CyberScotland Bulletin

Microsoft released its monthly security update Tuesday 8th June 2021, disclosing 50 vulnerabilities across its suite of products.

This Patch Tuesday, the breakdown of vulnerabilities include 5 “critical” ratings with the rest labelled as “important”. Additionally, there has been 6 out of 7 zero-days that have been identified as being currently exploited in the wild. The 6 zero-days are as follows:

• CVE-2021-31955 – Windows Kernel Information Disclosure Vulnerability
• CVE-2021-31956 – Windows NTFS Elevation of Privilege Vulnerability
• CVE-2021-33739 – Microsoft DWM Core Library Elevation of Privilege Vulnerability
• CVE-2021-33742 – Windows MSHTML Platform Remote Code Execution Vulnerability
• CVE-2021-31199 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
• CVE-2021-31201 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability

As reported by zdnet.com, the products affected by these vulnerabilities are Microsoft Office, .NET Core & Visual Studio, the Edge browser, Windows Cryptographic Services, SharePoint, Outlook, and Excel.

One notable vulnerability with a “critical” rating relates to Microsoft Defender. According to Lansweeper.com, the vulnerability allows for an attacker to perform remote code execution on the targeted machine. It is strongly recommended to perform updates for Microsoft Defender right now.

A full list of Microsoft’s June 2021 Patches, their CVE’s Severities, scores, exploits, and disclosures can be found here: SANS Internet Storm Centre.

Apple has patched two new Zero-Day’s which have been exploited in the wild in their latest iOS update version 12.5.3.

In a report by thehackernews.com, Apple has patched two new discovered Zero-Day’s and urges all users to update as soon as possible. These vulnerabilities are:

• CVE-2021-30761 – A memory corruption issue that could be exploited to gain arbitrary code execution when processing maliciously crafted web content. The flaw was addressed with improved state management.
• CVE-2021-30762 – A use-after-free issue that could be exploited to gain arbitrary code execution when processing maliciously crafted web content. The flaw was resolved with improved memory management.

It appears the latest vulnerabilities have been directed at those with older devices such as the iPhone 6, iPad Air and iPad mini 2 and mini 3.

This latest patching of Zero-Days adds to the list of 10 previously patched Zero-Days this year, increasing the list to 12. These CVE’s are:

• CVE-2021-1782 – A malicious application may be able to elevate privileges
• CVE-2021-1870 – A remote attacker may be able to cause arbitrary code execution
• CVE-2021-1871 – A remote attacker may be able to cause arbitrary code execution
• CVE-2021-1879 – Processing maliciously crafted web content may lead to universal cross-site scripting
• CVE-2021-30657 – A malicious application may bypass Gatekeeper checks
• CVE-2021-30661 – Processing maliciously crafted web content may lead to arbitrary code execution
• CVE-2021-30663 – Processing maliciously crafted web content may lead to arbitrary code execution
• CVE-2021-30665 – Processing maliciously crafted web content may lead to arbitrary code execution
• CVE-2021-30666 – Processing maliciously crafted web content may lead to arbitrary code execution
• CVE-2021-30713 – A malicious application may be able to bypass Privacy preferences

Apple has strongly advised users to update to the latest versions of all their software products.

Google Chrome users are urged to update to the latest version of Chrome, to mitigate Zero-Day vulnerabilities discovered in June.

According to thehackernews.com, the vulnerability “CVE-2021-30554” affects WebGL, and if successfully exploited, could lead to remote code execution (RCE), corruption of data, and a potential crash of the software.

This latest Zero-Day discovery and patch is the 7th Zero-Day patch Google has produced since the start of the year.

Chrome users should also remain vigilant as a group of hackers known as ‘PuzzleMaker’ have become successful in their attempts to string together Zero-Day vulnerabilities found on Chrome to install malware directly onto Microsoft Windows.

The vulnerability known as “CVE-2021-3560“, details the ability for an unauthorised user to run authorised processes that they normally would be prevented from running. This is achieved by exploiting the vulnerability found in the application-level toolkit known as polkit.

Interestingly, this vulnerability has not been seen in older versions of Linux despite being around for several years. As stated by zdnet.com, the vulnerability was backported into recent shipping versions of polkit, which enabled the vulnerability to appear in much more modern versions of Linux distributions.

In its design, this vulnerability can’t always be exploited as it requires the correct timings and commands to be used. However, although it can’t be exploited every single time, it should still be treated with caution.

It’s recommended that Linux users, across any distribution, update to their latest version as soon as possible.