2021 June Patch Tuesday

Copyright © 2021 Ivanti. All rights reserved.
Patch Tuesday Webinar
Wednesday, June 9, 2021
Hosted by: Chris Goettl & Todd Schell

Agenda
June 2021 Patch Tuesday Overview
In the News
Bulletins and Releases
Between Patch Tuesdays
Q & A
1
2
3
4
5

Overview

June Patch Tuesday 2021
Microsoft has just released the June Patch Tuesday updates and it is a hot one! There are 49 unique
vulnerabilities, six of which have been detected in exploits in the wild. Fortunately, these are all in the
monthly OS rollups so you can knock them out in one update per system. Many of the exploited
vulnerabilities are only rated as Important and have lower CVSSv3 base scores, which can cause them to
be missed in prioritization in some organizations. This brings a very important prioritization challenge to the
forefront this month. Vendor severity ratings and scoring systems like CVSS may not reflect the real-world
risk in many cases. Adopting a Risk-based Vulnerability Management approach and using additional risk
indicators and telemetry on real-world attack trends is vital to stay ahead of threats like modern
ransomware. And good news for Microsoft Exchange admins, if you are caught up you get this month off! No
additional updates for exchange this month!

In the News

In the News
Source: Microsoft
 Windows 10 21H1 Released May 18
 https://docs.microsoft.com/en-us/windows/release-
health/release-information
 Enablement packages provide updates from Windows 10 2004
or Windows 10 20H2
 PuzzleMaker attacks exploit Windows zero-day,
chrome vulnerabilities
 https://www.zdnet.com/article/puzzlemaker-attacks-exploit-
windows-chrome-zero-day-vulnerabilities/
 Feds recover more than $2 million in ransomware
payments from Colonial Pipeline hackers
 https://www.washingtonpost.com/business/2021/06/07/colonial
-pipeline-ransomware-payment-recovered/

Threat Actors Shift Tactics Quickly
Q4 2020 Q1 2020

Known Exploited Vulnerabilities
 CVE-2021-31199 Enhanced Cryptographic Provider Elevation of Privilege
Vulnerability
 CVSS 3.0 Scores: 5.2 / 4.8
 Severity: Important
 CVE-2021-31201 Microsoft Enhanced Cryptographic Provider Elevation of
Privilege Vulnerability
 CVSS 3.0 Scores 5.2 / 4.8
 CVE-2021-31955 Windows Kernel Information Disclosure Vulnerability
 CVSS 3.0 Scores 5.5 / 5.1
Source: Microsoft

Known Exploited Vulnerabilities (cont)
 CVE-2021-31956 Windows NTFS Elevation of Privilege Vulnerability
 CVSS 3.0 Scores: 7.8 / 7.2
 CVE-2021-33742 Windows MSHTML Platform Remote Code Execution
Vulnerability
 CVSS 3.0 Scores: 7.5 / 7.0
 Severity: Critical
Source: Microsoft

Known Exploited and Disclosed Vulnerability
 CVE-2021-33739 Microsoft DWM Core Library Elevation of Privilege
Vulnerability
 CVSS 3.0 Scores: 8.4 / 7.8
Source: Microsoft

Publicly Disclosed Vulnerability
 CVE-2021-31968 Windows Remote Desktop Services Denial of
Service Vulnerability
 CVSS 3.0 Scores: 7.5 / 6.5
Source: Microsoft

Microsoft Patch Tuesday Updates of Interest
 Advisory 990001 Latest Servicing Stack Updates (SSU)
 https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001
 Updated SSUs this month
 Windows 10 1809/Server 2019
 Windows 10 1909/Server, version 1909
 Development Tool and Other Updates
 .NET 5.0 and .NET Core 3.1
 Visual Studio 2019 v16.4-16.10
 Visual Studio 2019 for Mac version 8.10
 Visual Studio Code (Kubernetes Tools)
Source: Microsoft

