Today is Microsoft's May 2021 Patch Tuesday, and with it comes three zero-day vulnerabilities, so Windows admins will be rushing to apply updates.
With today's update, Microsoft has fixed 55 vulnerabilities, with four classified as Critical, 50 as Important, and one as Moderate.
The three zero-day vulnerabilities patched today were publicly disclosed but not known to be used in attacks.
For information about the non-security Windows updates, you can read about today's Windows 10 KB5003169 & KB5003173 cumulative updates.
Three zero-day vulnerabilities fixed
As part of today's Patch Tuesday, Microsoft has fixed three publicly disclosed vulnerabilities.
The following four vulnerabilities Microsoft states were publicly exposed but not exploited:
- CVE-2021-31204 - .NET and Visual Studio Elevation of Privilege Vulnerability
- CVE-2021-31207 - Microsoft Exchange Server Security Feature Bypass Vulnerability
- CVE-2021-31200 - Common Utilities Remote Code Execution Vulnerability
The CVE-2021-31200 vulnerability is for Microsoft's NNI (Neural Network Intelligence) toolkit. This vulnerability was disclosed by Abhiram V of Resec System in a GitHub commit.
The CVE-2021-31207 Microsoft Exchange vulnerability was used by in the 2021 Pwn2Own hacking challenge. It is not clear if it is the vulnerability disclosed by Devcore or Team Viettel.
None of today's zero-days are known to be actively exploited in the wild.
It is expected that threat actors will analyze the patches to create exploits for the vulnerabilities, especially the one for Microsoft Exchange. Therefore it is vital to apply the security updates as soon as possible.
Recent updates from other companies
Other vendors who released updates in May include:
- Adobe released security updates for Adobe Creative Cloud Desktop, Framemaker, and Connect.
- Android's May security updates were released last week.
- Apple released security updates for iOS, macOS, iPadOS, watchOS, and Safari that fixed actively exploited Webkit vulnerabilities.
- Cisco released security updates for numerous products this month.
- SAP released its May 2021 security updates.
- VMware released security updates in May [1, 2].
The May 2021 Patch Tuesday Security Updates
Below is the full list of resolved vulnerabilities and released advisories in the May 2021 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET Core & Visual Studio | CVE-2021-31204 | .NET and Visual Studio Elevation of Privilege Vulnerability | Important |
| HTTP.sys | CVE-2021-31166 | HTTP Protocol Stack Remote Code Execution Vulnerability | Critical |
| Internet Explorer | CVE-2021-26419 | Scripting Engine Memory Corruption Vulnerability | Critical |
| Jet Red and Access Connectivity | CVE-2021-28455 | Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability | Important |
| Microsoft Accessibility Insights for Web | CVE-2021-31936 | Microsoft Accessibility Insights for Web Information Disclosure Vulnerability | Important |
| Microsoft Bluetooth Driver | CVE-2021-31182 | Microsoft Bluetooth Driver Spoofing Vulnerability | Important |
| Microsoft Dynamics Finance & Operations | CVE-2021-28461 | Dynamics Finance and Operations Cross-site Scripting Vulnerability | Important |
| Microsoft Exchange Server | CVE-2021-31195 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
| Microsoft Exchange Server | CVE-2021-31209 | Microsoft Exchange Server Spoofing Vulnerability | Important |
| Microsoft Exchange Server | CVE-2021-31207 | Microsoft Exchange Server Security Feature Bypass Vulnerability | Moderate |
| Microsoft Exchange Server | CVE-2021-31198 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2021-31170 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2021-31188 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Office | CVE-2021-31176 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2021-31175 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2021-31177 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2021-31179 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2021-31178 | Microsoft Office Information Disclosure Vulnerability | Important |
