Security News > 2021 > May > Microsoft Patch Tuesday: 55 Vulnerabilities, 4 Critical, 3 Publicly Known
Microsoft's monthly security patch release for May 2021 includes cover for 55 documented vulnerabilities, some serious enough to expose Windows users to remote code execution attacks.
Microsoft on Tuesday shipped another massive Patch Tuesday bundle with cover for at least 55 documented security vulnerabilities affecting products in the Windows ecosystem.
The most serious of the 55 vulnerabilities could be exploited to remotely compromise unpatched systems, Microsoft warned, noting that at least three of the vulnerabilities are already in the public domain.
According to TippingPoint ZDI, Windows administrators should also prioritize CVE-2021-31204, CVE-2021-31200, and CVE-2021-31207 because these issues were publicly known ahead of the release of Microsoft's patches.
Microsoft software products affected by this month's batch of patches include the Windows OS,.NET Core and Visual Studio, the Internet Explorer browser, Microsoft Office, SharePoint Server, Open-Source Software, Hyper-V, Skype for Business and Microsoft Lync, and Exchange Server.
Adobe's confirmation of the zero-day attack was buried in a security bulletin that documents at least 11 security vulnerabilities affecting Adobe Acrobat and Reader on both Windows and MacOS platforms.
News URL
Related news
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft cleans up hot mess of Patch Tuesday preview (source)
- Patch Tuesday: Internet Explorer Vulnerabilities Still Pose a Problem (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft slips Task Manager and processor count fixes into Patch Tuesday (source)
- October 2024 Patch Tuesday forecast: Recall can be recalled (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-11 | CVE-2021-31207 | Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Security Feature Bypass Vulnerability | 6.6 |
| 2021-05-11 | CVE-2021-31204 | .NET and Visual Studio Elevation of Privilege Vulnerability | 7.3 |
| 2021-05-11 | CVE-2021-31200 | Unspecified vulnerability in Microsoft Neural Network Intelligence Common Utilities Remote Code Execution Vulnerability | 7.2 |