Patch Tuesday Higlights - June 2021


Microsoft fixed 49 vulnerabilities in its June Patch Tuesday updates, including fixes for six that are known to be exploited in the wild and two that have been publicly disclosed. All known exploited and publicly disclosed vulnerabilities are in the OS so applying your June operating system update will take care of them. Here’s our callout of security updates and issues we think you’ll want to be aware of.

Newsworthy Events

  • Windows 10 21H1 released on May 18. Microsoft provided enablement packages to update from Windows 10 2004 or Windows 10 20H2. Below is an excerpt from KB5000736 explaining the enablement packages, which are available in your ZENworks patch feed. Notice that a prerequisite is to have the latest 2004 or 20H2 monthly quality update installed (May 2021 or later).

    Windows 10, versions 2004, 20H2, and 21H1 share a common core operating system with an identical set of system files. Therefore, the new features in Windows 10, version 21H1 are included in the latest monthly quality update for Windows 10, version 2004 and Windows 10, version 20H1, but are in an inactive and dormant state. These new features will remain dormant until they are turned on through the “enablement package,” a small, quick-to-install “master switch” that activates the Windows 10, version 21H1 features.

  • ZDNet published an interesting article about the PuzzleMaker attacks. The Puzzlemaker attackers chained an earlier Google Chrome vulnerability with two of this month’s Microsoft Windows OS zero-day vulnerabilities to exploit a machine’s sandbox environment to gain access to the machine. It’s a good read and a good reminder of damage that can be done when older vulnerabilities are left unpatched.
  • The U.S. Federal authorities recovered more than $2 million in cryptocurrency that Colonial Pipeline paid in ransom to the Russian hacker ring Darkside. You can get the details about how they did it here.

Quick Take

Windows Server 2019 Updates

Windows Server 2016 Updates

Windows 10 Updates

Windows 8.1 / Windows Server 2012 R2 Updates

  • CRITICAL Severity: The Security Monthly Quality Rollup (KB5003671) resolves 19 new CVEs, including 4 known exploited (CVE-2021-31199, CVE-2021-31201, CVE-2021-31956, CVE-2021-33742) and 1 publicly disclosed (CVE-2021-31968).
  • CRITICAL Severity: The Security Only Quality Update (KB5003681) resolves 16 new CVEs, none of which are publicly disclosed or known exploited.
  • CRITICAL Severity: The Cumulative Security Update for Internet Explorer 11 (KB5003636) resolves 3 new CVEs, including 1 known exploited (CVE-2021-33742). Apply it with the Security Only Quality Update (KB5003681). It is not needed with the Security Monthly Quality Rollup (KB5003671).

Windows Server 2012 Updates

Windows 7 / Windows Server 2008 R2 Extended Security Updates

Windows Server 2008 Extended Security Updates

Microsoft SharePoint Server

Microsoft Office 2013–2016 (Windows) and 2016-2019 (Mac)

Microsoft 365 Apps (formerly Office 365 ProPlus) and Office 2019

Adobe Acrobat and Reader

  • CRITICAL Severity: APSB21-37 resolves 5 CVEs across all current versions: CVE-2021-28551, CVE-2021-28552, CVE-2021-28554, CVE-2021-28631, and CVE-2021-28632.

Third-Party Security Updates

  • Google Chrome 91.0.4472.101 (resolves 14 CVEs)
  • Mozilla Firefox 89.0 (resolves 9 CVEs)
  • Mozilla Firefox 78.11.0 ESR (resolves 2 CVEs)
  • Mozilla Thunderbird 78.11.0 (resolves 2 CVEs)


Patch Management
Comment List