Microsoft has published a new release of monthly security patches for June 2021. If as a general rule in updating features we recommend waiting until their stability is proven, the security section is different and updates should be implemented as soon as possible.
And more so with this security bulletin that Microsoft publishes on the second Tuesday of each month and that in this edition corrects some vulnerabilities that are being exploited by cybercriminals. As with previous sets of patches, they are applied incrementally to Microsoft’s broad set of applications and services and this month includes patches for Windows, Office, Hyper-V, Defender, or the .NET Core & Visual Studio development platform, among others.
Microsoft has fixed 50 vulnerabilities this month, of varying depth. Five of them are critical and the six mentioned with known exploits and which are the most dangerous. The one labeled CVE-2021-33742, which allows remote code execution through the Windows MSHTML platform, stands out.
The bug is present on PCs and server platforms dating back to Windows 7. The method is the usual: A maliciously created web page or some other file can execute arbitrary code on the machine when opened and parsed with MSHTML, used by Internet Explorer and IE mode of the Edge browser and other applications via WebBrowser.
Of the other five exploited flaws four are privilege elevations. Although there is only one of those known as “information leakage” (CVE-2021-33739), these types of vulnerabilities are of preferred use by cybercriminals looking to move around networks and seed malware after an initial intrusion.
The five flaws rated as critical are also in high-value areas that criminals would love to exploit. Of particular note is the one affecting the built-in Microsoft Defender antivirus, the one for the Microsoft Store VP9 codecs, and the one for remote code execution in SharePoint which – considering the target – is sure to end up being exploited.
New Microsoft patches for Windows 10
In short, that you upgrade as soon as possible. For Windows 10 users, the cumulative update is KB5003637 and applies interchangeably to the last three stable versions released, 2004, 20H2, and 21H1. This is the first time that the same cumulative update is released for all versions. You already know the reasons. The last two are service packs of the first one and therefore share the same code base.
There are a lot of affected components that are now mainly updated:
- Updates to improve security when using input devices such as a mouse, keyboard, or stylus.
- Updates to improve the security of Windows OLE (compound documents).
- Updates to verify user names and passwords.
- Updates to improve security when Windows performs basic operations.
- Updates to store and manage files.
In Windows 10, you can install June security patches in two ways:
From the Settings app > Update & Security > Windows Update, where you’ll see “Cumulative Update for Windows 10 (KB5003637).” Click install and the system will update.
Through the Microsoft Update Catalog. Access its web page and type KB5003637 in the search box to download the version that your computer is using among the many that you will find, Windows 10 version, x86 or ARM architecture, and 32-bit or 64-bit editions. When finished downloading double click on the .msu file.
And what we talked about. In today’s world where malware is rampant on computers and networks, security updates are a must.