Microsoft today released another round of security updates for Windows operating systems and supported software, including fixes for six zero-day bugs that malicious hackers already are exploiting in active attacks.
June’s Patch Tuesday addresses just 49 security holes — about half the normal number of vulnerabilities lately. But what this month lacks in volume it makes up for in urgency: Microsoft warns that bad guys are leveraging a half-dozen of those weaknesses to break into computers in targeted attacks.
Among the zero-days are:
–CVE-2021-33742, a remote code execution bug in a Windows HTML component.–CVE-2021-31955, an information disclosure bug in the Windows Kernel–CVE-2021-31956, an elevation of privilege flaw in Windows NTFS–CVE-2021-33739, an elevation of privilege flaw in the Microsoft Desktop Window Manager–CVE-2021-31201, an elevation of privilege flaw in the Microsoft Enhanced Cryptographic Provider–CVE-2021-31199, an elevation of privilege flaw in the Microsoft Enhanced Cryptographic Provider
Kevin Breen, director of cyber threat research at Immersive Labs, said elevation of privilege flaws are just as valuable to attackers as remote code execution bugs: Once the attacker has gained an initial foothold, he can move laterally across the network and unco ..
Support the originator by clicking the read the rest link below.
