Published: June 23, 2021 on our newsletter Security Fraud News & Alerts Newsletter.
Microsoft’s June Patch Tuesday fixes fifty security flaws including six zero-day vulnerabilities labeled as “critical or high priority” and over forty flaws classified as “important.” The software giant created their Patch Tuesday campaign in 2003 to keep system administrators from having to scramble for updates released at any given time. The program continues to be highly popular with all Microsoft users since it patches any number of malware attacks due to system security flaws.
The second Tuesday of the month is officially Patch Tuesday for Microsoft, with the company having an estimated 1.5 billion Windows users globally. Microsoft always urges their users to update their devices ASAP. This latest Patch Tuesday addresses a plethora of security bugs, especially for several zero-day flaws that were previously unknown and are now patched.
Zero-Day Attacks Revealed
The added urgency of this security release surrounds patches for the six uncovered zero-day flaws.
Zero-day attacks abuse these flaws and are considered advanced cyberattacks. They are yet-to-be discovered flaws in hardware or software that attackers exploit until a developer or someone else realizes something is wrong. A security patch is created and then released to resolve the vulnerability issue. Zero-day exploits leave little hope of detection since they evade most anti-virus software. That makes them highly successful exploits, that is, until they are discovered and patched as they are in this latest Microsoft release.
The CVE (common vulnerabilities and exposures) ID numbers for the six zero-day flaws are listed here: CVE-2021-31955; CVE-2021-31956; CVE-2021-33739; CVE-2021-33742; CVE-2021-31199; CVE-2021-31201.
Don’t Wait to Update
When security updates are released, they should always be applied as quickly as possible. As with Microsoft’s latest patches, all updates are important, and some, like the zero-day fixes, can keep you safe as soon as they’re applied. Researchers at Kaspersky found a customized zero-day exploit launched before Microsoft’s latest Patch Tuesday.
According to the researchers, a new threat group called PuzzleMaker used a Windows 10 customized zero-day exploit to launch highly-targeted attacks against several companies worldwide. The vulnerability allowed PuzzleMaker to first gain elevated privileges. From there, Kaspersky found the attackers were “…able to download and upload files, create processes, sleep for certain periods of time, and delete itself from the infected system.” Although this particular exploit targeted businesses, the same can be done to individuals. Remember, all updates are important, especially those directly having to do with security. As such, waiting to update should never be an option.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com
Comments