New Threat Research: MalSync Teardown: From DLL Hijacking to PHP Malware for Windows  

Read Threat Research

Search

Microsoft June Patch Tuesday

Microsoft’s June Patch Tuesday on June 8th came with fixes for seven zero-day vulnerabilities and 50 flaws. Five flaws were classified as critical and the other 45 as important. Of the seven zero-days in the patch, six of them already being known as being exploited in the wild and are tracked as:

  • CVE-2021-31955 – Windows Kernel Information Disclosure Vulnerability 
  • CVE-2021-31956 – Windows NTFS Elevation of Privilege Vulnerability
  • CVE-2021-33739 – Microsoft DWM Core Library Elevation of Privilege Vulnerability
  • CVE-2021-33742 – Windows MSHTML Platform Remote Code Execution Vulnerability
  • CVE-2021-31199 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
  • CVE-2021-31201 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability

In addition, CVE-2021-31968 was a Windows Remote Desktop Services Denial of Service Vulnerability but was not disclosed as being exploited currently. Kaspersky researchers explain that the CVE-2021-31955 and CVE-2021-31956 zero-day vulnerabilities were used in attacks by a new threat actor group known as PuzzleMaker. The group used highly targeted attacks utilizing the Chrome zero-day exploit chain. The threat actor then chained together the CVE-2021-31955 and CVE-2021-31956 vulnerabilities to elevate their privileges on the compromised Windows devices. The final goal of the threat actors was to drop a remote shell that allowed them to upload and download files and execute commands.

Analyst Notes

It is important that whenever patches are released for a system that they are tested and deployed as quickly as possible. Because six of the vulnerabilities have been used by threat actors, companies must ensure that they are not susceptible to attacks through these and that they make sure they have not been the victim of an attack before the patch was downloaded. Companies should utilize a monitoring service such as Binary Defense’s Managed Detection and Response to monitor for any unusual behavior that could be occurring because of an attack.

A list of all the flaws in the Patch Tuesday update can be found here: https://www.bleepingcomputer.com/news/microsoft/microsoft-june-2021-patch-tuesday-fixes-6-exploited-zero-days-50-flaws/