-2021-26414  Security Feature Bypass  Important
         CVE-2021-31199  Elevation of Privilege   Important
         CVE-2021-31201  Elevation of Privilege   Important
         CVE-2021-31953  Elevation of Privilege   Important
         CVE-2021-31954  Elevation of Privilege   Important
         CVE-2021-31956  Elevation of Privilege   Important
         CVE-2021-31958  Elevation of Privilege   Important
         CVE-2021-31959  Remote Code Execution    Critical
         CVE-2021-31962  Security Feature Bypass  Important
         CVE-2021-31968  Denial of Service        Important
         CVE-2021-31971  Security Feature Bypass  Important
         CVE-2021-31973  Elevation of Privilege   Important
         CVE-2021-33742  Remote Code Execution    Critical


MITIGATION

        Microsoft recommends updating the software with the version made
        available on the Microsoft Update Catalogue for the following
        Knowledge Base articles. [1].
        
         KB5003636, KB5003661, KB5003667, KB5003694, KB5003695


REFERENCES

        [1] Microsoft Security Update Guidance
            https://portal.msrc.microsoft.com/en-us/security-guidance

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYMAOBeNLKJtyKPYoAQjwog/+K6IgI5P/RrPHj7RBsvPhGw8gTicoKiXN
+8TgFxW9I5ZCyXvMdGPvUKpzSdWi/PBJbMVMKTcK1x9nVpoHNRkC6EX+lC7C1TvS
+ZnfLvDCbbj7zLksT+eTwQb4ausclLT8EzCxHkjWIA5OMWAUGmMIkG5dHqyCPP9X
9OE217k2HCLgWuLibv+wbYI8Kmi2/B4O0RrHtlvmWu58XigoC1NWH5KFL19phuH+
68lALvLszgS7LTKzbrhru75P5ui6bvIpxu4DHIHPFe/ylrAGMY2MK747eDDk+lQ+
ZUfZEmw/wClI0bH7uETdBZf3R5GyL9pyoq7puI4eha1f0RzqICK+Bunt7sR34QiU
5Wtb6qCYheMoJBgE9TRiqA2rOGFRmZJliL1rkEevm48fCyoQdT64EotxHuoWQvEj
7nz/hnmJmLh3tmKS2tArMNO+r5RlsCuirll8CVTvdDOwIg4sYoq6/edJpMUmIimE
fNf3sqTxlUfu1s/G5nmQ13disXu97cyycJivVgLOXQQ512prQB+LNlVXoSiNBXWL
6UHSL05VNuJKojbmrMgIT3+tybR27nVOzn+/rsgOkhqf4uyKg1t7IztxSH8Rtfr1
P09K/Mh6qyaOAInzFoKBCGbftAdzpXraTNg86dbKph3nQBMRL+hbHRr+yD/YZhc+
xHT996XBwD0=
=8U53
-----END PGP SIGNATURE-----