On Tuesday June 8th (“Patch Tuesday”) Microsoft released patches for multiple vulnerabilities, among which seven zero-day vulnerabilities. Of these, six are actively being exploited . We advise to install these patches as soon as possible.
On Tuesday June 8th Microsoft released patches for a large number of vulnerabilities, of which seven zero-day vulnerabilities. The zero-day vulnerabilities are tracked under the following CVE-numbers:
- CVE-2021-31955 – Windows Kernel Information Disclosure Vulnerability
- CVE-2021-31956 – Windows NTFS Elevation of Privilege Vulnerability
- CVE-2021-33739 – Microsoft DWM Core Library Elevation of Privilege Vulnerability
- CVE-2021-33742 – Windows MSHTML Platform Remote Code Execution Vulnerability
- CVE-2021-31199 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
- CVE-2021-31201 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
- CVE-2021-31968 – Windows Remote Desktop Services Denial of Service Vulnerability
In  you can find an overview of all patched vulnerabilities including their CVSS-score. Microsoft’s official release notes can be found at .
Of the patched vulnerabilities, several are very severe. Some of them, at least six, are actively being exploited.
Therefore we assess the impact as high.
Because some of these vulnerabilities are under active abuse, we estimate the risk as high.
What should you do?
Install the updates that were released yesterday as soon as possible.