Microsoft May 2021 Patch Tuesday fixes 55 flaws, 3 zero-days

3 years ago 150
BOOK THIS SPACE FOR AD
ARTICLE AD

Today is Microsoft's May 2021 Patch Tuesday, and with it comes three zero-day vulnerabilities, so Windows admins will be rushing to apply updates. 

With today's update, Microsoft has fixed 55 vulnerabilities, with four classified as Critical, 50 as Important, and one as Moderate.

The three zero-day vulnerabilities patched today were publicly disclosed but not known to be used in attacks.

As part of today's Patch Tuesday, Microsoft has fixed three publicly disclosed vulnerabilities.

The following four vulnerabilities Microsoft states were publicly exposed but not exploited:

The CVE-2021-31200 vulnerability is for Microsoft's NNI (Neural Network Intelligence) toolkit. This vulnerability was disclosed by Abhiram V of Resec System in a GitHub commit.

The CVE-2021-31207 Microsoft Exchange vulnerability was used by in the 2021 Pwn2Own hacking challenge. It is not clear if it is the vulnerability disclosed by Devcore or Team Viettel.

It is expected that threat actors will analyze the patches to create exploits for the vulnerabilities, especially the one for Microsoft Exchange. Therefore it is vital to apply the security updates as soon as possible.

Below is the full list of resolved vulnerabilities and released advisories in the May 2021 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

Tag CVE ID CVE Title Severity
.NET Core & Visual Studio CVE-2021-31204 .NET and Visual Studio Elevation of Privilege Vulnerability Important
HTTP.sys CVE-2021-31166 HTTP Protocol Stack Remote Code Execution Vulnerability Critical
Internet Explorer CVE-2021-26419 Scripting Engine Memory Corruption Vulnerability Critical
Jet Red and Access Connectivity CVE-2021-28455 Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability Important
Microsoft Accessibility Insights for Web CVE-2021-31936 Microsoft Accessibility Insights for Web Information Disclosure Vulnerability Important
Microsoft Bluetooth Driver CVE-2021-31182 Microsoft Bluetooth Driver Spoofing Vulnerability Important
Microsoft Dynamics Finance & Operations CVE-2021-28461 Dynamics Finance and Operations Cross-site Scripting Vulnerability Important
Microsoft Exchange Server CVE-2021-31195 Microsoft Exchange Server Remote Code Execution Vulnerability Important
Microsoft Exchange Server CVE-2021-31209 Microsoft Exchange Server Spoofing Vulnerability Important
Microsoft Exchange Server CVE-2021-31207 Microsoft Exchange Server Security Feature Bypass Vulnerability Moderate
Microsoft Exchange Server CVE-2021-31198 Microsoft Exchange Server Remote Code Execution Vulnerability Important
Microsoft Graphics Component CVE-2021-31170 Windows Graphics Component Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2021-31188 Windows Graphics Component Elevation of Privilege Vulnerability Important
Microsoft Office CVE-2021-31176 Microsoft Office Remote Code Execution Vulnerability Important
Microsoft Office Excel CVE-2021-31175 Microsoft Office Remote Code Execution Vulnerability Important
Microsoft Office Excel CVE-2021-31177 Microsoft Office Remote Code Execution Vulnerability Important
Microsoft Office Excel CVE-2021-31179 Microsoft Office Remote Code Execution Vulnerability Important
Microsoft Office Excel CVE-2021-31178 Microsoft Office Information Disclosure Vulnerability Important
Microsoft Office Excel CVE-2021-31174 Microsoft Excel Information Disclosure Vulnerability Important
Microsoft Office SharePoint CVE-2021-28478 Microsoft SharePoint Spoofing Vulnerability Important
Microsoft Office SharePoint CVE-2021-31181 Microsoft SharePoint Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2021-26418 Microsoft SharePoint Spoofing Vulnerability Important
Microsoft Office SharePoint CVE-2021-28474 Microsoft SharePoint Server Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2021-31171 Microsoft SharePoint Information Disclosure Vulnerability Important
Microsoft Office SharePoint CVE-2021-31173 Microsoft SharePoint Server Information Disclosure Vulnerability Important
Microsoft Office SharePoint CVE-2021-31172 Microsoft SharePoint Spoofing Vulnerability Important
Microsoft Office Word CVE-2021-31180 Microsoft Office Graphics Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library CVE-2021-31192 Windows Media Foundation Core Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library CVE-2021-28465 Web Media Extensions Remote Code Execution Vulnerability Important
Microsoft Windows IrDA CVE-2021-31184 Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability Important
Open Source Software CVE-2021-31200 Common Utilities Remote Code Execution Vulnerability Important
Role: Hyper-V CVE-2021-28476 Hyper-V Remote Code Execution Vulnerability Critical
Skype for Business and Microsoft Lync CVE-2021-26422 Skype for Business and Lync Remote Code Execution Vulnerability Important
Skype for Business and Microsoft Lync CVE-2021-26421 Skype for Business and Lync Spoofing Vulnerability Important
Visual Studio CVE-2021-27068 Visual Studio Remote Code Execution Vulnerability Important
Visual Studio Code CVE-2021-31214 Visual Studio Code Remote Code Execution Vulnerability Important
Visual Studio Code CVE-2021-31211 Visual Studio Code Remote Code Execution Vulnerability Important
Visual Studio Code CVE-2021-31213 Visual Studio Code Remote Containers Extension Remote Code Execution Vulnerability Important
Windows Container Isolation FS Filter Driver CVE-2021-31190 Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability Important
Windows Container Manager Service CVE-2021-31168 Windows Container Manager Service Elevation of Privilege Vulnerability Important
Windows Container Manager Service CVE-2021-31169 Windows Container Manager Service Elevation of Privilege Vulnerability Important
Windows Container Manager Service CVE-2021-31208 Windows Container Manager Service Elevation of Privilege Vulnerability Important
Windows Container Manager Service CVE-2021-31165 Windows Container Manager Service Elevation of Privilege Vulnerability Important
Windows Container Manager Service CVE-2021-31167 Windows Container Manager Service Elevation of Privilege Vulnerability Important
Windows CSC Service CVE-2021-28479 Windows CSC Service Information Disclosure Vulnerability Important
Windows Desktop Bridge CVE-2021-31185 Windows Desktop Bridge Denial of Service Vulnerability Important
Windows OLE CVE-2021-31194 OLE Automation Remote Code Execution Vulnerability Critical
Windows Projected File System FS Filter CVE-2021-31191 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability Important
Windows RDP Client CVE-2021-31186 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Important
Windows SMB CVE-2021-31205 Windows SMB Client Security Feature Bypass Vulnerability Important
Windows SSDP Service CVE-2021-31193 Windows SSDP Service Elevation of Privilege Vulnerability Important
Windows WalletService CVE-2021-31187 Windows WalletService Elevation of Privilege Vulnerability Important
Windows Wireless Networking CVE-2020-24588 Windows Wireless Networking Spoofing Vulnerability Important
Windows Wireless Networking CVE-2020-24587 Windows Wireless Networking Information Disclosure Vulnerability Important
Windows Wireless Networking CVE-2020-26144 Windows Wireless Networking Spoofing Vulnerability Important
Read Entire Article