Security News > 2021 > June > Microsoft Patch Tuesday Fixes 6 In-The-Wild Exploits, 50 Flaws

Microsoft jumped on 50 vulnerabilities in this month's Patch Tuesday update, issuing fixes for CVEs in Microsoft Windows,.
The six CVEs under active attack in the wild include four elevation of privilege vulnerabilities, one information disclosure vulnerability and one remote code execution vulnerability.
Jay Goodman, director of product marketing at Automox, said in a blog post that an attacker exploiting this vulnerability "Could take control of a system where they would be free to install programs, view or change data, or create new accounts on the target system with full user rights."While Microsoft reports that this vulnerability is less likely to be exploited,Goodman suggested that organizations don't let it slide: "Patching critical vulnerabilities in the 72-hour window before attackers can weaponize is an important first step to maintaining a safe and secure infrastructure," he observed.
The Zero Day Initiative's Dustin Childs noted in his Patch Tuesday analysis that since the vulnerability is in the Trident engine itself, many different applications are affected, not just Internet Explorer.
Kaspersky experts did find and analyze the second exploit, however: An elevation of privilege exploit that exploits two distinct vulnerabilities in the Microsoft Windows OS kernel: CVE-2021-31955 and CVE-2021-31956.
"It's a reminder that zero days continue to be the most effective method for infecting targets. Now that these vulnerabilities have been made publicly known, it's possible that we'll see an increase of their usage in attacks by this and other threat actors. That means it's very important for users to download the latest patch from Microsoft as soon as possible."
News URL
https://threatpost.com/microsoft-patch-tuesday-in-the-wild-exploits/166724/
Related news
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- February's Patch Tuesday sees Microsoft offer just 63 fixes (source)
- Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- February 2025 Patch Tuesday forecast: New directions for AI development (source)
- SonicWall firewall exploit lets hackers hijack VPN sessions, patch now (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-06-08 | CVE-2021-31956 | Integer Underflow (Wrap or Wraparound) vulnerability in Microsoft products Windows NTFS Elevation of Privilege Vulnerability | 0.0 |
2021-06-08 | CVE-2021-31955 | Unspecified vulnerability in Microsoft products Windows Kernel Information Disclosure Vulnerability | 0.0 |