It is another low volume Patch Tuesday this month as Microsoft releases fixes for 50 vulnerabilities. This should not diminish the importance of speedily applying the updates. 6 of the vulnerabilities being patched this month are 0-days under active exploitation (CVE-2021-31955, CVE-2021-31956, CVE-2021-33739, CVE-2021-33742, CVE-2021-31199, and CVE-2021-31201). These patches should be given immediate priority. Luckily they can all be addressed by normal operating system patches and should not require additional manual intervention. Additionally, Enterprises should take action on CVE-2021-31962 if they use Kerberos in their environment as it may allow an attacker to bypass Kerberos authentication altogether.

Windows MSHTML Platform Remote Code Execution Vulnerability (CVE-2021-33742)

This is the only 0-day vulnerability this month which results in a remote code execution. The vulnerability lies within the MSHTML platform which is used by Internet Explorer 11 and Edge Legacy. While these two products are no longer fully supported (Edge Legacy is end of life and IE 11 is no longer supported on certain platforms) the underlying HTML libraries continue to be updated as other applications can make use of it. Further details for this vulnerability will be published by Google's Threat Analysis Group within the next 30 days.

Kerberos AppContainer Security Feature Bypass Vulnerability (CVE-2021-31962)

While this vulnerability has not been exploited in the wild yet, it would be a rather juicy target for exploit developers. Were this to be exploited it may allow a complete bypass of Kerberos authentication, allowing a connection without a password. Kerberos is generally used in Enterprise environments and as such sysadmins should patch this if they are leveraging the strong cryptography authentication mechanism.

Multiple Elevation of Privilege 0-days

CVE-2021-31955, CVE-2021-31956, CVE-2021-33739, CVE-2021-31199, and CVE-2021-31201


The rest of the 0-days this month can result in elevation of privilege. These vulnerabilities are often chained with other vulnerabilities in order to achieve code execution as an Administrator. Luckily for defenders, these vulnerabilities are simply patched using the traditional update methods.

Summary Tables

Here are this month's patched vulnerabilities split by the product family.

Apps Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-31945 Paint 3D Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-31946 Paint 3D Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-31983 Paint 3D Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-31980 Microsoft Intune Management Extension Remote Code Execution Vulnerability No No 8.1 Yes
CVE-2021-31942 3D Viewer Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-31943 3D Viewer Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-31944 3D Viewer Information Disclosure Vulnerability No No 5 Yes

Browser Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-33741 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability No No 8.2 Yes

Developer Tools Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-31938 Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vulnerability No No 7.3 Yes
CVE-2021-31957 .NET Core and Visual Studio Denial of Service Vulnerability No No 5.9 No

ESU Windows Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-31968 Windows Remote Desktop Services Denial of Service Vulnerability No Yes 7.5 No
CVE-2021-1675 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-31958 Windows NTLM Elevation of Privilege Vulnerability No No 7.5 Yes
CVE-2021-31956 Windows NTFS Elevation of Privilege Vulnerability Yes No 7.8 Yes
CVE-2021-33742 Windows MSHTML Platform Remote Code Execution Vulnerability Yes No 7.5 Yes
CVE-2021-31971 Windows HTML Platform Security Feature Bypass Vulnerability No No 6.8 Yes
CVE-2021-31973 Windows GPSVC Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-31953 Windows Filter Manager Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-26414 Windows DCOM Server Security Feature Bypass No No 4.8 Yes
CVE-2021-31954 Windows Common Log File System Driver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-31959 Scripting Engine Memory Corruption Vulnerability No No 6.4 Yes
CVE-2021-31199 Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability Yes No 5.2 Yes
CVE-2021-31201 Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability Yes No 5.2 Yes
CVE-2021-31962 Kerberos AppContainer Security Feature Bypass Vulnerability No No 9.4 Yes

Microsoft Office Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-31964 Microsoft SharePoint Server Spoofing Vulnerability No No 7.6 No
CVE-2021-31948 Microsoft SharePoint Server Spoofing Vulnerability No No 7.6 No
CVE-2021-31950 Microsoft SharePoint Server Spoofing Vulnerability No No 7.6 No
CVE-2021-31966 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 7.2 No
CVE-2021-31963 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 7.1 No
CVE-2021-26420 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 7.1 No
CVE-2021-31965 Microsoft SharePoint Server Information Disclosure Vulnerability No No 5.7 Yes
CVE-2021-31949 Microsoft Outlook Remote Code Execution Vulnerability No No 6.7 Yes
CVE-2021-31940 Microsoft Office Graphics Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-31941 Microsoft Office Graphics Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-31939 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes

System Center Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-31985 Microsoft Defender Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-31978 Microsoft Defender Denial of Service Vulnerability No No 5.5 Yes

Windows Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-31970 Windows TCP/IP Driver Security Feature Bypass Vulnerability No No 5.5 No
CVE-2021-31952 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-31955 Windows Kernel Information Disclosure Vulnerability Yes No 5.5 Yes
CVE-2021-31951 Windows Kernel Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-31977 Windows Hyper-V Denial of Service Vulnerability No No 8.6 Yes
CVE-2021-31969 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-31960 Windows Bind Filter Driver Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-31967 VP9 Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-31975 Server for NFS Information Disclosure Vulnerability No No 7.5 Yes
CVE-2021-31976 Server for NFS Information Disclosure Vulnerability No No 7.5 Yes
CVE-2021-31974 Server for NFS Denial of Service Vulnerability No No 7.5 No
CVE-2021-33739 Microsoft DWM Core Library Elevation of Privilege Vulnerability Yes Yes 8.4 Yes
CVE-2021-31972 Event Tracing for Windows Information Disclosure Vulnerability No No 5.5 Yes

Summary Graphs