Security News > 2021 > June > Update Your Windows Computers to Patch 6 New In-the-Wild Zero-Day Bugs
Microsoft on Tuesday released another round of security updates for Windows operating system and other supported software, squashing 50 vulnerabilities, including six zero-days that are said to be under active attack.
The flaws were identified and resolved in Microsoft Windows,.
Microsoft didn't disclose the nature of the attacks, how widespread they are, or the identities of the threat actors exploiting them.
The Windows maker also noted that both CVE-2021-31201 and CVE-2021-31199 address flaws related to CVE-2021-28550, an arbitrary code execution vulnerability rectified by Adobe last month that it said was being "Exploited in the wild in limited attacks targeting Adobe Reader users on Windows."
"While we were not able to retrieve the exploit used for remote code execution in the Chrome web browser, we were able to find and analyze an elevation of privilege exploit that was used to escape the sandbox and obtain system privileges," Kaspersky Lab researchers said.
To install the latest security updates, Windows users can head to Start > Settings > Update & Security > Windows Update or by selecting Check for Windows updates.
News URL
Related news
- New Windows zero-day exposes NTLM credentials, gets unofficial patch (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
- New Windows Server 2012 zero-day gets free, unofficial patches (source)
- Microsoft says premature patch could make Windows Recall forget how to work (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-02 | CVE-2021-28550 | Unspecified vulnerability in Adobe products Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. | 8.8 |
| 2021-06-08 | CVE-2021-31201 | Unspecified vulnerability in Microsoft products Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability | 0.0 |
| 2021-06-08 | CVE-2021-31199 | Unspecified vulnerability in Microsoft products Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability | 0.0 |