fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft June 2021 Patch Tuesday Fixes 6 Exploited Zero-days, 50 Flaws

Microsoft June 2021 Patch Tuesday Fixes 6 Exploited Zero-days, 50 Flaws

Today is Microsoft’s June 2021 Patch Tuesday, and with it comes fixes for seven zero-day vulnerabilities and a total of 50 flaws, so Windows admins will be scrambling to get devices secured.

Microsoft has fixed 50 vulnerabilities with today’s update, with five classified as Critical and forty-five as Important.

For information about the non-security Windows updates, you can read about today’s Windows 10 KB5003637 & KB5003635 cumulative updates.

Seven zero-day vulnerabilities fixed

As part of today’s Patch Tuesday, Microsoft has fixed seven zero-day vulnerabilities, with six of them known to be exploited in the past.

The six actively exploited zero-day vulnerabilities are:

  • CVE-2021-31955 – Windows Kernel Information Disclosure Vulnerability 
  • CVE-2021-31956 – Windows NTFS Elevation of Privilege Vulnerability
  • CVE-2021-33739 – Microsoft DWM Core Library Elevation of Privilege Vulnerability
  • CVE-2021-33742 – Windows MSHTML Platform Remote Code Execution Vulnerability
  • CVE-2021-31199 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
  • CVE-2021-31201 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability

Also Read: How to Comply with PDPA: A Checklist For Businesses

In addition, the ‘CVE-2021-31968 – Windows Remote Desktop Services Denial of Service Vulnerability’ was publicly disclosed but not seen in attacks.

Kaspersky discovered two of the zero-day vulnerabilities, so we will likely see a report coming soon explaining how they were used.

Recent updates from other companies

Other vendors who released updates in June include:

The June 2021 Patch Tuesday Security Updates

Below is the full list of resolved vulnerabilities and released advisories in the June 2021 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

Also Read: In Case You Didn’t Know, ISO 27001 Requires Penetration Testing

TagCVE IDCVE TitleSeverity
.NET Core & Visual StudioCVE-2021-31957.NET Core and Visual Studio Denial of Service VulnerabilityImportant
3D ViewerCVE-2021-319423D Viewer Remote Code Execution VulnerabilityImportant
3D ViewerCVE-2021-319433D Viewer Remote Code Execution VulnerabilityImportant
3D ViewerCVE-2021-319443D Viewer Information Disclosure VulnerabilityImportant
Microsoft DWM Core LibraryCVE-2021-33739Microsoft DWM Core Library Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2021-33741Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft IntuneCVE-2021-31980Microsoft Intune Management Extension Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-31940Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-31941Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-31939Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office OutlookCVE-2021-31949Microsoft Outlook Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-31964Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2021-31963Microsoft SharePoint Server Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2021-31950Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2021-31948Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2021-31966Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-31965Microsoft SharePoint Server Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2021-26420Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Scripting EngineCVE-2021-31959Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Windows Codecs LibraryCVE-2021-31967VP9 Video Extensions Remote Code Execution VulnerabilityCritical
Paint 3DCVE-2021-31946Paint 3D Remote Code Execution VulnerabilityImportant
Paint 3DCVE-2021-31983Paint 3D Remote Code Execution VulnerabilityImportant
Paint 3DCVE-2021-31945Paint 3D Remote Code Execution VulnerabilityImportant
Role: Hyper-VCVE-2021-31977Windows Hyper-V Denial of Service VulnerabilityImportant
Visual Studio Code – Kubernetes ToolsCVE-2021-31938Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege VulnerabilityImportant
Windows Bind Filter DriverCVE-2021-31960Windows Bind Filter Driver Information Disclosure VulnerabilityImportant
Windows Common Log File System DriverCVE-2021-31954Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Cryptographic ServicesCVE-2021-31201Microsoft Enhanced Cryptographic Provider Elevation of Privilege VulnerabilityImportant
Windows Cryptographic ServicesCVE-2021-31199Microsoft Enhanced Cryptographic Provider Elevation of Privilege VulnerabilityImportant
Windows DCOM ServerCVE-2021-26414Windows DCOM Server Security Feature BypassImportant
Windows DefenderCVE-2021-31978Microsoft Defender Denial of Service VulnerabilityImportant
Windows DefenderCVE-2021-31985Microsoft Defender Remote Code Execution VulnerabilityCritical
Windows DriversCVE-2021-31969Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
Windows Event Logging ServiceCVE-2021-31972Event Tracing for Windows Information Disclosure VulnerabilityImportant
Windows Filter ManagerCVE-2021-31953Windows Filter Manager Elevation of Privilege VulnerabilityImportant
Windows HTML PlatformCVE-2021-31971Windows HTML Platform Security Feature Bypass VulnerabilityImportant
Windows InstallerCVE-2021-31973Windows GPSVC Elevation of Privilege VulnerabilityImportant
Windows KerberosCVE-2021-31962Kerberos AppContainer Security Feature Bypass VulnerabilityImportant
Windows KernelCVE-2021-31951Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2021-31955Windows Kernel Information Disclosure VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2021-31952Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityImportant
Windows MSHTML PlatformCVE-2021-33742Windows MSHTML Platform Remote Code Execution VulnerabilityCritical
Windows Network File SystemCVE-2021-31975Server for NFS Information Disclosure VulnerabilityImportant
Windows Network File SystemCVE-2021-31974Server for NFS Denial of Service VulnerabilityImportant
Windows Network File SystemCVE-2021-31976Server for NFS Information Disclosure VulnerabilityImportant
Windows NTFSCVE-2021-31956Windows NTFS Elevation of Privilege VulnerabilityImportant
Windows NTLMCVE-2021-31958Windows NTLM Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2021-1675Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Remote DesktopCVE-2021-31968Windows Remote Desktop Services Denial of Service VulnerabilityImportant
Windows TCP/IPCVE-2021-31970Windows TCP/IP Driver Security Feature Bypass VulnerabilityImportant

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us