May Patch Tuesday 2021 Fixes 55 Vulnerabilities
Patch Tuesday Addresses 55 New Flaws, Including Public Aware Threats
There are 2 Critical, 50 Important and 1 Moderate fixes this month for Microsoft Windows, .NET Core and Visual Studio, Internet Explorer (IE), Microsoft Office, SharePoint Server, Open-Source Software, Hyper-V, Skype for Business and Microsoft Lync, and Exchange Server.
Year 2 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month, a shadow of what was released last month.
- Windows 7 – 1 Critical and 10 Important vulnerabilities fixed
- Windows 2008 R2 – 1 Critical and 9 Important vulnerabilities fixed
Robert Brown, Head of Customer Success for Syxsense said, “May sees almost half the updates fixed over April. This is great news as deployment payload could be as low as 1GB per device (or less). Adobe released just 10 fixes less than Microsoft this month, so this is the month to ensure you are prioritizing both Microsoft and Adobe to protect your devices. This month also sees the last supported patches for Feature Update 1809.”
Top May 2021 Patches and Vulnerabilities
Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible.
1. CVE-2021-31166: HTTP Protocol Stack Remote Code Execution Vulnerability
The vulnerability exists due to improper input validation in HTTP Protocol Stack. A remote attacker can execute arbitrary code on the target system. Microsoft recommends prioritizing this patch because it could become wormable.
Syxscore
- Vendor Severity: Critical
- CVSS: 9.8
- Weaponised: No
- Public Aware: No
- Countermeasure: No
Syxscore Risk Alert
- Attack Vector: Network
- Attack Complexity: Low
- Privileges: None
- User Interaction: None
- Scope (Jump Point): No
2. CVE-2021-28476: Hyper-V Remote Code Execution Vulnerability
The vulnerability exists due to improper input validation in the Hyper-V on most Microsoft operating systems. A remote authenticated attacker can execute arbitrary code on the target system. This is particularly dangerous as an exploit may compromise the entire system, and with a Scope (Jump Point) of yes, it is possible to jump from Hyper-V to another technology on the system.
Syxscore
- Vendor Severity: Critical
- CVSS: 9.9
- Weaponized: No
- Public Aware: No
- Countermeasure: No
Syxscore Risk Alert
- Attack Vector: Network
- Attack Complexity: Low
- Privileges: Low
- User Interaction: None
- Scope (Jump Point): Yes
3. CVE-2021-31204: .NET Core and Visual Studio Elevation of Privilege Vulnerability
With many staff around the world still working from home, it is likely they have a Visual Studio system on their home system. The vulnerability exists due to application does not properly impose security restrictions in .NET and Visual Studio, which leads to security restrictions bypass and privilege escalation.
Although this vulnerability requires local access and user interaction, a user can become a victim if they access a specially designed website which tricks the end user into clicking the link.
Syxscore
- Vendor Severity: Important
- CVSS: 7.3
- Weaponized: No
- Public Aware: Yes
- Countermeasure: No
Syxscore Risk Alert
- Attack Vector: Local
- Attack Complexity: Low
- Privileges: Low
- User Interaction: Required
- Scope (Jump Point): No
Syxsense Recommendations
Based on the vendor severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are publicly aware or weaponized.
| Reference | Description | Vendor Severity | CVSS Score | Publicly Aware | Weaponised | Countermeasure | Syxsense Recommended |
| CVE-2021-31204 | .NET Core and Visual Studio Elevation of Privilege Vulnerability | Important | 7.3 | Yes | No | No | Yes |
| CVE-2021-31200 | Common Utilities Remote Code Execution Vulnerability | Important | 7.2 | Yes | No | No | Yes |
| CVE-2021-31207 | Microsoft Exchange Server Security Feature Bypass Vulnerability | Moderate | 6.6 | Yes | No | No | Yes |
| CVE-2021-28476 | Hyper-V Remote Code Execution Vulnerability | Critical | 9.9 | No | No | No | Yes |
| CVE-2021-31166 | HTTP Protocol Stack Remote Code Execution Vulnerability | Critical | 9.8 | No | No | No | Yes |
| CVE-2021-31194 | OLE Automation Remote Code Execution Vulnerability | Critical | 7.8 | No | No | No | Yes |
| CVE-2021-26419 | Scripting Engine Memory Corruption Vulnerability | Critical | 6.4 | No | No | No | Yes |
| CVE-2021-28455 | Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2021-31181 | Microsoft SharePoint Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2021-28474 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2021-27068 | Visual Studio Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2021-31198 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-31180 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-31175 | Microsoft Office Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-31176 | Microsoft Office Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-31177 | Microsoft Office Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-31179 | Microsoft Office Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-31214 | Visual Studio Code Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-31211 | Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-31213 | Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-28465 | Web Media Extensions Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-31190 | Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-31165 | Windows Container Manager Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-31167 | Windows Container Manager Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-31168 | Windows Container Manager Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-31169 | Windows Container Manager Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-31208 | Windows Container Manager Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-31170 | Windows Graphics Component Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-31188 | Windows Graphics Component Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-31192 | Windows Media Foundation Core Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-31193 | Windows SSDP Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-31187 | Windows WalletService Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-28478 | Microsoft SharePoint Spoofing Vulnerability | Important | 7.6 | No | No | No | |
| CVE-2021-31936 | Microsoft Accessibility Insights for Web Information Disclosure Vulnerability | Important | 7.4 | No | No | No | |
| CVE-2021-31186 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | Important | 7.4 | No | No | No | |
| CVE-2021-26422 | Skype for Business and Lync Remote Code Execution Vulnerability | Important | 7.2 | No | No | No | |
| CVE-2021-31182 | Microsoft Bluetooth Driver Spoofing Vulnerability | Important | 7.1 | No | No | No | |
| CVE-2021-31172 | Microsoft SharePoint Spoofing Vulnerability | Important | 7.1 | No | No | No | |
| CVE-2021-31195 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2021-31209 | Microsoft Exchange Server Spoofing Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2021-26421 | Skype for Business and Lync Spoofing Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2020-24587 | Windows Wireless Networking Information Disclosure Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2020-24588 | Windows Wireless Networking Spoofing Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2020-26144 | Windows Wireless Networking Spoofing Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2021-28461 | Dynamics Finance and Operations Cross-site Scripting Vulnerability | Important | 6.1 | No | No | No | |
| CVE-2021-31174 | Microsoft Excel Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-31178 | Microsoft Office Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-31184 | Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-28479 | Windows CSC Service Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-31185 | Windows Desktop Bridge Denial of Service Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-31191 | Windows Projected File System FS Filter Driver Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-31173 | Microsoft SharePoint Server Information Disclosure Vulnerability | Important | 5.3 | No | No | No | |
| CVE-2021-26418 | Microsoft SharePoint Spoofing Vulnerability | Important | 4.6 | No | No | No | |
| CVE-2021-31205 | Windows SMB Client Security Feature Bypass Vulnerability | Important | 4.3 | No | No | No | |
| CVE-2021-31171 | Microsoft SharePoint Information Disclosure Vulnerability | Important | 4.1 | No | No | No |
Experience the Power of Syxsense
Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.
