Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog


Microsoft’s June 2021 Patch Tuesday Addresses 49 CVEs (CVE-2021-31955, CVE-2021-31956 and CVE-2021-33742)

Microsoft addresses 49 CVEs with six having been observed as exploited in the wild

  1. 5Critical
  2. 44Important
  3. 0Moderate
  4. 0Low

Microsoft patched 49 CVEs in its June 2021 Patch Tuesday release, including five CVEs rated as critical and 44 rated as important.

Tenable's Security Response Team is aware that others may be counting CVE-2021-33741 as part of Patch Tuesday. However, it was patched on June 4 and is not included in our counts.

This month’s update includes fixes for:

  • .NET Core & Visual Studio
  • 3D Viewer
  • Microsoft DWM Core Library
  • Microsoft Intune
  • Microsoft Office
  • Microsoft Office Excel
  • Microsoft Office Outlook
  • Microsoft Office SharePoint
  • Microsoft Scripting Engine
  • Microsoft Windows Codecs Library
  • Paint 3D
  • Role: Hyper-V
  • Visual Studio Code - Kubernetes Tools
  • Windows Bind Filter Driver
  • Windows Common Log File System Driver
  • Windows Cryptographic Services
  • Windows DCOM Server
  • Windows Defender
  • Windows Drivers
  • Windows Event Logging Service
  • Windows Filter Manager
  • Windows HTML Platform
  • Windows Installer
  • Windows Kerberos
  • Windows Kernel
  • Windows Kernel-Mode Drivers
  • Windows Network File System
  • Windows NTFS, Windows NTLM
  • Windows Print Spooler Components
  • Windows Remote Desktop
  • Windows TCP/IP

Remote code execution (RCE) vulnerabilities accounted for 34.7% of the vulnerabilities patched this month, followed by elevation of privilege (EoP) at 26.5%.


CVE-2021-31955 | Windows Kernel Information Disclosure Vulnerability

CVE-2021-31955 is an information disclosure vulnerability in the Windows Kernel (ntoskrnl.exe). It was discovered by researchers at Kaspersky and is associated with a “wave of highly targeted attacks” by a group they call PuzzleMaker. An attacker could use this vulnerability to disclose information from the system, such as kernel addresses. They could then combine this with CVE-2021-31956 to elevate privileges on the targeted system.


CVE-2021-31956 | Windows NTFS Elevation of Privilege Vulnerability

CVE-2021-31956 is an EoP vulnerability within Windows NTFS (New Technology File System) which could allow a local user to elevate their privileges on an affected system. A local user could exploit the flaw with a crafted application in order to take control of a system. This vulnerability affects all currently supported Windows variants including Windows Server and Windows Server Core Installations. Microsoft notes that this flaw has been actively exploited in the wild as a zero-day. Like CVE-2021-31955, this vulnerability is credited to researchers at Kaspersky, who have linked this vulnerability to an attack chain from the PuzzleMaker Group, which includes the use of an unidentified Google Chrome zero-day vulnerability.


CVE-2021-33742 | Windows MSHTML Platform Remote Code Execution Vulnerability

CVE-2021-33742 is a RCE vulnerability in the Windows MSHTML Platform, Microsoft’s proprietary browser engine. The vulnerability received a CVSSv3 score of 7.5 and has been exploited in the wild as a zero-day. CVE-2021-33742 requires user interaction to exploit, so an attacker would need to entice a victim to open a crafted file or visit a malicious website using an affected application.This vulnerability affects all currently supported versions of Microsoft Windows. Microsoft also noted in their release that while the MSHTML Platform was designed for Internet Explorer, which has been retired, the underlying platforms including MSHTML are supported. Discovery of the vulnerability is credited to Clément Lecigne of Google’s Threat Analysis Group (TAG). Shane Huntley, director of the Google TAG says that, while they plan to share more details about the attack in the future, they have linked it to a “commercial exploit company” that has provided “capability for limited nation state Eastern Europe / Middle East targeting.”


