Sunday, July 14, 2024
EHA

Microsoft Released a Security Update With The Fixes For 6 New Windows 0-Day Bugs

Recently, as a part of the June Patch, Microsoft has fixed 50 security flaws, among which 5 of them were rated critical, and the other 45 are classed as important in severity.

All the vulnerabilities have been patched by Microsoft that are present in the following products of Microsoft:-

  • Microsoft Office
  • .NET Core and Visual Studio
  • Edge browser
  • Windows Cryptographic Services
  • SharePoint
  • Outlook
  • Excel

Zero-day vulnerabilities

Apart from these things, Microsoft has also addressed 6 zero-day vulnerabilities, and among these 6 zero-day vulnerabilities, the security experts at Microsoft have detected that one of the flaws has been using a commercial exploit.

Here the list of all 6 zero-day vulnerabilities:-

  • CVE-2021-33742 (CVSS score: 7.5): Windows MSHTML Platform Remote Code Execution Vulnerability.
  • CVE-2021-33739 (CVSS score: 8.4): Microsoft DWM Core Library Elevation of Privilege Vulnerability.
  • CVE-2021-31199 (CVSS score: 5.2): Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability.
  • CVE-2021-31201 (CVSS score: 5.2): Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability.
  • CVE-2021-31955 (CVSS score: 5.5): Windows Kernel Information Disclosure Vulnerability.
  • CVE-2021-31956 (CVSS score: 7.8): Windows NTFS Elevation of Privilege Vulnerability.

However, to give all its users and administrators more time to install the patches, Microsoft has not yet unveiled any details of the vulnerabilities.

Among the 6 zero-day vulnerabilities, 4 vulnerabilities are privilege escalation flaws which imply that hackers might have exploited these security flaws to gain elevated permissions on the affected systems as part of the infection chain.

Moreover, the security researchers at Microsoft have asserted that the CVE-2021-33742 is an RCE vulnerability in the MSHTML component, which is part of the Internet Explorer web browser.

While Shane Huntley, the Google analyst has claimed, that the CVE-2021-33742 is not only abused by independent threat actors but also used by government hackers to attack targets in Eastern Europe and the Middle East.

The patches for CVE-2021-31201 and CVE-2021-31199 are related to the RCE issue CVE-2021-28550, which was already fixed last month by the developers at Adobe.

So, to protect your Windows system and avoid such security risks, Microsoft has strongly recommended all its users to install all the security updates immediately.

You can refer the complete patch details for the full list of vulnerabilities resolved, advisories, in the June 2021 Patch here.

Microsoft strongly recommended installing these security updates for all the windows users to avoid the security risk and protect your Windows.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Website

Latest articles

mSpy Data Breach: Millions of Customers’ Data Exposed

mSpy, a widely used phone spyware application, has suffered a significant data breach, exposing...

Advance Auto Parts Cyber Attack: Over 2 Million Users Data Exposed

RALEIGH, NC—Advance Stores Company, Incorporated, a prominent commercial entity in the automotive industry, has...

Hackers Using ClickFix Social Engineering Tactics to Deploy Malware

Cybersecurity researchers at McAfee Labs have uncovered a sophisticated new method of malware delivery,...

Coyote Banking Trojan Attacking Windows Users To Steal Login Details

Hackers use Banking Trojans to steal sensitive financial information. These Trojans can also intercept...

Hackers Created 700+ Fake Domains to Sell Olympic Games Tickets

As the world eagerly anticipates the Olympic Games Paris 2024, a cybersecurity threat has...

Japanese Space Agency Spotted zero-day via Microsoft 365 Services

The Japan Aerospace Exploration Agency (JAXA) has revealed details of a cybersecurity incident that...

Top 10 Active Directory Management Tools – 2024

Active Directory Management Tools are essential for IT administrators to manage and secure Active...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles