Microsoft’s June Patch Tuesday on June 8th came with fixes for seven zero-day vulnerabilities and 50 flaws. Five flaws were classified as critical and the other 45 as important. Of the seven zero-days in the patch, six of them already being known as being exploited in the wild and are tracked as:
- CVE-2021-31955 – Windows Kernel Information Disclosure Vulnerability
- CVE-2021-31956 – Windows NTFS Elevation of Privilege Vulnerability
- CVE-2021-33739 – Microsoft DWM Core Library Elevation of Privilege Vulnerability
- CVE-2021-33742 – Windows MSHTML Platform Remote Code Execution Vulnerability
- CVE-2021-31199 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
- CVE-2021-31201 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
In addition, CVE-2021-31968 was a Windows Remote Desktop Services Denial of Service Vulnerability but was not disclosed as being exploited currently. Kaspersky researchers explain that the CVE-2021-31955 and CVE-2021-31956 zero-day vulnerabilities were used in attacks by a new threat actor group known as PuzzleMaker. The group used highly targeted attacks utilizing the Chrome zero-day exploit chain. The threat actor then chained together the CVE-2021-31955 and CVE-2021-31956 vulnerabilities to elevate their privileges on the compromised Windows devices. The final goal of the threat actors was to drop a remote shell that allowed them to upload and download files and execute commands.