Security News > 2021 > June > June 2021 Patch Tuesday: Microsoft fixes six actively exploited zero-days

Microsoft has fixed 50 security vulnerabilities, six of which are actively exploited zero-days.

On this June 2021 Patch Tuesday, Microsoft has splatted 5 critical and 45 important bugs.

"At first glance, I thought this Patch Tuesday was going to be a light one - until I started digging into the technical details and uncovered a number of 'exploitation detected' vulnerabilities," said Kevin Breen, Director of Cyber Threat Research at Immersive Labs.

CVE-2021-33739 is an elevation of privilege zero-day vulnerability in the Microsoft Desktop Window Manager Core Library.

"For context, Microsoft patched two elevation of privilege vulnerabilities in February and April which appear to be linked to a threat actor known as BITTER APT. In the case of CVE-2021-28310, researchers linked the flaw to the dwmcore.dll file. Given that CVE-2021-33739 is credited to the same researchers who found CVE-2021-1732 in February, and was discovered in the same core library as CVE-2021-28310, it is feasible this is another zero-day being leveraged by the same BITTER APT group," commented Satnam Narang, staff research engineer at Tenable.

Among the fixed vulnerabilities the most critical one is an Improper Authentication vulnerability in SAP NetWeaver AS ABAP and ABAP Platform that can be used to bypass protection against external calls.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/8kfS3vUWc0c/