Microsoft patched 50 CVEs in their June 2021 Patch Tuesday release, and five of them are rated as critical severity. Six have applicable exploits.

CVE-2021-31985 - Microsoft Defender Remote Code Execution Vulnerability

Microsoft released patches addressing a critical RCE vulnerability in its Defender product (CVE-2021-31985). This CVE has a high likelihood of exploitability and is assigned a CVSSv3 base score of 7.8 by the vendor.

CVE-2021-31959 - Scripting Engine Memory Corruption Vulnerability

Microsoft released patches addressing a critical memory corruption vulnerability in the Chakra JScript scripting engine. This vulnerability impacts Windows RT, Windows 7, Windows 8, Windows 10, Windows Server 2008 R2, Windows Server 2012 (R2) and Windows Server 2016. An adversary can exploit this vulnerability when the target user opens a specially crafted file.

CVE-2021-31963 - Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft released patches addressing a critical RCE in SharePoint Server. This CVE is assigned a CVSSv3 base score of 7.1 by the vendor.

The following vulnerabilities need immediate attention for patching since they have active exploits in the wild:

CVE-2021-33742 - Windows MSHTML Platform Remote Code Execution Vulnerability

CVE-2021-33739 - Microsoft DWM Core Library Elevation of Privilege Vulnerability

CVE-2021-31956 - Windows NTFS Elevation of Privilege Vulnerability

CVE-2021-31955 - Windows Kernel Information Disclosure Vulnerability

CVE-2021-31201 - Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability

CVE-2021-31199 - Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability

Adobe addressed 41 CVEs this Patch Tuesday, and 21 of them are rated as critical severity impacting Acrobat and Reader, Adobe Photoshop, Creative Cloud Desktop Application, RoboHelp Server, Adobe After Effects, and Adobe Animate products.

The current updated Patch Tuesday dashboards are available in Dashboard Toolbox: 2021 Patch Tuesday Dashboard.

To help customers leverage the seamless integration between Qualys VMDR and Patch Management and reduce the median time to remediate critical vulnerabilities, the Qualys Research team is hosting a monthly webinar series This Month in Patches.

We discuss some of the key vulnerabilities disclosed in the past month and how to patch them:

VMware vCenter Server Multiple Vulnerabilities

Ubuntu XStream Vulnerabilities

Microsoft Patch Tuesday, June 2021

Join us live or watch on demand!

Patch Tuesday QIDs are published at Security Alerts, typically late in the evening of Patch Tuesday, followed shortly after by PT dashboards.

