Microsoft Security Bulletin Coverage for June 2021

By

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of June 2021. A list of issues reported, along with SonicWall coverage information is as follows:

CVE-2021-31199 Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
ASPY 192:Malformed-File exe.MP.187

CVE-2021-31201 Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
ASPY 193:Malformed-File exe.MP.188

CVE-2021-31952 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
ASPY 187:Malformed-File exe.MP.183

CVE-2021-31954 Windows Common Log File System Driver Elevation of Privilege Vulnerability
ASPY 194:Malformed-File exe.MP.189

CVE-2021-31955 Windows Kernel Information Disclosure Vulnerability
ASPY 189:Malformed-File exe.MP.185

CVE-2021-31956 Windows NTFS Elevation of Privilege Vulnerability
ASPY 188:Malformed-File exe.MP.184

CVE-2021-31959 Scripting Engine Memory Corruption Vulnerability
IPS 15594:Scripting Engine Memory Corruption Vulnerability (CVE-2021-31959)

CVE-2021-33739 Microsoft DWM Core Library Elevation of Privilege Vulnerability
ASPY 190:Malformed-File exe.MP.186

Adobe Coverage:
CVE-2021-28554 Acrobat Reader Arbitrary Code Execution Vulnerability
ASPY 191:Malformed-File pdf.MP.478

The following vulnerabilities do not have exploits in the wild :
CVE-2021-1675 Windows Print Spooler Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-26414 Windows DCOM Server Security Feature Bypass
There are no known exploits in the wild.
CVE-2021-26420 Microsoft SharePoint Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-31938 Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-31939 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-31940 Microsoft Office Graphics Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-31941 Microsoft Office Graphics Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-31942 3D Viewer Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-31943 3D Viewer Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-31944 3D Viewer Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-31945 Paint 3D Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-31946 Paint 3D Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-31948 Microsoft SharePoint Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-31949 Microsoft Outlook Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-31950 Microsoft SharePoint Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-31951 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-31953 Windows Filter Manager Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-31957 .NET Core and Visual Studio Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-31958 Windows NTLM Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-31960 Windows Bind Filter Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-31962 Kerberos AppContainer Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2021-31963 Microsoft SharePoint Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-31964 Microsoft SharePoint Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-31965 Microsoft SharePoint Server Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-31966 Microsoft SharePoint Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-31967 VP9 Video Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-31968 Windows Remote Desktop Services Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-31969 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-31970 Windows TCP/IP Driver Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2021-31971 Windows HTML Platform Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2021-31972 Event Tracing for Windows Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-31973 Windows GPSVC Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-31974 Server for NFS Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-31975 Server for NFS Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-31976 Server for NFS Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-31977 Windows Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-31978 Microsoft Defender Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-31980 Microsoft Intune Management Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-31983 Paint 3D Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-31985 Microsoft Defender Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-33742 Windows MSHTML Platform Remote Code Execution Vulnerability
There are no known exploits in the wild.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.