Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2021.0116 Microsoft Patch Tuesday update for Windows for June 2021 9 June 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Windows Windows RT Windows Server VP9 Video Extensions Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Increased Privileges -- Remote with User Interaction Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Unauthorised Access -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2021-33742 CVE-2021-33739 CVE-2021-31977 CVE-2021-31976 CVE-2021-31975 CVE-2021-31974 CVE-2021-31973 CVE-2021-31972 CVE-2021-31971 CVE-2021-31970 CVE-2021-31969 CVE-2021-31968 CVE-2021-31967 CVE-2021-31962 CVE-2021-31960 CVE-2021-31959 CVE-2021-31958 CVE-2021-31956 CVE-2021-31955 CVE-2021-31954 CVE-2021-31953 CVE-2021-31952 CVE-2021-31951 CVE-2021-31201 CVE-2021-31199 CVE-2021-26414 CVE-2021-1675 OVERVIEW Microsoft has released its monthly security patch update for the month of June 2021. This update resolves 27 vulnerabilities across the following products: [1] VP9 Video Extensions Windows 10 Windows 8.1 Windows RT 8.1 Windows Server Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Server 2019 IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2021-1675 Elevation of Privilege Important CVE-2021-26414 Security Feature Bypass Important CVE-2021-31199 Elevation of Privilege Important CVE-2021-31201 Elevation of Privilege Important CVE-2021-31951 Elevation of Privilege Important CVE-2021-31952 Elevation of Privilege Important CVE-2021-31953 Elevation of Privilege Important CVE-2021-31954 Elevation of Privilege Important CVE-2021-31955 Information Disclosure Important CVE-2021-31956 Elevation of Privilege Important CVE-2021-31958 Elevation of Privilege Important CVE-2021-31959 Remote Code Execution Critical CVE-2021-31960 Information Disclosure Important CVE-2021-31962 Security Feature Bypass Important CVE-2021-31967 Remote Code Execution Critical CVE-2021-31968 Denial of Service Important CVE-2021-31969 Elevation of Privilege Important CVE-2021-31970 Security Feature Bypass Important CVE-2021-31971 Security Feature Bypass Important CVE-2021-31972 Information Disclosure Important CVE-2021-31973 Elevation of Privilege Important CVE-2021-31974 Denial of Service Important CVE-2021-31975 Information Disclosure Important CVE-2021-31976 Information Disclosure Important CVE-2021-31977 Denial of Service Important CVE-2021-33739 Elevation of Privilege Important CVE-2021-33742 Remote Code Execution Critical MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1]. KB5003635, KB5003636, KB5003637, KB5003638, KB5003646 KB5003671, KB5003681, KB5003687, KB5003696, KB5003697 REFERENCES [1] Microsoft Security Update Guidance https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYMAPC+NLKJtyKPYoAQjUtQ//VpHJTGq2o8ERrUWTxKZAjjo/v12jp40j l0FR+QMD39ywj6tJwJrVWCWsI5xmAPNixpSqY6M5feuUsTMPMdW8+/eMtaSYvS3p +bsIv8wr7hQv3B7SR52wvRXD4UZKDVVGyroe0ItHhjm1R5Vrdx0p+pKwNdQmlKkx 7IbN9POIWoeIisqgdeSvaEvdD0U1z4/ttrfEi5R1vxf709gRMeus5/0F7QFgGook hmcBFy+HOqaG6ICepAXnM0DgTcjeEzcJRZjOmhmUU2codKRv24PDl9V/gJvj7mUO FsGtIYdjTm0CmlZeHNWNNR4JV4HQx+vfv4QVXU8FA7rFgcmsHxuE5KBWmfjxQitn AwZ+WPovbOlSf3ewtrLbG5NuxdLuJeC4B/olkuefSubdP53MIO5CAufYkaCXaTLF 7Ha1OlPD8Zdj9w7q2JQhEuFKyH0954zWCXLmYl0ythkoLIbmwL2YcSLc7WSavI9/ fpHe+6X6eJd0paXDkUgdZ2Tme1Z8IQ/agpJkXADhwoN5hxb3Djjwgwox2frPAcgJ FLSNMRL+5VRDCaPi4373NZfNC2KGu9PN6S7FIAtRWMmQ6J9ISh6CQPbgwkohth9F s/qDT4reMpIDUmGk599pBdmlBiekIQ5EJ33/wzkP7DV6mh1/c3HodMkk/+Wz1/H7 Dn/SuzHSElY= =T4QD -----END PGP SIGNATURE-----