On Tuesday, June 8th, Microsoft released a new set of 50 security fixes for serious issues in the Windows 10 operating system and related software, containing six zero-day flaws that are being proactively targeted by hackers. While there weren’t as many in June as we’ve seen in the past, the problems that Microsoft did resolve appear to be quite serious, which is why you should upgrade any Windows 10 devices you own as quickly as possible to avoid zero-day exploits.
Microsoft provided updates for Windows 10,.NET Core and Visual Studio, Microsoft Office, the Microsoft Edge browser, SharePoint, Outlook, and Excel, among other products. Five CVEs (Common Vulnerabilities and Exposures) are classified as critical, while the remaining 45 are classified as important. Regardless, the most recent wave of patches should fix them all.
The following are the pertinent details about Microsoft’s six zero-day exploits:
♦ CVE-2021-31955: Windows Kernel Information Disclosure Vulnerability. Rating: Important. CVSS 5.5
♦ CVE-2021-31956: Windows NTFS Elevation of Privilege Vulnerability. Rating: Important. CVSS 7.8
♦ CVE-2021-33739: Microsoft DWM Core Library Elevation of Privilege Vulnerability. Rating: Important. CVSS 8.4
♦ CVE-2021-33742: Windows MSHTML Platform Remote Code Execution Vulnerability. Rating: Critical. CVSS 7.5
♦ CVE-2021-31199: Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability. Rating: Important. CVSS 5.2
♦ CVE-2021-31201: Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability. Rating: Important. CVSS 5.2
If you’re keen to learn more, the Zero Day Initiative does an excellent job of compiling all of the most important security updates from across the industry, and Dustin Childs produced a detailed tutorial covering Microsoft’s June 2021 patches.
You should make sure that your Windows 10 devices are up to date and avoid zero-day exploits, regardless of whether you care about the intricacies. To do so, go to the Start menu, open the Settings menu, and then click the Windows Update button at the top of the window. Next, click “Check for Updates,” and if any are available, download and install them as soon as possible.
Satnam Narang, staff research engineer at cybersecurity company Tenable said about the patches,
“While these vulnerabilities have already been exploited in the wild as zero-days, it is still vital that organisations apply these patches as soon as possible. Unpatched flaws remain a problem for many organisations months after patches have been released.”