Microsoft announced patches for a half-century of CVEs this month, including seven zero-day vulnerabilities, six of which are being actively exploited in the wild.
The six vulnerabilities in question start with CVE-2021-31955, an information disclosure bug in Windows kernel, and remote code execution flaw CVE-2021-33742.
The rest are elevation of privilege bugs in Windows NTFS (CVE-2021-31956), the Microsoft Enhanced Cryptographic Provider (CVE-2021-31199 and CVE-2021-31201) and the Microsoft DWM Core Library (CVE-2021-33739).
In addition, CVE-2021-31968 is a denial of service vulnerability in Windows Remote Desktop Services, which has been publicly disclosed but not yet seen in attacks.
Chris Goettl, Ivanti senior director of product management and security, said that CVE-2021-31199 and CVE-2021-28550 are related to a previously exploited Adobe flaw, CVE-2021-28550, released in the Adobe Security Bulletin ID APSB21-29.
“Customers running affected versions of Microsoft Windows should install the June security updates to be fully protected from these three vulnerabilities,” he added. “This vulnerability affects Windows 7, Server 2008 and later Windows OS versions and is rated as ‘important’ with a CVSSv3 base score of 5.2, which could be missed in some organizations’ prioritization.”
In fact, many of the zero-days published on Tuesday don’t at first glance appear to be particularly risky for organizations due to their low CVSS scores.
“This brings a very important prioritization challenge to the forefront this month. Vendor severity ratings and scoring systems like CVSS may not reflect the real-world risk in many cases,” warned Goettl.
“Adopting a risk-based vulnerability management approach and using additional risk indicators and telemetry on real-world attack trends is vital to stay ahead of threats like modern ransomware.”
Elsewhere this month, Recorded Future senior solution architect, Allan Liska, urged sysadmins to focus on CVE-2021-31963, a critical remote code execution vulnerability in Microsoft SharePoint Server.
Although not previously disclosed or exploited in the wild, similar bugs have been used to deliver payloads, including ransomware in the past, he warned.