Microsoft has released its monthly update of security fixes in the Microsoft Patch Tuesday-May 2021 and this month’s update comes with a total of 55 security vulnerabilities existing across its numerous products and services.
Microsoft Patch Tuesday -May 2021 summary:
The security update includes patch Tuesday for Microsoft Windows, Internet Explorer (IE), Microsoft Exchange Server, Microsoft Office, .NET Core, and Visual Studio, SharePoint Server, Hyper-V, Open-Source Software, Skype for Business, and Microsoft Lync.
Among the 55 vulnerabilities that were addressed in the microsoft patch Tuesday, 50 were slated in the ‘important’ severity, 4 were slated in the ‘critical’ severity, while one was slated as ‘moderate’.
Earlier this month, Microsoft had delivered security fixes for three zero-day vulnerabilities, which were: the CVE-2021-31204 which was a privilege escalation bug, the CVE-2021-31200 being an RCE bug, and the CVE-2021-31207, which was a Microsoft Exchange bypass vulnerability discovered in Pwn2Own 2021.
Patch Tuesday Critical Vulnerabilities:
List of Critical Vulnerabilities addressed:
The critical severity slated security vulnerability that was addressed this month is tracked as CVE-2021-31166 and has a critical CVSS rating of 9.8.
It is an HTTP Protocol Stack RCE bug impacting Windows 10 and some versions of Windows Server could enable an unauthenticated attacker to remotely execute code as kernel.
Experts addressing these critical Microsoft vulnerabilities are of the opinion that this type of security flaw is a major target for ransomware perpetrators.
The second critical vulnerability, tracked as CVE-2021-31194, is persistent in the Microsoft Windows OLE Automation.
The third critical bug, CVE-2021-26419, is a scripting engine memory corruption bug affecting IE11.
CVE-2021-28476 is another critical bug that exists in Windows Hyper-V and could facilitate malicious entities with the ability to execute arbitrary code.
CVE-2021-31188 and CVE-2021-31170 are local privilege escalation bugs that exist in the Windows Graphics Component. Microsoft considers these two vulnerabilities more likely to be exploited by threat actors.
CVE-2021-28474 is a post-authentication flaw that could allow an authenticated attacker to run arbitrary code on remote SharePoint Servers.