In this month’s Patch Tuesday update, Microsoft issued fixes for 5 critical exploits and 45 vulnerabilities rated important in severity in Microsoft Windows, .NET Core, and Visual Studio, Microsoft Office, Microsoft Edge, SharePoint Server, Hyper-V, Visual Studio Code, and more. Microsoft researchers discovered a highly targeted malware campaign that has been operating since April perpetrated by a new, unknown threat actor. Two of the vulnerabilities patched this month were utilized by the malicious group during the campaign, therefore the flaws are under active attack.
This month saw six fewer patches than Microsoft’s May Patch Tuesday, however, there were more critical vulnerabilities included this month. The actively exploited vulnerabilities patched this month can enable an attacker to hijack a system. Users should patch the flaws immediately as security experts recommend. The flaws have no workarounds, and therefore users are vulnerable without the patch. The six critical CVEs under attack in the wild include four elevation of privilege vulnerabilities, one information disclosure flaw, and one remote code execution vulnerability.
Read more: Microsoft Patch Tuesday Fixes 6 In-The-Wild Exploits, 50 Flaws