Windows 10 Lifecycle Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
21H1 5/18/2021 12/13/2022
20H2 10/20/2020 5/9/2023
2004 5/27/2020 12/14/2021
1909 11/12/2019 5/10/2022
Windows 10 Pro and Pro Workstation
21H1 5/18/2021 12/13/2022
20H2 10/20/2020 5/10/2022
2004 5/27/2020 12/14/2021
Windows Datacenter and Standard Server
20H2 10/20/2020 5/10/2022
2004 5/27/2020 12/14/2021
 Lifecycle Fact Sheet
 https://docs.microsoft.com/en-us/lifecycle/faq/windows

Patch Content Announcements
 Announcements Posted on Community Forum Pages
 https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
 Subscribe to receive email for the desired product(s)

Bulletins and Releases

APSB21-37: Security Update for Adobe Acrobat and Reader
 Maximum Severity: Critical
 Affected Products: Adobe Acrobat and Reader (all current versions)
 Description: Adobe has released security updates for Adobe Acrobat and Reader for
Windows and macOS. These updates address 5 critical vulnerabilities. Successful
exploitation could lead to arbitrary code execution in the context of the current user.
See https://helpx.adobe.com/security/products/acrobat/apsb21-37.html for more
details.
 Impact: Remote Code Execution
 Fixes 5 Vulnerabilities: CVE-2021-28551, CVE-2021-28552, CVE-2021-28554,
CVE-2021-28631 and CVE-2021-28632
 Restart Required: Requires application restart

MS21-06-W10: Windows 10 Update
 Affected Products: Microsoft Windows 10 Versions 1607, 1809, 1909, 2004, 20H2,
21H1, Server 2016, Server 2019, Server version 1909, Server version 2004, Server
version 20H2, IE 11, and Edge Chromium
 Description: This bulletin references 5 KB articles. See KBs for the list of changes.
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Elevation of Privilege and Information Disclosure
CVE-2021-31956, CVE-2021-33739 and CVE-2021-33742 are known exploited. CVE-
2021-31968 and CVE-2021-33739 are publicly disclosed. See the Security Update
Guide for the complete list of CVEs.
 Restart Required: Requires restart
 Known Issues: See next slides

June Known Issues for Windows 10
 KB 5003646 – Windows 10, Version 1809, Server 2019
 [Asian Packs] After installing KB 4493509, devices with some Asian language
packs installed may receive the error, "0x800f0982 -
PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround: Uninstall
and reinstall any recently added language packs or select Check for Updates and
install the April 2019 Cumulative Update. See KB for more recovery details.
Microsoft is working on a resolution.
 [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail
to start because a Cluster Network Driver is not found. Workaround: This issue
occurs because of an update to the PnP class drivers used by this service. After
about 20 minutes, you should be able to restart your device and not encounter this
issue. For more information about the specific errors, cause, and workaround for
this issue, please see KB 5003571.

June Known Issues for Windows 10 (cont)
 KB 5003635 – Windows 10 version 1909
 [Outdated Updates] System and user certificates might be lost when updating a
device from Windows 10, version 1809 or later to a later version of Windows 10.
This primarily happens when managed devices are updated using outdated
bundles or media through an update management tool such as Windows Server
Update Services (WSUS) or Microsoft Endpoint Configuration Manager.
Note: Devices using Windows Update for Business or that connect directly to
Windows Update are not impacted.
Workaround: If you have already encountered this issue on your device, you can
mitigate it within the uninstall window by going back to your previous version of
Windows. The uninstall window might be 10 or 30 days depending on the
configuration of your environment and the version you’re updating to. See
directions here.
Microsoft is working on a resolution.

 KB 5003637 – Windows 10 version 2004, Windows Server version
2004, Windows 10 version 20H2, Windows Server version 20H2,
Windows 10 version 21H1
 [Editor] When using the Microsoft Japanese Input Method Editor (IME) to enter
Kanji characters in an app that automatically allows the input of Furigana
characters, you might not get the correct Furigana characters. You might need to
enter the Furigana characters manually. Workaround: Microsoft is working on a
resolution.
 [Edge Removed] Devices with Windows installations created from custom offline
media or custom ISO image might have Microsoft Edge Legacy removed by this
update, but not automatically replaced by the new Microsoft Edge. Devices that
connect directly to Windows Update to receive updates are not affected.
Workaround: Slipstream the SSU released March 29, 2021 or later into the
custom offline media or ISO image before slipstreaming the LCU. See KB for
details.