| Microsoft Office Excel | CVE-2021-31174 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2021-28478 | Microsoft SharePoint Spoofing Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2021-31181 | Microsoft SharePoint Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2021-26418 | Microsoft SharePoint Spoofing Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2021-28474 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2021-31171 | Microsoft SharePoint Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2021-31173 | Microsoft SharePoint Server Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2021-31172 | Microsoft SharePoint Spoofing Vulnerability | Important |
| Microsoft Office Word | CVE-2021-31180 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2021-31192 | Windows Media Foundation Core Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2021-28465 | Web Media Extensions Remote Code Execution Vulnerability | Important |
| Microsoft Windows IrDA | CVE-2021-31184 | Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability | Important |
| Open Source Software | CVE-2021-31200 | Common Utilities Remote Code Execution Vulnerability | Important |
| Role: Hyper-V | CVE-2021-28476 | Hyper-V Remote Code Execution Vulnerability | Critical |
| Skype for Business and Microsoft Lync | CVE-2021-26422 | Skype for Business and Lync Remote Code Execution Vulnerability | Important |
| Skype for Business and Microsoft Lync | CVE-2021-26421 | Skype for Business and Lync Spoofing Vulnerability | Important |
| Visual Studio | CVE-2021-27068 | Visual Studio Remote Code Execution Vulnerability | Important |
| Visual Studio Code | CVE-2021-31214 | Visual Studio Code Remote Code Execution Vulnerability | Important |
| Visual Studio Code | CVE-2021-31211 | Visual Studio Code Remote Code Execution Vulnerability | Important |
| Visual Studio Code | CVE-2021-31213 | Visual Studio Code Remote Containers Extension Remote Code Execution Vulnerability | Important |
| Windows Container Isolation FS Filter Driver | CVE-2021-31190 | Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | Important |
| Windows Container Manager Service | CVE-2021-31168 | Windows Container Manager Service Elevation of Privilege Vulnerability | Important |
| Windows Container Manager Service | CVE-2021-31169 | Windows Container Manager Service Elevation of Privilege Vulnerability | Important |
| Windows Container Manager Service | CVE-2021-31208 | Windows Container Manager Service Elevation of Privilege Vulnerability | Important |
| Windows Container Manager Service | CVE-2021-31165 | Windows Container Manager Service Elevation of Privilege Vulnerability | Important |
| Windows Container Manager Service | CVE-2021-31167 | Windows Container Manager Service Elevation of Privilege Vulnerability | Important |
| Windows CSC Service | CVE-2021-28479 | Windows CSC Service Information Disclosure Vulnerability | Important |
| Windows Desktop Bridge | CVE-2021-31185 | Windows Desktop Bridge Denial of Service Vulnerability | Important |
| Windows OLE | CVE-2021-31194 | OLE Automation Remote Code Execution Vulnerability | Critical |
| Windows Projected File System FS Filter | CVE-2021-31191 | Windows Projected File System FS Filter Driver Information Disclosure Vulnerability | Important |
| Windows RDP Client | CVE-2021-31186 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | Important |
| Windows SMB | CVE-2021-31205 | Windows SMB Client Security Feature Bypass Vulnerability | Important |
| Windows SSDP Service | CVE-2021-31193 | Windows SSDP Service Elevation of Privilege Vulnerability | Important |
| Windows WalletService | CVE-2021-31187 | Windows WalletService Elevation of Privilege Vulnerability | Important |
| Windows Wireless Networking | CVE-2020-24588 | Windows Wireless Networking Spoofing Vulnerability | Important |
| Windows Wireless Networking | CVE-2020-24587 | Windows Wireless Networking Information Disclosure Vulnerability | Important |
| Windows Wireless Networking | CVE-2020-26144 | Windows Wireless Networking Spoofing Vulnerability | Important |
Comments
dhey - 2 years ago
I think your second citation for VMWare was supposed to point to VMSA-2021-0008 and not to SAP.
Thanks for another awesome article!
Lawrence Abrams - 2 years ago
It was and fixed. Thanks for pointing out.
dparmentier - 2 years ago
Microsoft forgot to validate the updates in WSUS?
Patch may not available in wsus,
update in manual via windows up => ok
dparmentier - 2 years ago
FYI : Update available this morning in wsus