On June 8, 2021, Microsoft released security updates for clients and Windows, Office, etc. servers. - as well as for other products.
Its release Patch Tuesday June 2021 corrects 49 CVEs, five of which are critical.
This is the third time in 2021 that Microsoft has corrected less than 60 CVEs, and the June updates contain the lowest number of updates per month for this year. However, users and administrators should install the June updates as soon as possible.
That's because Microsoft has fixed six 0day vulnerabilities that have already been exploited in practice. Among them are four elevation of privilege vulnerabilities, one disclosure vulnerability data and one of remote code execution.
CVE-2021-33742 is a cross-platform remote code execution vulnerability Microsoft Windows MSHTML. Although this vulnerability does not require special privileges, the complexity of the attack to exploit it is high. This means that an attacker would have to do extra work to successfully exploit this vulnerability. But this seems to have already happened, although in practice the details of how to exploit the vulnerability are not yet known.
CVE-2021-31955 is a vulnerability in the Windows kernel that can be used to cause data disclosure while CVE-2021-31956 is a vulnerability in Windows NTFS that allows privilege escalation. Details of how these vulnerabilities are exploited in practice are not yet known. And the two however, they require authentication of the attacker on the target system.
CVE-2021-33739 is a 0day privilege vulnerability in the Microsoft Desktop Library Window Manager (DWM). In comparison, Microsoft faced two privilege vulnerabilities in February (CVE-2021-1732) and April (CVE-2021-28310) that appear to come from a group known as the BITTER APT.
Following this news, it would be good to proceed with the installation of the updates. To date, no errors have been reported since installing the updates.