 [Game Lag] A small subset of users have reported lower than expected
performance in games after installing this update. Most users affected by this issue
are running games full screen or borderless windowed modes and using two or
more monitors. Workaround: This issue is resolved using Known Issue Rollback
(KIR). Please note that it might take up to 24 hours for the resolution to propagate
automatically to consumer devices and non-managed business devices.
Restarting your device might help the resolution apply to your device faster. See
KB for more info on KIR and Group Policy options.
 [Audio] After installing this update, 5.1 Dolby Digital audio may play containing a
high-pitched noise or squeak in certain apps when using certain audio devices and
Windows settings. Workaround: Try streaming the video or audio in a web
browser or different app, instead of the app affected by this issue. Enable Spatial
sound settings by right clicking or long pressing on the volume icon in the
notification area, selecting Spatial sound (Off) and selecting any of the available
options. Microsoft is working on a resolution.
 [Outdated Updates]

MS21-06-IE: Security Updates for Internet Explorer
 Affected Products: Internet Explorer 9 and 11
 Description: The fixes that are included in the cumulative Security Update for
Internet Explorer are also included in the June 2020 Security Monthly Quality Rollup.
Installing either the Security Update for Internet Explorer or the Security Monthly
Quality Rollup installs the fixes that are in the cumulative update. This bulletin
references KB 5003636.
 Fixes 3 Vulnerabilities: CVE-2021-33742 is known exploited. It also fixes CVE-
2021-31959 and CVE-2021-31971.
 Restart Required: Requires browser restart
 Known Issues: None reported

MS21-06-MR2K8-ESU: Monthly Rollup for Windows Server 2008
 Affected Products: Microsoft Windows Server 2008 and IE 9
 Description: This security update includes improvements and fixes that were a part
of update KB 5003210 (released May 11, 2021). Bulletin is based on KB 5003661.
Security updates to Windows App Platform and Frameworks, Windows Cloud
Infrastructure, Windows Authentication, Windows Fundamentals, Windows Storage
and Filesystems, Windows HTML Platform, and Microsoft Scripting Engine.
 Impact: Remote Code Execution, Security Feature Bypass, and Elevation of Privilege
and CVE-2021-33742 are known exploited. No vulnerabilities are publicly disclosed.
See the Security Update Guide for the complete list of CVEs.
 Known Issues: [File Rename] See next slide.

June Known Issues for Server 2008
 KB 5003661 – Windows Server 2008 (Monthly Rollup)
 [SQL Failure] After installing this update or later updates, connections to SQL Server 2005
might fail. Workaround: This is expected behavior due to a security hardening change in
this update. To resolve this issue, you will need to update to a supported version of SQL
Server.
 [File Rename] Certain operations, such as rename, that you perform on files or folders that
are on a Cluster Shared Volume (CSV) may fail with the error,
“STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform
the operation on a CSV owner node from a process that doesn’t have administrator
privilege. Workaround: Perform the operation from a process that has administrator
privilege or perform the operation from a node that doesn’t have CSV ownership. Microsoft
is working on a resolution.
 KB 5003695 – Windows Server 2008 (Security-only Update)
 [SQL Failure]
 [File Rename]

MS21-06-SO2K8-ESU: Security-only Update for Windows Server 2008
 Maximum Severity: Important
 Affected Products: Microsoft Windows Server 2008
 Description: Bulletin is based on KB 5003695. Security updates to Windows App
Platform and Frameworks, Windows Cloud Infrastructure, Windows Authentication,
Windows Fundamentals, and Windows Storage and Filesystems.
 Impact: Security Feature Bypass and Elevation of Privilege
 Fixes 10 Vulnerabilities: CVE-2021-31199, CVE-2021-31201, and CVE-2021-
31956 are known exploited. No vulnerabilities are publicly disclosed. See the Security
Update Guide for the complete list of CVEs.
 Known Issues: See previous slide.

