Windows 10

Patch Tuesday – June 2021

This month Microsoft patches 7 zero-day flaws in Windows, 6 of which are being exploited in the wild. And there are also important updates for SharePoint Server, Microsoft Office, and Adobe Acrobat and Reader.

Windows and Windows Server

If you haven’t already started testing and deploying June’s updates for Windows and Windows Server, then it’s time to get cracking because there are 7 zero-days fixed in this month’s round of patches. 6 of the 7 zero-day vulnerabilities are already being exploited in the wild. The last flaw in the list is not yet being exploited but it won’t take hackers long to start weaponizing it.

  1. CVE-2021-31955 – Windows Kernel Information Disclosure Vulnerability
  2. CVE-2021-31956 – Windows NTFS Elevation of Privilege Vulnerability
  3. CVE-2021-33739 – Microsoft DWM Core Library Elevation of Privilege Vulnerability
  4. CVE-2021-33742 – Windows MSHTML Platform Remote Code Execution Vulnerability
  5. CVE-2021-31199 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
  6. CVE-2021-31201 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
  7. CVE-2021-31968 – Windows Remote Desktop Services Denial of Service Vulnerability

Kaspersky Labs reported that CVE-2021-31955 and CVE-2021-31956 are being used as part of an attack that targets Google Chrome in the exploit chain, leading to remote code execution.

News and Interests on the Windows taskbar

As a quick sidenote, News and Interests on the Windows taskbar is now available to users on all supported versions of Windows 10 on the Semi Annual Channel (SAC).

Sponsored Content

Maximize Value from Microsoft Defender

In this ebook, you’ll learn why Red Canary’s platform and expertise bring you the highest possible value from your Microsoft Defender for Endpoint investment, deployment, or migration.

News and Interests now available in Windows 10 (Image Credit: Russell Smith)

Exchange, SQL, and SharePoint Server

There’s one critical remote code execution flaw this month for SharePoint Enterprise Server 2013 Service Pack 1. And there are 7 other fixes for remote code execution bugs, rated Important, that affect SharePoint Enterprise Server 2016, SharePoint Server 2016, and SharePoint Foundation Server 2013 Service Pack 1.

Microsoft Office

Outlook gets a patch for a remote code execution flaw that a hacker could exploit if a user opens a specially crafted file. There’s also a patch for a remote code execution vulnerability in Microsoft Office graphics that affects users of Microsoft Office 2013, 2016, and 2019.

Adobe software

Finally this month, Adobe lists security updates for its products including 5 critical flaws in Adobe Acrobat and Reader, 2 critical flaws in Photoshop, and 1 important vulnerability in Adobe Connect. Check out Adobe’s website here for more information.

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by:

 
Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: