Security News > 2021 > May > Microsoft Patch Tuesday: 55 Vulnerabilities, 4 Critical, 3 Publicly Known
Microsoft's monthly security patch release for May 2021 includes cover for 55 documented vulnerabilities, some serious enough to expose Windows users to remote code execution attacks.
Microsoft on Tuesday shipped another massive Patch Tuesday bundle with cover for at least 55 documented security vulnerabilities affecting products in the Windows ecosystem.
The most serious of the 55 vulnerabilities could be exploited to remotely compromise unpatched systems, Microsoft warned, noting that at least three of the vulnerabilities are already in the public domain.
According to TippingPoint ZDI, Windows administrators should also prioritize CVE-2021-31204, CVE-2021-31200, and CVE-2021-31207 because these issues were publicly known ahead of the release of Microsoft's patches.
Microsoft software products affected by this month's batch of patches include the Windows OS,.NET Core and Visual Studio, the Internet Explorer browser, Microsoft Office, SharePoint Server, Open-Source Software, Hyper-V, Skype for Business and Microsoft Lync, and Exchange Server.
Adobe's confirmation of the zero-day attack was buried in a security bulletin that documents at least 11 security vulnerabilities affecting Adobe Acrobat and Reader on both Windows and MacOS platforms.
News URL
Related news
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws (source)
- Patch Tuesday: Microsoft fixes 5 actively exploited zero-days (source)
- Microsoft's May Patch Tuesday update fails on some Windows 11 VMs (source)
- Week in review: Probing activity on Palo Alto Networks GlobalProtect portals, Patch Tuesday forecast (source)
- Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities (source)
- Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw (source)
- Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered (source)
- April's Patch Tuesday leaves unlucky Windows Hello users unable to login (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-11 | CVE-2021-31207 | Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Security Feature Bypass Vulnerability | 0.0 |
| 2021-05-11 | CVE-2021-31204 | .NET and Visual Studio Elevation of Privilege Vulnerability | 0.0 |
| 2021-05-11 | CVE-2021-31200 | Unspecified vulnerability in Microsoft Neural Network Intelligence Common Utilities Remote Code Execution Vulnerability | 0.0 |