Security

This Month’s Patch Tuesday Brings Fixes for 11 Actively Exploited Vulnerabilities

By Bill Toulas
microsoft
  • Microsoft is pushing a small “Patch Tuesday” which is very important to apply nonetheless.
  • The software giant has identified and fixed eleven actively exploited bugs, four of which are critical.

Microsoft has released the June 2021 “Patch Tuesday” for its various products. The notable aspect this month is that the pack contains fixes for eleven vulnerabilities currently under active exploitation. As such, applying the patch is a tad bit more critical than usual, although there’s really no Tuesday Patch that system administrators can afford to skip or even postpone. In total, Microsoft has fixed 49 flaws, with five of them being critical and the rest classified as important.

Source: Sophos

Here are the most important critical fixes of this month:

  • CVE-2021-33742 – Actively exploited flaw in the Windows MSHTML, abusing the Internet Explorer HTML engine to execute commands on the target system.
  • CVE-2021-33741 – Actively exploited elevation of privilege vulnerability affecting the Edge browser.
  • CVE-2021-31985 – Actively exploited remote-code execution flaw in Microsoft Defender.
  • CVE-2021-31959 – Actively exploited memory corruption vulnerability in the Chakra Jscript engine.

And below are the currently-exploited flaws that are rated as “important”:

  • CVE-2021-31199 and CVE-2021-31201 – Vulnerabilities in Microsoft’s Enhanced Cryptographic Provider
  • CVE-2021-33739 – Elevation of privilege bug in the Windows NTFS
  • CVE-2021-31956 – Elevation of privilege flaw in the Windows DWM Core Library
  • CVE-2021-31955 – Information disclosure bug in the Windows Kernel.

Although the classification of the flaws is definitely a critical factor to consider, it is often indicative of the damage potential that a particular exploit could have. This month, we see five important bugs being actively exploited. This indicates that even small holes are important to address as they can open up the potential for other, more serious exploits. Some of these zero-days are used in chained exploits, so no matter if a bug is rated as critical or just important, if adversaries are using it, there’s a good reason to fix it.

Before you apply this month’s update, make sure to backup your data and secure your most important files from unfortunate events like a corrupted filesystem. Remember, this is rare, but it can happen, so don’t skip the backing-up part.

Adobe has synchronized the fixing of critical flaws on its products too, so if you’re using the Reader, Photoshop, Connect, and the Creative Cloud in general, you should apply the available updates there too.

Add a Comment

Latest
Sports
US Darts Masters 2023 Live Stream: How to Watch Online from Anywhere
Sachin Sharma - 0
The tension is palpable, and the excitement is high ahead of what promises to be another captivating edition of the US Darts...
Read more
Sports
Spanish Grand Prix Live Stream 2023: How to Watch Formula 1 Online from Anywhere
Sachin Sharma - 0
The thrills of the 2023 Formula 1 season continue this weekend with the Spanish Grand Prix. Another blistering race lies in store...
Read more
Streaming
How to Watch Love ALLways Online: Stream LGBTQ+ Dating Show from Anywhere
Lore Apostol - 0
Love ALLways is a new reality TV dating show, and we have all the important details you may be searching for, including...
Read more

© TechNadu 2023. All Rights Reserved.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari