{"id":8446,"date":"2021-06-17T13:24:10","date_gmt":"2021-06-17T20:24:10","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=patch_watch&#038;p=8446"},"modified":"2023-03-03T14:34:40","modified_gmt":"2023-03-03T21:34:40","slug":"june-microsoft-patches-49-security-vulnerabilities","status":"publish","type":"patch_watch","link":"https:\/\/webdev.securin.xyz\/patch_watch\/june-microsoft-patches-49-security-vulnerabilities\/","title":{"rendered":"June: Microsoft Patches 49 Security Vulnerabilities"},"content":{"rendered":"<p dir=\"ltr\">Microsoft patched 49 unique security vulnerabilities this June. We analyzed all 49\u00a0 weaknesses and spotlighted the most important vulnerabilities that ought to be patched on priority.<\/p>\n<h2 dir=\"ltr\"><img decoding=\"async\" style=\"width: 800px; height: 491px;\" src=\"\/wp-content\/uploads\/2022\/10\/wp-1.png\" alt=\"\" \/><strong>Microsoft Patches: Overview<\/strong><\/h2>\n<p dir=\"ltr\">This June, Microsoft patched 49 vulnerabilities discovered earlier in 2021, including six publicly disclosed bugs.<\/p>\n<p dir=\"ltr\">Of these 49, Microsoft has fixed key vulnerabilities, including the following:<\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">16 CVEs classified as RCE bugs<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">13 CVEs with privilege escalation capabilities<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">\u00a05 CVEs linked to denial of service (DoS)<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">\u00a07 CVEs with information disclosure issues<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">\u00a04 CVEs associated with a security feature bypass<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">\u00a03 CVEs with spoofing flaws<\/p>\n<\/li>\n<\/ul>\n<h2 dir=\"ltr\"><strong>Zero-Day Vulnerabilities<\/strong><\/h2>\n<p dir=\"ltr\">Microsoft had released patches for seven zero-day vulnerabilities (<a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2021-31955\">CVE-2021-31955<\/a>, <a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2021-31956\">CVE-2021-31956<\/a>, <a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2021-33739\">CVE-2021-33739<\/a>, <a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2021-33742\">CVE-2021-33742<\/a>, <a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2021-31199\">CVE-2021-31199<\/a>, <a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2021-31201\">CVE-2021-31201<\/a>, and <a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2021-31968\">CVE-2021-31968<\/a>). Currently, six of these CVEs have publicly known exploits under active attack and must be prioritized for patching.<\/p>\n<p dir=\"ltr\">Additionally, a new threat group called PuzzleMaker leveraged two zero-day exploits (<a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2021-31955\">CVE-2021-31955<\/a> and <a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2021-31956\">CVE-2021-31956<\/a>) with a remote code execution weakness to target high-profile systems. The threat group utilized these two CVEs to execute malware modules with system privileges on compromised Windows 10 systems. To put a stop to this, Microsoft released patches for these two exploits.<\/p>\n<p>However, organizations need to be wary of these two CVEs and ensure that they are patched immediately. Both vulnerabilities are of a high severity with a CWE of 200 (Exposure of Sensitive Information to an Unauthorized Actor) and 269 (Improper Privilege Management) classified under the <a href=\"https:\/\/cwe.mitre.org\/top25\/archive\/2020\/2020_cwe_top25.html\">Top 25 Most Dangerous Software Weaknesses.<\/a><\/p>\n<h2><strong>Product Analysis<\/strong><\/h2>\n<p>In this Patch Watch, we focus on patches that were issued for 11 products. The Windows server accounted for 26 vulnerabilities, of which 12 have been categorized with privilege escalation capabilities, and two have been marked for remote code execution.<\/p>\n<h2 dir=\"ltr\"><img decoding=\"async\" style=\"width: 650px; height: 345px;\" src=\"\/wp-content\/uploads\/2022\/10\/wp-2.png\" alt=\"\" \/><\/h2>\n<h2 dir=\"ltr\"><strong>Severity<\/strong><\/h2>\n<p dir=\"ltr\">Notably, five of these 26 vulnerabilities have been marked critical and under remote code execution flaws.<\/p>\n<p><img decoding=\"async\" style=\"width: 500px; height: 458px;\" src=\"\/wp-content\/uploads\/2022\/10\/microsoft-june-patches.png\" alt=\"\" \/><\/p>\n<p><iframe class=\"airtable-embed\" style=\"background: transparent; border: 1px solid #ccc;\" src=\"https:\/\/airtable.com\/embed\/shrDc4ZpdPkSSe2bb?backgroundColor=cyan&amp;viewControls=on\" width=\"100%\" height=\"533\" frameborder=\"0\"><\/iframe><\/p>\n<p><strong>Table: June Microsoft Security Patches 2021<\/strong><\/p>\n<p>Despite releasing a set of fixes in June, Microsoft still has several vulnerabilities that need to be addressed. These CVEs need immediate patching based on their risk potential. Therefore, we urge all Microsoft users to update the latest version of the software to reduce their attack surface and risk.<\/p>\n<p>&nbsp;<\/p>\n<h2 dir=\"ltr\" style=\"text-align: center;\"><strong>Does your organization have a patch management program? <a href=\"https:\/\/cybersecurityworks.com\/get-quote.php\">Talk to CSW experts to prioritize weaknesses that need immediate attention!<\/a><\/strong><\/h2>\n<h2 style=\"text-align: center;\"><\/h2>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft patched 49 unique security vulnerabilities this June. We analyzed all 49\u00a0 weaknesses and spotlighted the most important vulnerabilities that ought to be patched on priority. Microsoft Patches: Overview This June, Microsoft patched 49 vulnerabilities discovered earlier in 2021, including six publicly disclosed bugs. Of these 49, Microsoft has fixed key vulnerabilities, including the following: [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":14440,"parent":0,"menu_order":0,"template":"","meta":{"content-type":""},"patch_category":[290],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_watch\/8446"}],"collection":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_watch"}],"about":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/types\/patch_watch"}],"author":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/users\/1"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media\/14440"}],"wp:attachment":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media?parent=8446"}],"wp:term":[{"taxonomy":"patch_category","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_category?post=8446"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}