Microsoft Products Critical Patches, issued June 8, 2021
Microsoft has released security updates to address multiple vulnerabilities in Windows operating system and other supported software including critical patches for Windows, .NET Core and Visual Studio, Microsoft Office, Microsoft Edge (Chromium-based and EdgeHTML), SharePoint Server, Hyper-V, Visual Studio Code - Kubernetes
Tools, Windows HTML Platform, and Windows Remote Desktop. A remote attacker can exploit some of these vulnerabilities to take control of an unpatched system.
This month, a total of 50 new vulnerabilities were discovered, include 5 rated as critical, and 45 rated as important in severity, with 3 of the issues publicly known at the time of release. The vulnerabilities that are being actively exploited are listed below:
- CVE-2021-33742 - Windows MSHTML Platform Remote Code Execution Vulnerability
- CVE-2021-33739 - Microsoft DWM Core Library Elevation of Privilege Vulnerability
- CVE-2021-31199 - Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
- CVE-2021-31201 - Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
- CVE-2021-31955 - Windows Kernel Information Disclosure Vulnerability
- CVE-2021-31956 - Windows NTFS Elevation of Privilege Vulnerability
Four of the six flaws listed above are privilege escalation vulnerabilities which suggests that attackers could be leveraging them as part of an infection chain to gain elevated permissions on the targeted systems to execute malicious code or leak sensitive information.
The National Cyber Security Authority recommends all users and administrators to:
- Apply the latest security patches as soon as possible to prevent malware and attackers from exploiting and gain complete remote control over unpatched systems. The latest security update programs can be applied by selecting the Start button, and then go to Settings → Update & Security→ Windows Update or by simply clicking at the taskbar to restart your outdated device and install updates
- Remind all users not to visit untrusted websites or follow links provided by unknown or untrusted sources.
For further information and support, please contact the National Cyber Security Authority (NCSA) by email to firstname.lastname@example.org or call us on 9009
Microsoft Corporation - June 2021 Security Updates
The Hacker News