This Tuesday, the Redmond giant has rolled out the monthly scheduled updates for customers. With the June Patch Tuesday, Microsoft has addressed six different zero-day bugs under attack and has released fixes for a total of 50 different critical and important severity flaws.
Microsoft Fixed 6 Zero-Day Bugs Under Attack
The most important fixes from Microsoft with June patch Tuesday revolve around six different bugs publicly exploited.
One of these bugs, CVE-2021-33742, achieved a critical severity rating with a CVSS score of 7.5. It not only caught public attention but also went under attack before a fix could arrive. This vulnerability directly affected the Trident (MSHTML) engine, thereby impacting numerous apps. Exploiting this bug could allow remote code execution attacks on target systems.
Similarly, two other important severity bugs CVE-2021-31199 and CVE-2021-31201, affecting the Microsoft Enhanced Cryptographic Provider, also went under attack. Exploiting these bugs allows an attacker to gain elevated privileges on target devices.
Like these two vulnerabilities, two other important bugs also went under attack stealthily. These include an information disclosure bug in Windows Kernel (CVE-2021-31955) and a privilege escalation flaw in Windows NTFS (CVE-2021-31956).
The sixth zero-day vulnerability affecting the Microsoft DWM Core Library (CVE-2021-33739) has also received a patch this month. Microsoft labeled it as an important severity bug that allowed privilege escalation.
Other Notable Patch Tuesday June Updates
From the 50 different security fixes, the above six are the most notable ones since Microsoft has detected active exploitation of them.
Nonetheless, the update bundle addresses four other critical severity bugs that allow remote code execution attacks. These vulnerabilities exist in Microsoft Defender (CVE-2021-31985), Microsoft SharePoint Server (CVE-2021-31963), VP9 Video Extensions (CVE-2021-31967), and Scripting Engine (CVE-2021-31959).
Besides, the other bugs have all achieved important severity ratings and could lead to remote code execution attacks, information disclosure, spoofing, privilege escalation, and other consequences. Among these, a noteworthy fix has addressed publicly known vulnerability in the Windows Remote Desktop Services (CVE-2021-31968). Exploiting this flaw could result in a denial of service.
Since Microsoft has already rolled out the patches, consumers must update their systems at the earliest to stay protected.