Security News > 2021 > May > Microsoft Patch Tuesday: 55 Vulnerabilities, 4 Critical, 3 Publicly Known

Microsoft's monthly security patch release for May 2021 includes cover for 55 documented vulnerabilities, some serious enough to expose Windows users to remote code execution attacks.
Microsoft on Tuesday shipped another massive Patch Tuesday bundle with cover for at least 55 documented security vulnerabilities affecting products in the Windows ecosystem.
The most serious of the 55 vulnerabilities could be exploited to remotely compromise unpatched systems, Microsoft warned, noting that at least three of the vulnerabilities are already in the public domain.
According to TippingPoint ZDI, Windows administrators should also prioritize CVE-2021-31204, CVE-2021-31200, and CVE-2021-31207 because these issues were publicly known ahead of the release of Microsoft's patches.
Microsoft software products affected by this month's batch of patches include the Windows OS,.NET Core and Visual Studio, the Internet Explorer browser, Microsoft Office, SharePoint Server, Open-Source Software, Hyper-V, Skype for Business and Microsoft Lync, and Exchange Server.
Adobe's confirmation of the zero-day attack was buried in a security bulletin that documents at least 11 security vulnerabilities affecting Adobe Acrobat and Reader on both Windows and MacOS platforms.
News URL
Related news
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- February's Patch Tuesday sees Microsoft offer just 63 fixes (source)
- Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- February 2025 Patch Tuesday forecast: New directions for AI development (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-05-11 | CVE-2021-31207 | Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Security Feature Bypass Vulnerability | 0.0 |
2021-05-11 | CVE-2021-31204 | .NET and Visual Studio Elevation of Privilege Vulnerability | 0.0 |
2021-05-11 | CVE-2021-31200 | Unspecified vulnerability in Microsoft Neural Network Intelligence Common Utilities Remote Code Execution Vulnerability | 0.0 |