Qualys Security Alerts: Microsoft and Adobe Patch Tuesday-June 2021

Qualys Security Alerts: Microsoft und Adobe Patch Tuesday – Juni 2021

Patch Management

Microsoft patched 50 CVEs in its Patch Tuesday release in June 2021, five of which are classified as critical severity. Six have applicable Exploits.

Bharat Jogi, Senior Manager, Vulnerability and Threat Research at Qualys

“There are seven zero-day vulnerabilities in Microsoft’s June 2021 Patch Tuesday release, with exploits “in the wild” observed for six of them. As always, we recommend that companies install the fixes for these vulnerabilities as soon as possible, with the actively exploited vulnerabilities taking precedence. Two of these zero-days discovered by Kaspersky were exploited in conjunction with Google Chrome and formed the basis for a chain of exploits in targeted attacks on several companies last April, ” says Bharat Jogi, Senior Manager, Vulnerability and Threat Research at Qualys

Critical Microsoft vulnerabilities patched

  • CVE-2021-31985 – Microsoft Defender Remote Code Execution Vulnerability
    Microsoft has released patches that address a critical RCE vulnerability in its Defender product (CVE-2021-31985). This CVE has a high probability of exploitability and is rated by the manufacturer with a CVSSv3 baseline of 7.8.
  • CVE-2021-31959 – Scripting Engine Memory Corruption Vulnerability
    Microsoft has released patches that address a critical memory corruption vulnerability in the Chakra JScript scripting engine. This vulnerability affects Windows RT, Windows 7, Windows 8, Windows 10, Windows Server 2008 R2, Windows Server 2012 (R2), and Windows Server 2016.
  • CVE-2021-31963 – Microsoft SharePoint Server Remote Code Execution Vulnerability
    Microsoft has released patches that fix a critical RCE in SharePoint Server. This CVE is assigned a basic CVSSv3 rating of 7.1 by the manufacturer.

Six 0-day vulnerabilities patched with exploits “in the wild

The following vulnerabilities need to be patched immediately, since there are active exploits “in the wild” for them:

  • CVE-2021-33742 – Windows MSHTML Platform Remote Code Execution Vulnerability
  • CVE-2021-33739 – Microsoft DWM Core Library Elevation of Privilege Vulnerability
  • CVE-2021-31956 – Windows NTFS Elevation of Privilege Vulnerability
  • CVE-2021-31955 – Windows Kernel Information Disclosure Vulnerability
  • CVE-2021-31201 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
  • CVE-2021-31199 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability

Adobe

Adobe addressed 41 CVEs in this patch Tuesday, 21 of which are considered critical. They concern the products Acrobat and Reader, Adobe Photoshop, Creative Cloud Desktop Application, RoboHelp Server, Adobe After Effects and Adobe Animate.

Patch Tuesday Dashboard

The latest updated Patch Tuesday Dashboards are available in the Dashboard Toolbox: 2021 Patch Tuesday Dashboard .

Webinar Series: This Month in Patches

To help customers take advantage of the seamless integration between Qualys VMDR and Patch Management and reduce the average time to address critical vulnerabilities, the Qualys Research team is hosting a monthly webinar series This Month in Patches .

It discusses how to patch some of the most important vulnerabilities in the previous month:

  • VMware vCenter Server Multiple Vulnerabilities
  • Ubuntu XStream Vulnerabilities
  • Microsoft Patch Tuesday-June 2021

About Patch Tuesday

Patch Tuesday QIDs are published under Security Alerts, usually in the late evening of Patch Tuesday, followed shortly after by the PT dashboards.

Ready to see us in action:

More To Explore

IWanta.tech
Logo
Enable registration in settings - general
Have any project in mind?

Contact us:

small_c_popup.png