Patch Tuesday, June 2021: Microsoft Releases 50 Security Fixes for Critical Issues Including Six Zero-Days That Are Actively Exploited in the Wild

Microsoft has released its monthly security updates, with 50 patched vulnerabilities. Out of these, 5 are rated “Critical” and 45 are rated “Important” in severity. According to the tech giant, 6 zero-days have been spotted being exploited in the wild, indicating they may be abused by threat actors to gain full, remote control of compromised devices without any user intervention. As usual, Heimdal™ advises you to apply the updates as soon as possible.

Patch Tuesday, June 2021: Highlights

Microsoft Office, .NET Core & Visual Studio, the Edge browser, Windows Cryptographic Services, SharePoint, Outlook, and Excel are all products impacted by June’s security update.

The zero-day vulnerabilities that Microsoft has tracked as being actively exploited, now patched in this update, are:

• CVE-2021-33742: a Remote Code Execution vulnerability in a Windows HTML component
• CVE-2021-33739: an Elevation of Privilege vulnerability in the Microsoft Desktop Window Manager
• CVE-2021-31199: an Elevation of Privilege vulnerability in the Microsoft Enhanced Cryptographic Provider
• CVE-2021-31201: an Elevation of Privilege vulnerability in the Microsoft Enhanced Cryptographic Provider
• CVE-2021-31955: an information disclosure vulnerability in the Windows Kernel
• CVE-2021-31956: an Elevation of Privilege vulnerability in Windows NTFS

Apart from these vulnerabilities, CVE-2021-31968 was also reported by Microsoft, although it’s not actively exploited in the wild. The zero-day has a 7.5 CVSS score and could be exploited to trigger denial-of-service.

The Zero Day Initiative reported eight of these vulnerabilities. Microsoft has also acknowledged reports from Google’s Threat Analysis Group, Google Project Zero, Nixu Cybersecurity, Check Point Research, FireEye, and others.

Below you will find the breakdown of patched vulnerabilities in the June 2021 Patch Tuesday security updates. Additionally, you can access the full report here.

Additional Cybersecurity Tips & References

Heimdal™ Patch & Asset Management offers a very simple solution to patch management, with fully customizable set-and-forget settings for Automatic deployment of software and updates. It also comes with full compliance and CVE/CVSS audit trail and updates are delivered fully repackaged, ad-free, and tested beforehand by our security experts. Our customers receive the patches using encrypted packages inside encrypted HTTPS transfer to their endpoints locally and the distribution is further optimized using a local P2P network between their own machines. What’s more, the built-in software center allows them to remove admin rights and permit their users to click and install only the software they approve.

As always, our Heimdal™ Threat Prevention and Heimdal™ Patch & Asset Management​ customers keep their organizations safe by applying the latest Microsoft patches in a timely manner.

Learn how automated patch management can add a powerful layer of defense to your organization and get in touch with us today for a free walkthrough.

Antivirus is no longer enough to keep an organization’s systems secure.

Heimdal® Threat Prevention - Endpoint

Is our next gen proactive shield that stops unknown threats before they reach your system.

• Machine learning powered scans for all incoming online traffic;
• Stops data breaches before sensitive info can be exposed to the outside;
• Advanced DNS, HTTP and HTTPS filtering for all your endpoints;
• Protection against data leakage, APTs, ransomware and exploits;

Try it for FREE today 30-day Free Trial. Offer valid only for companies.