June 2021 Patch Tuesday has seen Microsoft release patches to correct 50 vulnerabilities across its range of products, including 7 zero-day vulnerabilities. Five vulnerabilities are rated critical and 45 have been rated important.
6 of the zero-day vulnerabilities patches this week are known to have been exploited in the wild. While these flaws have been exploited, all have been rated important. These are:
- CVE-2021-31199 – Microsoft Enhanced Cryptographic Provider elevation of privilege vulnerability (CVSS 5.2)
- CVE-2021-31201 – Microsoft Enhanced Cryptographic Provider elevation of privilege vulnerability (CVSS 5.2)
- CVE-2021-31955 – Windows Kernel information disclosure vulnerability (CVSS 5.5)
- CVE-2021-31956 – Windows NTFS elevation of privilege vulnerability (CVSS 7.8)
- CVE-2021-33739 – Microsoft DWM Core Library elevation of privilege vulnerability (CVSS 8.4)
- CVE-2021-33742 – Windows MSHTML Platform remote code execution vulnerability (CVSS 7.5)
The 7th zero-day, tracked as CVE-2021-31968 (CVSS 6.5), is a Windows Remote Desktop Services denial of service vulnerability. The vulnerability has been publicly disclosed, but it is not believed to have been exploited in the wild.
There are no workarounds for the actively exploited vulnerabilities. Patches need to be applied to correct the flaws.
The critical vulnerabilities patched this month are:
- CVE-2021-31963 – RCE vulnerability in Microsoft SharePoint Server
- CVE-2021-31959 – Microsoft Scripting Engine memory corruption vulnerability
- CVE-2021-31967 – Microsoft Windows Codecs Library RCE vulnerability in VP9 Video Extensions
- CVE-2021-31985 – Windows Defender RCE vulnerability
- CVE-2021-31742 – Windows MSHTML Platform RCE vulnerability
Adobe Issues Fixes for 41 Vulnerabilities
Adobe has released updates to correct 41 vulnerabilities across 10 of its products, 21 of which are critical flaws, 17 are rated important, and 3 rated moderate.
Patches have been released for Adobe After Effects (17), Adobe Acrobat and reader (5) Adobe Animate (8), Adobe Experience Manager (4), Adobe Photoshop (2), Adobe Creative Cloud Desktop Application (2), Adobe Connect (1), Adobe Premiere Elements (1), Adobe Photoshop Elements 91), and Adobe RoboHelp Server (1).
None of the vulnerabilities are known to have been exploited in the wild, although prompt patching is recommended.