On June 8, 2021, Microsoft released security updates for clients and Windows, Office, etc. servers. - as well as for other products.
Its release Patch Tuesday June 2021 corrects 49 CVEs, five of which are critical.
This is the third time in 2021 that Microsoft has corrected less than 60 CVEs, and the June updates contain the lowest number of updates per month for this year. However, users and administrators should install the June updates as soon as possible.
This is because Microsoft has fixed six 0day vulnerabilities that have already been exploited in practice. These include four rights-raising vulnerabilities, one data disclosure vulnerability and one remote code execution.
CVE-2021-33742 is a remote code execution vulnerability in platform Microsoft Windows MSHTML. Although this vulnerability does not require special privileges, the attack complexity to exploit it is high. This means that an attacker would have to do extra work to successfully exploit this vulnerability. But this seems to have already happened, although in practice the details of how to exploit the vulnerability are not yet known.
CVE-2021-31955 is a vulnerability in the Windows kernel that can be used to cause data disclosure while CVE-2021-31956 is a vulnerability in Windows NTFS that allows you to increase permissions. Details on how to exploit these vulnerabilities in practice are not yet known. Both, however, require the intruder to be certified in the destination system.
CVE-2021-33739 is a 0day privilege vulnerability in the Microsoft Desktop Library Window Manager (DWM). In comparison, Microsoft faced two privilege vulnerabilities in February (CVE-2021-1732) and April (CVE-2021-28310) that appear to originate from a team known as BITTER APT.
After this news, it would be good to proceed with her installation of the updates. To date no errors have been reported since installing the updates.
