Security News > 2021 > June > Update Your Windows Computers to Patch 6 New In-the-Wild Zero-Day Bugs
Microsoft on Tuesday released another round of security updates for Windows operating system and other supported software, squashing 50 vulnerabilities, including six zero-days that are said to be under active attack.
The flaws were identified and resolved in Microsoft Windows,.
Microsoft didn't disclose the nature of the attacks, how widespread they are, or the identities of the threat actors exploiting them.
The Windows maker also noted that both CVE-2021-31201 and CVE-2021-31199 address flaws related to CVE-2021-28550, an arbitrary code execution vulnerability rectified by Adobe last month that it said was being "Exploited in the wild in limited attacks targeting Adobe Reader users on Windows."
"While we were not able to retrieve the exploit used for remote code execution in the Chrome web browser, we were able to find and analyze an elevation of privilege exploit that was used to escape the sandbox and obtain system privileges," Kaspersky Lab researchers said.
To install the latest security updates, Windows users can head to Start > Settings > Update & Security > Windows Update or by selecting Check for Windows updates.
News URL
Related news
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- New Windows Themes zero-day gets free, unofficial patches (source)
- Windows Themes zero-day bug exposes users to NTLM credential theft (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-02 | CVE-2021-28550 | Use After Free vulnerability in Adobe products Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. | 8.8 |
| 2021-06-08 | CVE-2021-31201 | Unspecified vulnerability in Microsoft products Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability | 5.2 |
| 2021-06-08 | CVE-2021-31199 | Unspecified vulnerability in Microsoft products Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability | 5.2 |