This month Microsoft patches 7 zero-day flaws in Windows, 6 of which are being exploited in the wild. And there are also important updates for SharePoint Server, Microsoft Office, and Adobe Acrobat and Reader.
If you haven’t already started testing and deploying June’s updates for Windows and Windows Server, then it’s time to get cracking because there are 7 zero-days fixed in this month’s round of patches. 6 of the 7 zero-day vulnerabilities are already being exploited in the wild. The last flaw in the list is not yet being exploited but it won’t take hackers long to start weaponizing it.
Kaspersky Labs reported that CVE-2021-31955 and CVE-2021-31956 are being used as part of an attack that targets Google Chrome in the exploit chain, leading to remote code execution.
As a quick sidenote, News and Interests on the Windows taskbar is now available to users on all supported versions of Windows 10 on the Semi Annual Channel (SAC).
There’s one critical remote code execution flaw this month for SharePoint Enterprise Server 2013 Service Pack 1. And there are 7 other fixes for remote code execution bugs, rated Important, that affect SharePoint Enterprise Server 2016, SharePoint Server 2016, and SharePoint Foundation Server 2013 Service Pack 1.
Outlook gets a patch for a remote code execution flaw that a hacker could exploit if a user opens a specially crafted file. There’s also a patch for a remote code execution vulnerability in Microsoft Office graphics that affects users of Microsoft Office 2013, 2016, and 2019.
Finally this month, Adobe lists security updates for its products including 5 critical flaws in Adobe Acrobat and Reader, 2 critical flaws in Photoshop, and 1 important vulnerability in Adobe Connect. Check out Adobe’s website here for more information.