CVE-2021-31939 | Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-31939 is a use-after-free (UAF) vulnerability in Microsoft Excel that could lead to RCE if an attacker is able to convince a target into opening a crafted file. Researchers Sagi Tzadik and Netanel Ben-Simon of Check Point Research wrote a blog post describing their research and fuzzing of Microsoft Office, targeting the MSGraph COM component (MSGraph.Chart.8, GRAPH.EXE). This led to the discovery of CVE-2021-31939 along with three additional CVE’s patched in the May 2021 Patch Tuesday update; CVE-2021-31179, CVE-2021-31174, and CVE-2021-31178.

CVE-2021-31939 is also credited to Zhangjie and willJ from cdsrc, Anonymous working with Trend Micro Zero Day Initiative, Jinquan(@jq0904) of DBAPPSecurity Lieying Lab and Ryelv of Tencent. CVE-2021-31939 received a 5.5 CVSSv3 score and is labeled as “Exploitation Less Likely” by Microsoft with no currently known proof-of-concept code available.


CVE-2021-33739 | Microsoft Desktop Window Manager Core Library Elevation of Privilege Vulnerability

CVE-2021-33739 is an EoP vulnerability in the Microsoft Desktop Window Manager (DWM) core library, dwmcore.dll. It was discovered and reported to Microsoft by researchers at DBAPPSecurity Threat Intelligence Center. In February, DBAPPSecurity Threat Intelligence Center disclosed another zero-day vulnerability, CVE-2021-1732, an elevation of privilege vulnerability in Win32k linked to a threat actor known as BITTER APT. In April, researchers at Kaspersky disclosed CVE-2021-28310, an elevation of privilege zero-day vulnerability in Microsoft DWM Core Library that they connected to multiple threat actors including BITTER APT. While it has not yet been confirmed, it is possible this is another zero-day leveraged by BITTER APT in the wild.


CVE-2021-31983, CVE-2021-31946, CVE-2021-31945 | Multiple Vulnerabilities in Paint 3D

CVE-2021-31983, CVE-2021-31946 and CVE-2021-31945 are RCE vulnerabilities in Microsoft’s Paint 3D, which replaced the original MS Paint. All three received a CVSSv3 score of 7.8 and a severity of Important with an “Exploitation Less Likely” designation. These vulnerabilities are more interesting than concerning. They all require user interaction and the application will automatically update in most cases. However, all three vulnerabilities were discovered by several different researchers including Mat Powell from Trend Micro Zero Day Initiative, Li Qiao of Baidu Security Lab, and garmin working with Trend Micro Zero Day Initiative. One can only speculate why these researchers were examining Paint all at once, unless more information becomes available. Paint 3D wasn’t able to provide any insights either.

Tenable solutions

Users can create scans that focus specifically on our Patch Tuesday plugins. From a new advanced scan, in the plugins tab, set an advanced filter for Plugin Name contains June 2021.

With that filter set, click the plugin families to the left and enable each plugin that appears on the right side. Note: If your families on the left say Enabled, then all the plugins in that family are set. Disable the whole family before selecting the individual plugins for this scan. Here’s an example from Tenable.io:

A list of all the plugins released for Tenable’s June 2021 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.

Get more information

Join Tenable's Security Response Team on the Tenable Community.

Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface.

Get a free 30-day trial of Tenable.io Vulnerability Management.

Related Articles

Are You Vulnerable to the Latest Exploits?

Enter your email to receive the latest cyber exposure alerts in your inbox.

Try Tenable.io


Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Nessus Professional Free


Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable.io Web Application Scanning


Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.



Buy Now

Try Tenable.io Container Security


Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try Tenable Lumin


Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Request a demo of Tenable.ot

Get the Operational Technology Security You Need.
Reduce the Risk You Don’t.


Continuously detect and respond to Active Directory attacks. No agents. No privileges. On-prem and in the cloud.