Microsoft released its monthly security update Tuesday 8th June 2021, disclosing 50 vulnerabilities across its suite of products.
This Patch Tuesday, the breakdown of vulnerabilities include 5 “critical” ratings with the rest labelled as “important”. Additionally, there has been 6 out of 7 zero-days that have been identified as being currently exploited in the wild. The 6 zero-days are as follows:
- CVE-2021-31955 – Windows Kernel Information Disclosure Vulnerability
- CVE-2021-31956 – Windows NTFS Elevation of Privilege Vulnerability
- CVE-2021-33739 – Microsoft DWM Core Library Elevation of Privilege Vulnerability
- CVE-2021-33742 – Windows MSHTML Platform Remote Code Execution Vulnerability
- CVE-2021-31199 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
- CVE-2021-31201 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
As reported by zdnet.com, the products affected by these vulnerabilities are Microsoft Office, .NET Core & Visual Studio, the Edge browser, Windows Cryptographic Services, SharePoint, Outlook, and Excel.
One notable vulnerability with a “critical” rating relates to Microsoft Defender. According to Lansweeper.com, the vulnerability allows for an attacker to perform remote code execution on the targeted machine. It is strongly recommended to perform updates for Microsoft Defender right now.
A full list of Microsoft’s June 2021 Patches, their CVE’s Severities, scores, exploits, and disclosures can be found here: SANS Internet Storm Centre.