For June’s Patch Tuesday yesterday Microsoft fixed 50 vulnerabilities, 6 of which are currently being actively exploited in the wild. (Picture by Kevork Djansezian/Getty Illustrations or photos)
For June’s Patch Tuesday yesterday Microsoft preset 50 vulnerabilities, six of which are being actively exploited in the wild.
When security scientists say that directors should really focus on all these patches as quickly as doable, security groups can commence by concentrating on the six at the moment exploited.
Allan Liska of Recorded Future’s computer system security incident response group, lists out the causes why security teams should consider the six exploited vulnerabilities significantly:
- CVE-2021-33742: A distant code execution (RCE) vulnerability in the Windows MSHTML Platform. It is a critical vulnerability that affects Windows 7 through 10 and Windows Server 2008 and 2012.
- CVE-2021-31955: An info disclosure vulnerability in the Windows Kernel. Microsoft charges this vulnerability as Critical and it influences Windows 10 and Windows Server 2019. Microsoft charges exploitation of this vulnerability as reduced complexity and mainly because it is becoming exploited in the wild presently, can be quicklyu picked up on by other threat actors.
- CVE-2021-31201, CVE-2021-31199, CVE-2021-33739, CVE-2021-31956: These are all “elevation of privilege” vulnerabilities rated Crucial by Microsoft. Elevation of privilege vulnerabilities are significant due to the fact attackers like to chain these vulnerabilities with RCE vulnerabilities (this sort of as CVE-2021-33742) as section of their attacks. The attackers use the RCE vulnerability to obtain first accessibility, then the elevation of privilege vulnerabilities to get administrative accessibility on the compromised technique.
Some elements of this report are sourced from: