Microsoft has addressed several security flaws in this month’s Microsoft Patch Tuesday and comes with security patches for a total of six zero-day vulnerabilities that were actively exploited in the wild.
Array of vulnerabilities for Patch Tuesday:
Every second Tuesday of each month, the software giant addresses collective security vulnerabilities and flaws within their series of products and multi-utility software, and this month’s Microsoft Patch Tuesday has reportedly covered a total of 50 security flaws.
Out of these, 5 are characterized in the critical severity zone while 45 of them are regarded as important.
Microsoft software and products that are impacted by June’s security update include Microsoft Office, .NET Core & Visual Studio, the Edge browser, Windows Cryptographic Services, SharePoint, Outlook, and Excel.
Zero-days of Microsoft Patch Tuesday:
The critical zero-days that were being actively exploited and have now been addressed in the update are as follows:
- CVE-2021-33742: Windows MSHTML Platform Remote Code Execution Vulnerability, CVSS 7.5
- CVE-2021-33739: Microsoft DWM Core Library Elevation of Privilege Vulnerability, CVSS 8.4
- CVE-2021-31199: Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability, CVSS 5.2
- CVE-2021-31201: Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability, CVSS 5.2
- CVE-2021-31955: Windows Kernel Information Disclosure Vulnerability, CVSS 5.5
- CVE-2021-31956: Windows NTFS Elevation of Privilege Vulnerability, CVSS 7.8
A separate zero-day that was reported to Microsoft, tracked as CVE-2021-31968, was also patched but did not have any cases of being exploited in the wild. The vulnerability had a CVSS score of 7.5 and could be potentially exploited to deploy denial-of-service attacks.
Experts are of the opinion that since these zero-day vulnerabilities have been actively exploited in the wild, organizations should look to it that they apply the security patches provided in the Microsoft Patch Tuesday as soon as possible to mitigate any cyber-risks.
The previous month’s patch Tuesday saw Microsoft fixing 55 security issues with four of them regarded as critical along with three zero-days.