VERT Threat Alert: June 2021 Patch Tuesday Analysis

VERT Threat Alert: June 2021 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s June 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-947 on Wednesday, June 9th.In-The-Wild & Disclosed CVEsCVE-2021-31955This is one of two vulnerabilities fixed in today’s patch drop which were reported by Kaspersky Lab after detecting exploitation by threat actor PuzzleMaker. This Windows Kernel Information Disclosure could allow an attacker to read kernel memory via a user mode process via a vulnerable function call related to SuperFetch. The vulnerability in ntoskrnl.exe has been exploited in the wild.Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.CVE-2021-31956This is the second of two vulnerabilities fixed in today’s patch drop which were reported by Kaspersky Lab after detecting exploitation by threat actor PuzzleMaker. This vulnerability requires that an authenticated user execute code locally in order to exploit a heap-based buffer overflow in NTFS (ntfs.sys) that will allow for privilege escalation.Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.CVE-2021-33739This CVE describes a publicly disclosed and exploited vulnerability in Desktop Window Manager (DWM) Core that could lead to privilege escalation via the execution of a malicious script or executable by an authenticated user.Microsoft has rated th ..

Support the originator by clicking the read the rest link below.