On June 8, 2021, Microsoft released security updates for clients and Windows, Office, etc. servers. - as well as for other products.
Its release Patch Tuesday June 2021 corrects 49 CVEs, five of which are critical.
This is the third time in 2021 that Microsoft has corrected less than 60 CVEs, and the June updates contain the lowest number of updates per month for this year. However, users and administrators should install the June updates as soon as possible.
This is because Microsoft has fixed six 0day vulnerabilities that have already been exploited in practice. These include four rights-raising vulnerabilities, one data disclosure vulnerability and one remote code execution.
CVE-2021-33742 is a vulnerability in executing remote code on the Microsoft Windows MSHTML platform. Although this vulnerability does not require special privileges, the complexity of the attack to exploit it is high. This means that an attacker would have to do extra work to successfully exploit this vulnerability. But this seems to have already happened, although in practice the details of how to exploit the vulnerability are not yet known.
CVE-2021-31955 is a vulnerability in the Windows kernel that can be used to cause data disclosure while CVE-2021-31956 is a vulnerability in Windows NTFS that allows you to increase permissions. Details on how to exploit these vulnerabilities in practice are not yet known. Both, however, require the intruder to be certified in the destination system.
CVE-2021-33739 is a 0day permissions vulnerability in the Microsoft Desktop Window Manager (DWM) Library. By comparison, Microsoft encountered two privilege vulnerabilities in February (CVE-2021-1732) and April (CVE-2021-28310) that appear to come from a group known as the BITTER APT.
Following this news, it would be good to proceed with the installation of the updates. To date, no errors have been reported since installing the updates.
