A vulnerability exploited by the threat actor 'Pazzle Maker' has been fixed by Windows Update.



The Windows Update, which takes place on the second Tuesday of every month, includes a variety of updates, from urgent bugs to security fixes.

In June 2021, a total of seven zero-day vulnerabilities were fixed, including six that have already been exploited by 'threat actors'.

PuzzleMaker attacks with Chrome zero-day exploit chain | Securelist
https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/



Microsoft June 2021 Patch Tuesday fixes 6 exploited zero-days, 50 flaws
https://www.bleepingcomputer.com/news/microsoft/microsoft-june-2021-patch-tuesday-fixes-6-exploited-zero-days-50-flaws/

Microsoft Patches Six Zero-Day Security Holes – Krebs on Security
https://krebsonsecurity.com/2021/06/microsoft-patches-six-zero-day-security-holes/

The following six zero-day vulnerabilities have been exploited.
-CVE-2021-31955 : Information leakage vulnerability in Windows kernel
-CVE-2021-31956 : Windows NTFS privilege escalation vulnerability
CVE-2021-33739 : Microsoft DWM Core Library Privilege Elevation Vulnerabilities
CVE-2021-33742 : Remote code execution vulnerability in Windows MS HTML Platform
CVE-2021-31199 : Microsoft Enhanced Cryptographic Provider privilege elevation vulnerability
CVE-2021-31201 : Microsoft Enhanced Cryptographic Provider privilege elevation vulnerability

According to computer security company Kaspersky, CVE-2021-31955 and CVE-2021-31956 were used in the attack by new threat actor PazzleMaker. PazzleMaker used Chrome's remote code execution vulnerability to access the target system and exploited the information disclosure vulnerability in the Windows kernel and the privilege escalation vulnerability in Windows NTFS. The Chrome vulnerability, CVE-2021-21224, has been fixed on April 20, 2021.

In addition, CVE-2021-31199 and CVE-2021-31201 contained vulnerabilities related to the patch CVE-2021-28550 for Adobe Acrobat and Reader. Attackers used these vulnerabilities to create PDF files with malicious code, said Christopher Hass of cybersecurity research organization Automox.

in Software,   Security, Posted by log1p_kr