Patch Tuesday – June 2021
This month Microsoft patches 7 zero-day flaws in Windows, 6 of which are being exploited in the wild. And there are also important updates for SharePoint Server, Microsoft Office, and Adobe Acrobat and Reader.
Windows and Windows Server
If you haven’t already started testing and deploying June’s updates for Windows and Windows Server, then it’s time to get cracking because there are 7 zero-days fixed in this month’s round of patches. 6 of the 7 zero-day vulnerabilities are already being exploited in the wild. The last flaw in the list is not yet being exploited but it won’t take hackers long to start weaponizing it.
- CVE-2021-31955 – Windows Kernel Information Disclosure Vulnerability
- CVE-2021-31956 – Windows NTFS Elevation of Privilege Vulnerability
- CVE-2021-33739 – Microsoft DWM Core Library Elevation of Privilege Vulnerability
- CVE-2021-33742 – Windows MSHTML Platform Remote Code Execution Vulnerability
- CVE-2021-31199 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
- CVE-2021-31201 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
- CVE-2021-31968 – Windows Remote Desktop Services Denial of Service Vulnerability
Kaspersky Labs reported that CVE-2021-31955 and CVE-2021-31956 are being used as part of an attack that targets Google Chrome in the exploit chain, leading to remote code execution.
News and Interests on the Windows taskbar
As a quick sidenote, News and Interests on the Windows taskbar is now available to users on all supported versions of Windows 10 on the Semi Annual Channel (SAC).
Exchange, SQL, and SharePoint Server
There’s one critical remote code execution flaw this month for SharePoint Enterprise Server 2013 Service Pack 1. And there are 7 other fixes for remote code execution bugs, rated Important, that affect SharePoint Enterprise Server 2016, SharePoint Server 2016, and SharePoint Foundation Server 2013 Service Pack 1.
Outlook gets a patch for a remote code execution flaw that a hacker could exploit if a user opens a specially crafted file. There’s also a patch for a remote code execution vulnerability in Microsoft Office graphics that affects users of Microsoft Office 2013, 2016, and 2019.
Finally this month, Adobe lists security updates for its products including 5 critical flaws in Adobe Acrobat and Reader, 2 critical flaws in Photoshop, and 1 important vulnerability in Adobe Connect. Check out Adobe’s website here for more information.
More in Windows 10
Microsoft Starts Rolling Out Edge WebView2 to Windows 10 PCs
Jun 28, 2022 | Rabia Noureen
Microsoft to Start Notifying Windows 8.1 Users About Upcoming End of Support
Jun 24, 2022 | Rabia Noureen
Microsoft's Out-Of-Band Patch Fixes Microsoft 365 and Azure AD Sign-In Issues on ARM Devices
Jun 21, 2022 | Rabia Noureen
Microsoft is Investigating Sign-In Issues Affecting Microsoft 365 and Azure AD on ARM Devices
Jun 20, 2022 | Rabia Noureen
Microsoft to Fix Windows Bug Breaking Wi-Fi hotspots After Installing Latest Patch Tuesday Update
Jun 17, 2022 | Rabia Noureen
Microsoft's June 2022 Patch Tuesday Updates Fix Several Remote Code Execution Vulnerabilities
Jun 15, 2022 | Laurent Giret
Most popular on petri