Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2021.0115 Microsoft Patch Tuesday update for Microsoft Extended Security Update (ESU) for June 2021 9 June 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Windows 7 Windows Server 2008 Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Increased Privileges -- Remote with User Interaction Denial of Service -- Remote/Unauthenticated Unauthorised Access -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2021-33742 CVE-2021-31973 CVE-2021-31971 CVE-2021-31968 CVE-2021-31962 CVE-2021-31959 CVE-2021-31958 CVE-2021-31956 CVE-2021-31954 CVE-2021-31953 CVE-2021-31201 CVE-2021-31199 CVE-2021-26414 CVE-2021-1675 OVERVIEW Microsoft has released its monthly security patch update for the month of June 2021. This update resolves 14 vulnerabilities across the following products: [1] Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2021-1675 Elevation of Privilege Important CVE-2021-26414 Security Feature Bypass Important CVE-2021-31199 Elevation of Privilege Important CVE-2021-31201 Elevation of Privilege Important CVE-2021-31953 Elevation of Privilege Important CVE-2021-31954 Elevation of Privilege Important CVE-2021-31956 Elevation of Privilege Important CVE-2021-31958 Elevation of Privilege Important CVE-2021-31959 Remote Code Execution Critical CVE-2021-31962 Security Feature Bypass Important CVE-2021-31968 Denial of Service Important CVE-2021-31971 Security Feature Bypass Important CVE-2021-31973 Elevation of Privilege Important CVE-2021-33742 Remote Code Execution Critical MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1]. KB5003636, KB5003661, KB5003667, KB5003694, KB5003695 REFERENCES [1] Microsoft Security Update Guidance https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYMAOBeNLKJtyKPYoAQjwog/+K6IgI5P/RrPHj7RBsvPhGw8gTicoKiXN +8TgFxW9I5ZCyXvMdGPvUKpzSdWi/PBJbMVMKTcK1x9nVpoHNRkC6EX+lC7C1TvS +ZnfLvDCbbj7zLksT+eTwQb4ausclLT8EzCxHkjWIA5OMWAUGmMIkG5dHqyCPP9X 9OE217k2HCLgWuLibv+wbYI8Kmi2/B4O0RrHtlvmWu58XigoC1NWH5KFL19phuH+ 68lALvLszgS7LTKzbrhru75P5ui6bvIpxu4DHIHPFe/ylrAGMY2MK747eDDk+lQ+ ZUfZEmw/wClI0bH7uETdBZf3R5GyL9pyoq7puI4eha1f0RzqICK+Bunt7sR34QiU 5Wtb6qCYheMoJBgE9TRiqA2rOGFRmZJliL1rkEevm48fCyoQdT64EotxHuoWQvEj 7nz/hnmJmLh3tmKS2tArMNO+r5RlsCuirll8CVTvdDOwIg4sYoq6/edJpMUmIimE fNf3sqTxlUfu1s/G5nmQ13disXu97cyycJivVgLOXQQ512prQB+LNlVXoSiNBXWL 6UHSL05VNuJKojbmrMgIT3+tybR27nVOzn+/rsgOkhqf4uyKg1t7IztxSH8Rtfr1 P09K/Mh6qyaOAInzFoKBCGbftAdzpXraTNg86dbKph3nQBMRL+hbHRr+yD/YZhc+ xHT996XBwD0= =8U53 -----END PGP SIGNATURE-----