Microsoft has published a new installment of the monthly security patches corresponding to June 2021. If as a general rule in the update of characteristics we recommend waiting until its stability is verified, the security section is different and the updates must be implemented at as soon as possible.
And more with this security bulletin that Microsoft publishes the second Tuesday of each month and that in this edition it fixes a series of vulnerabilities that are being exploited by cybercriminals. Like the previous sets of patches, they are applied incrementally to the broad set of Microsoft applications and services and this month includes patches for Windows, Office, Hyper-V, Defender or the .NET Core & Visual Studio development platform, among others.
June security patches
Microsoft has fixed 50 vulnerabilities this month, of varying depth. Five of them critical and the six mentioned with known exploits and which are the most dangerous. Highlights the one labeled as CVE-2021-33742, which allows remote code execution through the Windows MSHTML platform.
The error is present on PCs and server platforms dating back to Windows 7. The method is the usual one: A maliciously crafted web page or some other file can execute arbitrary code on the machine when opened and parsed with MSHTML, used by Internet Explorer and IE mode of Edge browser and other applications through WebBrowser.
Of the other five exploited flaws, four are privilege elevations. Although there is only one of those known as “information leakage” (CVE-2021-33739), these types of vulnerabilities are preferred by cybercriminals who seek to move through networks and spread malware after an initial intrusion.
The five critical flaws are also in high-value areas that criminals would love to exploit. The one that affects the integrated Microsoft Defender antivirus, that of the VP9 codecs from the Microsoft Store and that of remote code execution in SharePoint stands out, which – considering the objective – is sure to end up being exploited.
Patches in Windows 10
In summary, that you update as soon as possible. For Windows 10 users, the cumulative update is the KB5003637 and it applies indistinctly to the last three stable versions published, 2004, 20H2 and 21H1. This is the first time the same cumulative update has been released for all versions. You already know the reasons. The last two are Service Packs of the first and therefore share the same code base.
There are a lot of affected components that are now being updated, mainly:
- Updates to improve security when using input devices such as a mouse, keyboard, or stylus.
- Updates to improve the security of Windows OLE (compound documents).
- Updates to verify usernames and passwords.
- Updates to improve security when Windows performs basic operations.
- Updates to store and manage files.
In Windows 10, you can install the June security patches in two ways:
– From the Settings application> Update and security> Windows Update, where you will see the «Cumulative update for Windows 10 (KB5003637)». Click on install and the system will update.
– Through the Microsoft Update Catalog. Access their website and type KB5003637 in the search box to download the version that your computer is using among the many that you will find, Windows 10 version, x86 or ARM architecture and 32 or 64-bit editions. When you finish downloading, double click on the .msu file.
And what we talk about. In today’s world where malware roams across computers and networks, security updates are a must.