Microsoft jumped on 50 vulnerabilities in this month’s Patch Tuesday update, issuing fixes for CVEs in Microsoft Windows, .NET Core and Visual Studio, Microsoft Office, Microsoft Edge (Chromium-based and EdgeHTML), SharePoint Server, Hyper-V, Visual Studio Code – Kubernetes Tools, Windows HTML Platform, and Windows Remote Desktop. Five of the CVEs are rated Critical and 45 are rated Important in severity. Microsoft reported that six of the bugs are currently under active attack, while three are publicly known at the time of release. The number might seem light – it represents six fewer patches than Microsoft released in May – but the number of critical vulnerabilities ticked up to five month-over-month. Those actively exploited vulnerabilities can enable an attacker to hijack a system. They have no workarounds, so some security experts are recommending that they be patched as the highest priority. The six CVEs under active attack in the wild include four elevation of privilege vulnerabilities, one information disclosure vulnerability and one remote code execution (RCE) vulnerability. Critical Bugs of Note CVE-2021-31985 is a critical RCE vulnerability in Microsoft’s Defender antimalware software that should grab attention. A similar, critical bug in Defender was patched in January. The most serious of the year’s first Patch Tuesday, that earlier Defender bug was an RCE vulnerability that came under active exploit. Another critical flaw is CVE-2021-31963, a Microsoft…
https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2021-06-08 17:45:002021-06-08 17:45:00Microsoft Patch Tuesday Fixes 6 In-The-Wild Exploits
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org