Security News > 2021 > May > Microsoft Patch Tuesday: 55 Vulnerabilities, 4 Critical, 3 Publicly Known
Microsoft's monthly security patch release for May 2021 includes cover for 55 documented vulnerabilities, some serious enough to expose Windows users to remote code execution attacks.
Microsoft on Tuesday shipped another massive Patch Tuesday bundle with cover for at least 55 documented security vulnerabilities affecting products in the Windows ecosystem.
The most serious of the 55 vulnerabilities could be exploited to remotely compromise unpatched systems, Microsoft warned, noting that at least three of the vulnerabilities are already in the public domain.
According to TippingPoint ZDI, Windows administrators should also prioritize CVE-2021-31204, CVE-2021-31200, and CVE-2021-31207 because these issues were publicly known ahead of the release of Microsoft's patches.
Microsoft software products affected by this month's batch of patches include the Windows OS,.NET Core and Visual Studio, the Internet Explorer browser, Microsoft Office, SharePoint Server, Open-Source Software, Hyper-V, Skype for Business and Microsoft Lync, and Exchange Server.
Adobe's confirmation of the zero-day attack was buried in a security bulletin that documents at least 11 security vulnerabilities affecting Adobe Acrobat and Reader on both Windows and MacOS platforms.
News URL
Related news
- Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities (source)
- Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited (source)
- Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws (source)
- Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day (source)
- Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch Now (source)
- August 2024 Patch Tuesday forecast: Looking for a calm August release (source)
- Microsoft discloses Office zero-day, still working on a patch (source)
- Week in review: Tips for starting your cybersecurity career, Patch Tuesday forecast (source)
- Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Days (source)
- SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-05-11 | CVE-2021-31207 | Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Security Feature Bypass Vulnerability | 6.6 |
2021-05-11 | CVE-2021-31204 | .NET and Visual Studio Elevation of Privilege Vulnerability | 7.3 |
2021-05-11 | CVE-2021-31200 | Unspecified vulnerability in Microsoft Neural Network Intelligence Common Utilities Remote Code Execution Vulnerability | 7.2 |