Security News > 2021 > May > Microsoft Patch Tuesday: 55 Vulnerabilities, 4 Critical, 3 Publicly Known
Microsoft's monthly security patch release for May 2021 includes cover for 55 documented vulnerabilities, some serious enough to expose Windows users to remote code execution attacks.
Microsoft on Tuesday shipped another massive Patch Tuesday bundle with cover for at least 55 documented security vulnerabilities affecting products in the Windows ecosystem.
The most serious of the 55 vulnerabilities could be exploited to remotely compromise unpatched systems, Microsoft warned, noting that at least three of the vulnerabilities are already in the public domain.
According to TippingPoint ZDI, Windows administrators should also prioritize CVE-2021-31204, CVE-2021-31200, and CVE-2021-31207 because these issues were publicly known ahead of the release of Microsoft's patches.
Microsoft software products affected by this month's batch of patches include the Windows OS,.NET Core and Visual Studio, the Internet Explorer browser, Microsoft Office, SharePoint Server, Open-Source Software, Hyper-V, Skype for Business and Microsoft Lync, and Exchange Server.
Adobe's confirmation of the zero-day attack was buried in a security bulletin that documents at least 11 security vulnerabilities affecting Adobe Acrobat and Reader on both Windows and MacOS platforms.
News URL
Related news
- What Is Patch Tuesday? Microsoft’s Monthly Update Explained (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Netgear warns users to patch critical WiFi router vulnerabilities (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- February's Patch Tuesday sees Microsoft offer just 63 fixes (source)
- Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance (source)
- Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast (source)
- Rsync vulnerabilities allow remote code execution on servers, patch quickly! (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-11 | CVE-2021-31207 | Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Security Feature Bypass Vulnerability | 0.0 |
| 2021-05-11 | CVE-2021-31204 | .NET and Visual Studio Elevation of Privilege Vulnerability | 0.0 |
| 2021-05-11 | CVE-2021-31200 | Unspecified vulnerability in Microsoft Neural Network Intelligence Common Utilities Remote Code Execution Vulnerability | 0.0 |