Microsoft on Tuesday released another round of security updates for Windows operating systems and other supported software, squashing 50 vulnerabilities, including 6 zero-days that are said to be under active attack.
The flaws were identified and resolved in Microsoft Windows, .NET Core and Visual Studio, Microsoft Office, Microsoft Edge (Chromium-based and EdgeHTML), SharePoint Server, Hyper-V, Visual Studio Code – Kubernetes Tools, Windows HTML Platform, and Windows Remote Desktop.
Of these 50 bugs, five are rated Critical, and 45 are rated Important in severity, with three of the issues publicly known at the time of release. The vulnerabilities that being actively exploited are listed below –
- CVE-2021-33742 (CVSS score: 7.5) – Windows MSHTML Platform Remote Code Execution Vulnerability
- CVE-2021-33739 (CVSS score: 8.4) – Microsoft DWM Core Library Elevation of Privilege Vulnerability
- CVE-2021-31199 (CVSS score: 5.2) – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
- CVE-2021-31201 (CVSS score: 5.2) – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
- CVE-2021-31955 (CVSS score: 5.5) – Windows Kernel Information Disclosure Vulnerability
- CVE-2021-31956 (CVSS score: 7.8) – Windows NTFS Elevation of Privilege Vulnerability