MS21-06-MR7-ESU: Monthly Rollup for Win 7
MS21-06-MR2K8R2-ESU Monthly Rollup for Server 2008 R2
 Affected Products: Microsoft Windows 7, Server 2008 R2, and IE
 Description: This security update includes improvements and fixes that were a part of
update KB 5003233 (released May 11, 2021). Bulletin is based on KB 5003667. Security
updates to Windows App Platform and Frameworks, Windows Cloud Infrastructure,
Windows Authentication, Windows Fundamentals, Windows Remote Desktop, Windows
Storage and Filesystems, Windows HTML Platform, and Microsoft Scripting Engine.
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service and
Elevation of Privilege
and CVE-2021-33742 are known exploited. CVE-2021-31968 is publicly disclosed. See
the Security Update Guide for the complete list of CVEs.
 Known Issues: [SQL Failure] and [File Rename]

MS21-06-SO7-ESU: Security-only Update for Win 7
MS21-06-SO2K8R2-ESU: Security-only Update for Server 2008 R2
 Affected Products: Microsoft Windows 7 and Server 2008 R2
Windows Fundamentals, Windows Remote Desktop, and Windows Storage and
Filesystems.
 Impact: Security Feature Bypass, Denial of Service and Elevation of Privilege
31956 are known exploited. CVE-2021-31968 is publicly disclosed. See the Security
 Known Issues: [SQL Failure] and [File Rename]

MS21-06-MR8: Monthly Rollup for Server 2012
 Affected Products: Microsoft Windows Server 2012 and IE
 Description: This security update includes improvements and fixes that were a part of
update KB 5003208 (released previous May 11, 2021). Bulletin is based on KB
5003697. Security updates to Windows App Platform and Frameworks, Windows Cloud
Infrastructure, Windows Authentication, Windows Fundamentals, Windows Storage and
Filesystems, Windows HTML Platform, and Microsoft Scripting Engine.
and CVE-2021-33742 are known exploited. CVE-2021-31968 is publicly disclosed. See
the Security Update Guide for the complete list of CVEs.
 Known Issues: [File Rename]

MS21-06-SO8: Security-only Update for Windows Server 2012
 Affected Products: Microsoft Windows Server 2012
Windows Fundamentals, and Windows Storage and Filesystems.
 Impact: Security Feature Bypass, Denial of Service, Elevation of Privilege and
Information Disclosure

MS21-06-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE
 Description: This security update includes improvements and fixes that were a part
of update KB 5003209 (released May 11, 2021). Bulletin is based on KB 5003671.
Security updates to Windows App Platform and Frameworks, Windows Cloud
Infrastructure, Windows Authentication, Windows Fundamentals, Windows Storage
and Filesystems, Windows HTML Platform, and Microsoft Scripting Engine.
and CVE-2021-33742 are known exploited. CVE-2021-31968 is publicly disclosed.
See the Security Update Guide for the complete list of CVEs.

MS21-06-SO81: Security-only Update for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2
Platform and Frameworks, and Windows Silicon Platform.
 Impact: Security Feature Bypass, Denial of Service, Elevation of Privilege and
Information Disclosure

MS21-06-SPT: Security Updates for SharePoint Server
 Affected Products: Microsoft SharePoint Foundation Server 2013, Microsoft
SharePoint Enterprise Server 2013, Microsoft SharePoint Enterprise Server 2016, and
Microsoft SharePoint Server 2019
 Description: This security update resolves vulnerabilities in Microsoft Office that
could allow remote code execution if a user opens a specially crafted Office file. This
bulletin is based on 8 KB articles.
 Impact: Remote Code Execution, Spoofing and Information Disclosure
 Fixes 7 Vulnerabilities: No vulnerabilities are publicly disclosed or known
exploited. CVE-2021-26420, CVE-2021-31948, CVE-2021-31950, CVE-2021-31963,
CVE-2021-31964, CVE-2021-31965, and CVE-2021-31966 are fixed in this release.
 Known Issues: See next slide

June Known Issues for SharePoint Server
 KB 5001962 – SharePoint Foundation 2013
 [URL Block] DataFormWebPart may be blocked from accessing an external URL, and it
generates "8scdc"event tags in SharePoint Unified Logging System (ULS) logs.
Workaround: Contact the farm administrator to use PowerShell to add the blocked host
name to SPFarm.AllowedSafeDomain. For more information, see KB 5004210.
 KB 5001946 – SharePoint Enterprise Server 2016
 [URL Block]
 KB 5001944 – SharePoint Server 2019
 [URL Block]

MS21-06-OFF: Security Updates for Microsoft Office
 Affected Products: Excel 2013-2016, Office 2013-2016, Office 2019 for macOS,
Office Online Server, Office Web Apps 2013, Outlook 2013-2016
 Description: This security update resolves multiple vulnerabilities in Microsoft Office
applications. Consult the Security Update Guide for specific details on each. This
bulletin references 10 KB articles plus release notes for the macOS Office.
exploited. CVE-2021-31939, CVE-2021-31940, CVE-2021-31941 and CVE-2021-
31949 are fixed in this release.

