Patch Tuesday – June 2021

This month Microsoft patches 7 zero-day flaws in Windows, 6 of which are being exploited in the wild. And there are also important updates for SharePoint Server, Microsoft Office, and Adobe Acrobat and Reader.

Windows and Windows Server

If you haven’t already started testing and deploying June’s updates for Windows and Windows Server, then it’s time to get cracking because there are 7 zero-days fixed in this month’s round of patches. 6 of the 7 zero-day vulnerabilities are already being exploited in the wild. The last flaw in the list is not yet being exploited but it won’t take hackers long to start weaponizing it.

  1. CVE-2021-31955 – Windows Kernel Information Disclosure Vulnerability
  2. CVE-2021-31956 – Windows NTFS Elevation of Privilege Vulnerability
  3. CVE-2021-33739 – Microsoft DWM Core Library Elevation of Privilege Vulnerability
  4. CVE-2021-33742 – Windows MSHTML Platform Remote Code Execution Vulnerability
  5. CVE-2021-31199 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
  6. CVE-2021-31201 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
  7. CVE-2021-31968 – Windows Remote Desktop Services Denial of Service Vulnerability

Kaspersky Labs reported that CVE-2021-31955 and CVE-2021-31956 are being used as part of an attack that targets Google Chrome in the exploit chain, leading to remote code execution.

News and Interests on the Windows taskbar

As a quick sidenote, News and Interests on the Windows taskbar is now available to users on all supported versions of Windows 10 on the Semi Annual Channel (SAC).

Figure1 1
News and Interests now available in Windows 10 (Image Credit: Russell Smith)

Exchange, SQL, and SharePoint Server

There’s one critical remote code execution flaw this month for SharePoint Enterprise Server 2013 Service Pack 1. And there are 7 other fixes for remote code execution bugs, rated Important, that affect SharePoint Enterprise Server 2016, SharePoint Server 2016, and SharePoint Foundation Server 2013 Service Pack 1.

Microsoft Office

Outlook gets a patch for a remote code execution flaw that a hacker could exploit if a user opens a specially crafted file. There’s also a patch for a remote code execution vulnerability in Microsoft Office graphics that affects users of Microsoft Office 2013, 2016, and 2019.

Adobe software

Finally this month, Adobe lists security updates for its products including 5 critical flaws in Adobe Acrobat and Reader, 2 critical flaws in Photoshop, and 1 important vulnerability in Adobe Connect. Check out Adobe’s website here for more information.