Microsoft rolled out a new round of 50 security fixes for critical bugs affecting the Windows 10 OS and supported software this Tuesday, June 8th, including six zero-day vulnerabilities that are being actively exploited by hackers. Microsoft releases these important patches on the second Tuesday of every month, and while there weren’t as many in June as we’re used to seeing, the bugs that the company did address appear to be incredibly dangerous, which is why you should update any Windows 10 devices that you own as soon as possible.
The fixes that Microsoft released were for a number of products including, Windows 10, .NET Core and Visual Studio, Microsoft Office, the Microsoft Edge browser, SharePoint, Outlook, and Excel. Five of the CVEs (Common Vulnerabilities and Exposures) are considered critical, while the other 45 are deemed important. Regardless, the latest batch of patches should solve all of them.
Here are the relevant details regarding the six zero-day exploits that Microsoft patched:
- CVE-2021-31955: Windows Kernel Information Disclosure Vulnerability. Rating: Important. CVSS 5.5
- CVE-2021-31956: Windows NTFS Elevation of Privilege Vulnerability. Rating: Important. CVSS 7.8
- CVE-2021-33739: Microsoft DWM Core Library Elevation of Privilege Vulnerability. Rating: Important. CVSS 8.4
- CVE-2021-33742: Windows MSHTML Platform Remote Code Execution Vulnerability. Rating: Critical. CVSS 7.5
- CVE-2021-31199: Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability. Rating: Important. CVSS 5.2
- CVE-2021-31201: Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability. Rating: Important. CVSS 5.2
Zero Day Initiative does a great job of rounding up all of the most significant security updates across the industry, and Dustin Childs wrote up an extensive explainer covering Microsoft’s June 2021 patches, if you’re interested in learning more.
Whether or not you care about the details, you should make sure that your Windows 10 devices are up to date. You can do so by clicking on the Start button, opening the Settings menu, and clicking on the Windows Update button at the top of the window. Next, click on “Check for Updates,” and if there are any available, be sure to download and install them right away.
“While these vulnerabilities have already been exploited in the wild as zero-days, it is still vital that organisations apply these patches as soon as possible,” said Satnam Narang, staff research engineer at cybersecurity company Tenable, about the patches. “Unpatched flaws remain a problem for many organisations months after patches have been released.”