MS21-06-O365: Security Updates Microsoft 365 Apps and Office 2019
 Affected Products: Microsoft 365 Apps, Office 2019
 Description: This month’s update resolved various bugs and performance issues in
Microsoft 365 Apps and Office 2019 applications. Information on Microsoft 365 Apps
security updates is available at https://docs.microsoft.com/en-
us/officeupdates/microsoft365-apps-security-updates.
exploited. CVE-2021-31939, CVE-2021-31940, CVE-2021-31941 and CVE-2021-
31949 are fixed in this release.

Between Patch Tuesdays

Release Summary
 Security Updates (with CVEs): Google Chrome (1), Firefox (1), Firefox ESR (1),
Thunderbird (2), VMware Horizon Client (1), VMware Workstation Player (1), VMware
Workstation Pro (1)
 Security (w/o CVEs): Audacity (1), Camtasia (1), CCleaner (1), ClickShare App Machine-
Wide Installer (1), Falcon sensor for Windows (1), Dropbox (2), Evernote (3), FileZilla Client (4),
GoodSync (6), GIT for Windows (1), LibreOffice (1), Malwarebytes (1), Node.JS 14.17.0 (3),
Notepad++ (1), Opera (4), Pidgin (1), Plex Media Server (5), Skype (2), Slack Machine-Wide
Installer (4), Snagit (2), Splunk Universal Forwarder (2), Tableau Desktop (5), Tableau Prep Builder
(1), Tableau Reader (1), Apache Tomcat (2), TeamViewer (5), VLC Media Player (2), Wireshark (2),
Zoom Client (2), Zoom Outlook Plugin (1)
 Non-Security Updates: AIMP (2), Allway Sync (1), BlueJeans Outlook Addin (1), Google
Drive File Stream (1), Inkscape (1), IrfanView (1), BlueJeans (3), R for Windows 4.1.0 (1),
RingCentral App (Machine-Wide Installer) (1), TortoiseHG (1), RealVNC Viewer (1), Cisco WebEx
Teams (2)

Third Party CVE Information
 Google Chrome 91.0.4472.77
 CHROME-210525, QGC910447277
CVE-2021-30523, CVE-2021-30524, CVE-2021-30525, CVE-2021-30526, CVE-
2021-30527, CVE-2021-30528, CVE-2021-30529, CVE-2021-30530, CVE-2021-
30531, CVE-2021-30532, CVE-2021-30533, CVE-2021-30534, CVE-2021-30535,
2021-30540
 Thunderbird 78.10.2
 TB-210517, QTB78102
 Fixes 2 Vulnerabilities: CVE-2021-29956, CVE-2021-29957
 Thunderbird 78.11.0
 TB-210603, QTB78102

Third Party CVE Information (cont)
 Firefox 89.0
 FF-210601, QFF890
2021-29966, CVE-2021-29967
 Firefox ESR 78.11.0
 FFE-210601, QFFE78110
 VMware Horizon Client 5.5.2
 VMWH5-210521, QVMWH552
 Fixes 3 Vulnerabilities: CVE-2021-21987, CVE-2021-21988, CVE-2021-21989

Third Party CVE Information (cont)
 VMware Workstation Player 16.1.2
 VMWP16-210519, QVMWP1612
 VMware Workstation Pro 16.1.2
 VMWW16-210519, QVMWW1612

Q & A

2021 June Patch Tuesday

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Semelhante a 2021 June Patch Tuesday

Semelhante a 2021 June Patch Tuesday (20)

Mais de Ivanti

Mais de Ivanti (20)

Último

Último (20)

2021 June Patch Tuesday