Microsoft patched 6 zero-day vulnerabilities in Windows 10

If you are using Windows operating system, you should immediately update the patch Microsoft sent on June 8. According to Microsoft, six zero-day vulnerabilities are being exploited by hackers.

The most severe vulnerability (CVE-2021-33742) allows malicious websites to attack computers via Internet Explorer and other Microsoft programs. Microsoft Edge will also be affected if running in Internet Explorer mode.

Google's risk analysis team discovered the vulnerability last week. Shane Huntley, a member of the group, said it appeared to be developed by a commercial criminal organization for clients in the Middle East or Western Europe.

In addition, there are two other zero-day vulnerabilities (CVE-2021-31955 and 31956) that were used in conjunction with Chrome browser bugs in the wave of targeted attacks against various companies in April. However, at the end of April, the Chrome vulnerabilities were patched.

The two zero-day vulnerabilities CVE-2021-31199 and 31201 appear to be used in conjunction with a bug in the Adobe Reader program, which was patched by Adobe in May. The Adobe Reader vulnerability allows attackers to break into the system. , then thanks to a Microsoft vulnerability, an attacker can 'escalate privileges' to take full control.

The last zero-day vulnerability (CVE-2021-33739) is also a privilege escalation vulnerability. Microsoft did not disclose many details, but only revealed that it can be used after an attacker enters the system through phishing or other forms.

Obviously, Microsoft considers these zero-day vulnerabilities very dangerous because the company patched both Windows 7, Windows 8.1 and Windows 10. Windows 7 officially stopped supporting from January 2020 and will not receive updates. No more security, though Microsoft has quietly addressed the worst bugs of the operating system in the last few Patch Tuesday updates.

Kareem Winters

Update 10 June 2021