Microsoft has successfully patched six zero-day bugs this week. The Redmond giant issued that there was a series of security updates that would be released for the Windows OS and its software.
On Tuesday, June 8, the company fixed 49 security flaws that are less than the usual number of vulnerabilities.
At the moment, the cybersecurity team of the tech titan is acting fast to guarantee safety for its systems. Microsoft has also cautioned others that the hackers behind the malware attack are still exploiting other entities whose cybersecurity foundation is weak.
What Are the Zero-Days Encountered by Microsoft This Week?
Microsoft has patched zero-day vulnerabilities this week.
According to Threatpost on Tuesday, June 8, six flaws were still attacking other systems. The company stated that they are all zero-day security threats.
These zero-days have recently attacked the tech giant:
-
CVE-2021-33742, a remote code execution bug in a Windows HTML component.
-
CVE-2021-31955, an information disclosure bug in the Windows Kernel
-
CVE-2021-31956, an elevation of privilege flaw in Windows NTFS
-
CVE-2021-33739, an elevation of privilege flaw in the Microsoft Desktop Window Manager
-
CVE-2021-31201, an elevation of privilege flaw in the Microsoft Enhanced Cryptographic Provider
-
CVE-2021-31199, an elevation of privilege flaw in the Microsoft Enhanced Cryptographic Provider
Immersive Labs cyber threat research director, Kevin Breen commented that the attackers are taking the opportunity to launch the remote code execution bugs. After penetrating the network, the attacker would now move to reach the domain of the system.
"This can be hugely damaging in the event of ransomware attacks, where high privileges can enable the attackers to stop or destroy backups and other security tools," Breen added.
Read Also: 11 Zero-Day Vulnerabilities Recorded - Android, iOS, and Windows Devices Are Infected
Breen continued that so far, the most important chunk of information should be addressed and that is the "exploit detected" tag which is being utilized by the notorious cyber criminals.
Microsoft Has Also Fixed Five Critical Bugs
According to Brian Krebbs on Security Boulevard, not only the zero-day vulnerabilities were fixed in the process, but also the five flaws that gained control of the vulnerable Windows OS. For instance, CVE-2021-31959 has also affected OS from Windows 7 to Windows 10, as well as 2008, 2012, 2016, and 2019 Server versions.
Furthermore, CVE-2021-31963 has also accessed Sharepoint while Adobe issued a patch for zero-day bugs including CVE-2021-31201 and CVE-2021-31199 which hit Adobe Adobe Reader and Acrobat.
Besides the latest update for the two Adobe software, Adobe Photoshop, Adobe Connect, and Creative Cloud has also received necessary patch updates.
Last month, Apple encountered a zero-day flaw in its iOS 14.5 which gains access to the user's information. The bug which was CVE-2021-30661 has been addressed by the Cupertino firm.
In particular, the exploitations have targeted the Apple Mail, Safari browser, and other Apple apps through the Webkit system. The hackers have made use of an executable code for Safari.
Related Article: Microsoft Exchange Servers Get Hacked--Company Publishes Mitigation Technique to Stop Chained Attack
This article is owned by Tech Times
Written by Joseph Henry
