On June 8, 2021, Microsoft released security updates for Windows clients and servers, Office, etc. – as well as for others productthe.
Its release Patch Tuesday June 2021 corrects 49 CVEs, five of which are critical.
This is the third time in 2021 that Microsoft has corrected less than 60 CVEs, and the June updates contain the lowest number of updates per month for this year. However, users and administrators should install the June updates as soon as possible.
That's because Microsoft has fixed six 0day vulnerabilities that have already been exploited in practice. Among them are four elevation of privilege vulnerabilities, one data disclosure vulnerability, and one remote execution vulnerability code.
CVE-2021-33742 is a remote code execution vulnerability in platform Microsoft Windows MSHTML. Although this vulnerability does not require special privileges, the attack complexity to exploit it is high. This means that an attacker would have to do extra work to successfully exploit this vulnerability. But this seems to have already happened, although in practice the details of how to exploit the vulnerability are not yet known.
CVE-2021-31955 is a vulnerability in the Windows kernel that can be used to cause data disclosure while CVE-2021-31956 is a vulnerability in Windows NTFS that allows you to increase permissions. Details on how to exploit these vulnerabilities in practice are not yet known. Both, however, require the intruder to be certified in the destination system.
CVE-2021-33739 is a 0day permissions vulnerability in the Microsoft Desktop Window Manager (DWM) Library. By comparison, Microsoft encountered two privilege vulnerabilities in February (CVE-2021-1732) and April (CVE-2021-28310) that appear to come from a group known as the BITTER APT.
Following this news, it would be good to proceed with the installation of the updates. To date they have not been reported errorfrom installing the updates.
