For June’s Patch Tuesday yesterday Microsoft fixed 50 vulnerabilities, six of which are being actively exploited in the wild.
While security researchers say that administrators should focus on all these patches as soon as possible, security teams can start by focusing on the six currently exploited.
Allan Liska of Recorded Future’s computer security incident response team, lists out the reasons why security teams should take the six exploited vulnerabilities seriously:
- CVE-2021-33742: A remote code execution (RCE) vulnerability in the Windows MSHTML Platform. It’s a critical vulnerability that affects Windows 7 through 10 and Windows Server 2008 and 2012.
- CVE-2021-31955: An information disclosure vulnerability in the Windows Kernel. Microsoft rates this vulnerability as Important and it affects Windows 10 and Windows Server 2019. Microsoft rates exploitation of this vulnerability as low complexity and because it’s being exploited in the wild already, can be quicklyu picked up on by other threat actors.
- CVE-2021-31201, CVE-2021-31199, CVE-2021-33739, CVE-2021-31956: These are all “elevation of privilege” vulnerabilities rated Important by Microsoft. Elevation of privilege vulnerabilities are important because attackers like to chain these vulnerabilities with RCE vulnerabilities (such as CVE-2021-33742) as part of their attacks. The attackers use the RCE vulnerability to gain initial access, then the elevation of privilege vulnerabilities to gain administrative access on the compromised system.