Patch Management

Microsoft fixes 50 vulnerabilities for June, but patch first the six exploited in the wild

June 9, 2021
For June’s Patch Tuesday yesterday Microsoft fixed 50 vulnerabilities, six of which are being actively exploited in the wild. (Photo by Kevork Djansezian/Getty Images)
  • CVE-2021-33742:  A remote code execution (RCE) vulnerability in the Windows MSHTML Platform. It’s a critical vulnerability that affects Windows 7 through 10 and Windows Server 2008 and 2012.
  • CVE-2021-31955: An information disclosure vulnerability in the Windows Kernel. Microsoft rates this vulnerability as Important and it affects Windows 10 and Windows Server 2019. Microsoft rates exploitation of this vulnerability as low complexity and because it’s being exploited in the wild already, can be quicklyu picked up on by other threat actors.
  • CVE-2021-31201, CVE-2021-31199, CVE-2021-33739, CVE-2021-31956: These are all  “elevation of privilege” vulnerabilities rated Important by Microsoft. Elevation of privilege vulnerabilities are important because attackers like to chain these vulnerabilities with RCE vulnerabilities (such as CVE-2021-33742) as part of their attacks. The attackers use the RCE vulnerability to gain initial access, then the elevation of privilege vulnerabilities to gain administrative access on the compromised system.
prestitial ad