Patch Tuesday Update

Patch Tuesday Update

Patch Tuesday Update

May 2021

Another Patch Tuesday has come and gone. IT administrators everywhere will be glad to hear that this one is a bit lighter than usual. Microsoft have released patches for 55 CVEs in this instalment. That’s half the usual amount. However, 4 of the CVEs have been assigned critical status and there is a new Exchange vulnerability to keep us on our toes! Let’s get stuck in.

Exchange Server Security Feature Bypass – CVE-2021-31207

Microsoft have stated that this vulnerability was detected in the recent Pwn2Own contest. It has not yet been exploited in the wild and Microsoft have deemed “Exploitation Less Likely”. However, our partners at Ivanti believe “this update should be considered a higher risk than the Moderate rating it received from Microsoft. This would be down to their belief that the details of how the vulnerability can be exploited will soon be published. Hackers will then seek to use this information as an attack vector.

HTTP Protocol Stack Remote Code Execution Vulnerability – CVE-2021-31166

This vulnerability has been assigned a CVSS score of 9.8 and Microsoft have labelled it as “Exploitation More Likely”.  If exploited, we could see wide spread attacks against Windows 10 and Windows Server Operating Systems. This potentially wormable vulnerability should be a high priority for remediation.

On the third-party front, Adobe have released updates to resolve 42 CVEs. One of which is Acrobat and Reader (APSB21-29) and it is actively being exploited (CVE-2021-28550). To round off the month, Windows 10 1803, Windows 10 1809 and Windows Server 1909 have received their final update. Steps should be taken to upgrade any End Of Life systems to a supported version of Windows.

– Patrick Collins

Vulnerability Management

Leave a Reply

Your email address will not be published. Required fields are marked *