(http://i.postimg.cc/VvbkdVBW/patch-tuesday-large.jpg)
Today is Microsoft's June 2021 Patch Tuesday, and with it comes fixes for seven zero-day vulnerabilities and a total of 50 flaws, so Windows admins will be scrambling to get devices secured.
Microsoft has fixed 50 vulnerabilities with today's update, with five classified as Critical and forty-five as Important.
For information about the non-security Windows updates, you can read about today's Windows 10 KB5003637 & KB5003635 cumulative updates (http://www.bleepingcomputer.com/news/microsoft/windows-10-kb5003637-and-kb5003635-cumulative-updates-released/).
Seven zero-day vulnerabilities fixed
As part of today's Patch Tuesday, Microsoft has fixed seven zero-day vulnerabilities, with six of them known to be exploited in the past.
The six actively exploited zero-day vulnerabilities are:
• CVE-2021-31955 (http://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31955) - Windows Kernel Information Disclosure Vulnerability
• CVE-2021-31956 (http://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31956) - Windows NTFS Elevation of Privilege Vulnerability
• CVE-2021-33739 (http://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33739) - Microsoft DWM Core Library Elevation of Privilege Vulnerability
• CVE-2021-33742 (http://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33742) - Windows MSHTML Platform Remote Code Execution Vulnerability
• CVE-2021-31199 (http://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31199) - Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
• CVE-2021-31201 (http://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31201) - Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
In addition, the 'CVE-2021-31968 (http://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31968) - Windows Remote Desktop Services Denial of Service Vulnerability' was publicly disclosed but not seen in attacks.
Kaspersky discovered two of the zero-day vulnerabilities, so we will likely see a report coming soon explaining how they were used.
Recent updates from other companies
Other vendors who released updates in June include:
• Adobe released security updates (http://www.bleepingcomputer.com/news/security/adobe-issues-security-updates-for-41-vulnerabilities-in-10-products/) for ten products.
• Android's June security updates were released (http://source.android.com/security/bulletin/2021-06-01) yesterday.
• Cisco released security updates (http://tools.cisco.com/security/center/publicationListing.x) for numerous products this month.
• SAP released (http://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999) its June 2021 security updates.
The June 2021 Patch Tuesday Security Updates
Below is the full list of resolved vulnerabilities and released advisories in the June 2021 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here (http://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/June-2021.html).
(http://i.postimg.cc/FHZhpBmG/1.png)
(http://i.postimg.cc/C5V2Wws8/2.png)
(http://i.postimg.cc/SRrg3Cs0/3.png)
(http://i.postimg.cc/MZDtW0WN/4.png)
(http://i.postimg.cc/RVh14jpJ/5.png)
source (http://www.bleepingcomputer.com/news/microsoft/microsoft-june-2021-patch-tuesday-fixes-6-exploited-zero-days-50-flaws/)