Security News > 2021 > June > Microsoft Patch Tuesday Fixes 6 In-The-Wild Exploits, 50 Flaws

Microsoft jumped on 50 vulnerabilities in this month's Patch Tuesday update, issuing fixes for CVEs in Microsoft Windows,.

The six CVEs under active attack in the wild include four elevation of privilege vulnerabilities, one information disclosure vulnerability and one remote code execution vulnerability.

Jay Goodman, director of product marketing at Automox, said in a blog post that an attacker exploiting this vulnerability "Could take control of a system where they would be free to install programs, view or change data, or create new accounts on the target system with full user rights."While Microsoft reports that this vulnerability is less likely to be exploited,Goodman suggested that organizations don't let it slide: "Patching critical vulnerabilities in the 72-hour window before attackers can weaponize is an important first step to maintaining a safe and secure infrastructure," he observed.

The Zero Day Initiative's Dustin Childs noted in his Patch Tuesday analysis that since the vulnerability is in the Trident engine itself, many different applications are affected, not just Internet Explorer.

Kaspersky experts did find and analyze the second exploit, however: An elevation of privilege exploit that exploits two distinct vulnerabilities in the Microsoft Windows OS kernel: CVE-2021-31955 and CVE-2021-31956.

"It's a reminder that zero days continue to be the most effective method for infecting targets. Now that these vulnerabilities have been made publicly known, it's possible that we'll see an increase of their usage in attacks by this and other threat actors. That means it's very important for users to download the latest patch from Microsoft as soon as possible."

News URL

https://threatpost.com/microsoft-patch-tuesday-in-the-wild-exploits/166724/