Security News > 2021 > June > Extra urgency in June's Patch Tuesday: Microsoft warns six more bugs are being exploited
Microsoft's traditional Patch Tuesday saw the software giant release fixes for 50 flaws, and a reminder to apply updates as soon as possible because six of them are being exploited in the wild by miscreants.
A maliciously crafted webpage or some other file can execute arbitrary code on the machine when opened and parsed by MSHTML, which is "Used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control," according to Microsoft.
Details of one of the exploited privilege-escalation bugs.
An additional important denial-of-service vulnerability with Remote Desktop Services, CVE-2021-31968, that goes back to Windows 7 has been publicly disclosed, too, Microsoft notes, but not yet exploited in the wild.
One critical issue is in Microsoft Defender, though that'll be automatically patched, as will the critical VP9 codecs flaw from the Microsoft Store.
Adobe says none of the flaws are being actively exploited in the wild, as far as anyone knows, though patching as soon as possible is advised.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/06/09/june_patch_tuesday/
Related news
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- February's Patch Tuesday sees Microsoft offer just 63 fixes (source)
- Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance (source)
- Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- Windows Patch Tuesday hits snag with Citrix software, workarounds published (source)
- February 2025 Patch Tuesday forecast: New directions for AI development (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-08 | CVE-2021-31968 | Unspecified vulnerability in Microsoft products Windows Remote Desktop Services Denial of Service Vulnerability | 0.0 |