Security News > 2021 > June > Microsoft Patches Six Zero-Day Security Holes
Microsoft today released another round of security updates for Windows operating systems and supported software, including fixes for six zero-day bugs that malicious hackers already are exploiting in active attacks.
June's Patch Tuesday addresses just 49 security holes - about half the normal number of vulnerabilities lately.
CVE-2021-31956, an elevation of privilege flaw in Windows NTFS-CVE-2021-33739, an elevation of privilege flaw in the Microsoft Desktop Window Manager.
Microsoft also patched five critical bugs - flaws that can be remotely exploited to seize control over the targeted Windows computer without any help from users.
CVE-2021-31959 affects everything from Windows 7 through Windows 10 and Server versions 2008, 2012, 2016 and 2019.
If you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, see this guide.
News URL
https://krebsonsecurity.com/2021/06/microsoft-patches-six-zero-day-security-holes/
Related news
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) (source)
- Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild (source)
- The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short (source)
- Microsoft warns it lost some customer's security logs for a month (source)
- Microsoft lost some customers’ cloud security logs (source)
- Microsoft Entra "security defaults" to make MFA setup mandatory (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-08 | CVE-2021-33739 | Unspecified vulnerability in Microsoft products Microsoft DWM Core Library Elevation of Privilege Vulnerability | 0.0 |
| 2021-06-08 | CVE-2021-31959 | Unspecified vulnerability in Microsoft products Scripting Engine Memory Corruption Vulnerability | 0.0 |
| 2021-06-08 | CVE-2021-31956 | Integer Underflow (Wrap or Wraparound) vulnerability in Microsoft products Windows NTFS Elevation of Privilege Vulnerability | 0.0 |