Six actively abused zerodays in Windows fixed with the June update
Microsoft patched six zero-day vulnerabilities that were actively being exploited in the June update. One of these six vulnerabilities is classified as critical. The vulnerability resides in the MSHTML platform.
Microsoft reports the zero days in the patch release notes. Of the six exploited vulnerabilities, CVE-2021-33742 has been identified as critical. The vulnerability in the MSHTML platform enables remote code execution via Internet Explorer and other applications that use MSHTML, among others. The vulnerability was discovered by Google’s Threat Analysis Group.
The other five vulnerabilities have been marked as ‘important’. These are CVE-2021-31955, CVE-2021-31956, CVE-2021-33739, CVE-2021-31199, and CVE-2021-31201.
Finally, there was a seventh zero day, but according to Microsoft, this has not been abused as far as is known. This is a vulnerability in Windows Remote Desktop: CVE-2021-31968. In total, Microsoft fixes fifty security vulnerabilities in Windows with the June update.