Microsoft Patch Tuesday – May 2021
Microsoft patched 55 CVEs in their May 2021 Patch Tuesday release, of which 4 are rated as critical severity. Three 0-day vulnerability patches were included in the release. As of this publication date, none have been exploited.
Qualys released 12 QIDs on the same day, providing vulnerability detection and patch management coverage (where applicable) for all 55 CVEs and the related KBs.
Critical Microsoft vulnerabilities patched:
CVE-2021-31181 – SharePoint Remote Code Execution Vulnerability
Microsoft released patches addressing a critical RCE vulnerability in SharePoint (CVE-2021-31181). This CVE has a high likelihood of exploitability and is assigned a CVSSv3 base score of 8.8 by the vendor.
CVE-2021-31166 – HTTP Protocol Stack Remote Code Execution Vulnerability
Microsoft released patches addressing a critical RCE vulnerability in Windows. This vulnerability allows an unauthenticated attacker to remotely execute code as kernel. This is a wormable vulnerability where an attacker can simply send a malicious crafted packet to the target impacted web-server. CVE has a high likelihood of exploitability and is assigned a CVSSv3 base score of 9.8 by the vendor.
CVE-2021-28476 – Hyper-V Remote Code Execution Vulnerability
Microsoft released patches addressing a critical RCE in Windows Server that impacts Hyper-V. Though the exploitation of this vulnerability is less likely (according to Microsoft), this should be prioritized for patching since adversaries can abuse this vulnerability and cause Denial of Service (DoS) in the form of a bug check. This CVE is assigned a CVSSv3 base score of 9.9 by the vendor.
Three 0-day vulnerabilities patched:
- CVE-2021-31204 – .NET and Visual Studio Elevation of Privilege Vulnerability
- CVE-2021-31207 – Microsoft Exchange Server Security Feature Bypass Vulnerability
- CVE-2021-31200 – Common Utilities Remote Code Execution Vulnerability
Qualys QIDs Providing Coverage
|100415||Microsoft Internet Explorer Security Update for May 2021||Medium||CVE-2021-26419|
|91762||Microsoft SharePoint Enterprise Server Multiple Vulnerabilities May 2021||High||CVE-2021-31181 |
|110381||Microsoft Office and Microsoft Office Services and Web Apps Security Update May 2021||High||CVE-2021-31180|
|110382||Microsoft Skype for Business Server Security and Lync Server Update for May 2021||High||CVE-2021-26421 |
|375556||Visual Studio Code Remote Code Execution Vulnerability||High||CVE-2021-31214 |
|375557||Visual Studio Code Remote Development for Containers Extension Remote Code Execution Vulnerability||Medium||CVE-2021-31213|
|50111||Microsoft Exchange Server Multiple Vulnerabilities – May 2021||High||CVE-2021-31209|
|91762||Microsoft Windows Security Update for May 2021||Critical||CVE-2021-31192|
|91763||Microsoft Visual Studio Security Update for May 2021||High||CVE-2021-27068 |
|91764||Microsoft Windows Web Media Extensions Remote Code Execution Vulnerability||High||CVE-2021-28465|
|91766||Microsoft .NET Core Security Update May 2021||Medium||CVE-2021-31204|
|91767||Microsoft Windows HTTP Protocol Stack Remote Code Execution Vulnerability – May 2021||Critical||CVE-2021-31166|
Adobe Patch Tuesday – May 2021
Adobe addressed 46 CVEs this Patch Tuesday, of which 26 are rated as critical severity, including one critical 0-day (CVE-2021-28550) impacting Adobe Acrobat and Reader product.
Adobe products patches include the following: Experience Manager, InDesign, Illustrator, InCopy, Genuine Service, Acrobat and Reader, Magento, Creative Cloud Desktop Application, Media Encoder, After Effects, Medium, and Animate products.
Qualys released 5 QIDs on the same day, providing vulnerability detection for 30 of the 46 CVEs, including 8 rated as critical.
One 0-day vulnerability patched:
This is a Remote Code Execution vulnerability impacting Adobe Acrobat and Reader and is being actively exploited in the wild on Windows devices. Adversaries are able to execute arbitrary code in windows, including installing malicious applications and gaining complete access to target machines.
|Adobe Security Bulletin||QID||Severity||CVE ID|
|APSB21-22 Security updates available for Adobe InDesign||375549||Critical|
|APSB21-24 Security update available for Adobe Illustrator||375551||Critical|
|APSB21-29 Security update available for Adobe Acrobat and Reader||375547||Important|
|APSB21-32 Security update available for Adobe Media Encoder||375550||Important||CVE-2021-28569|
|APSB21-35 Security update available for Adobe Animate7||375553||Important|
Discover Patch Tuesday Vulnerabilities in VMDR
Qualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its Knowledge Base (KB).
You can see all your impacted hosts by these vulnerabilities using the following QQL query:
vulnerabilities.vulnerability:(qid:`50111` OR qid:`91762` OR qid:`91763` OR qid:`91764` OR qid:`91766` OR qid:`91767` OR qid:`100415` OR qid:`110380` OR qid:`110381` OR qid:`110382` OR qid:`375547` OR qid:`375549` OR qid:`375550` OR qid:`375551` OR qid:`375553` OR qid:`375556` OR qid:`375557`)
Respond by Patching
VMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the “Missing” patches to identify and deploy the applicable, available patches in one go.
The following QQL will return the missing patches pertaining to this Patch Tuesday.
qid:`50111` OR qid:`91762` OR qid:`91763` OR qid:`91764` OR qid:`91766` OR qid:`91767` OR qid:`100415` OR qid:`110380` OR qid:`110381` OR qid:`110382` OR qid:`375547` OR qid:`375549` OR qid:`375550` OR qid:`375551` OR qid:`375553` OR qid:`375556` OR qid:`375557`
Patch Tuesday Dashboard
The current updated Patch Tuesday dashboards are available in Dashboard Toolbox: 2021 Patch Tuesday Dashboard.
Webinar Series: This Month in Patches
To help customers leverage the seamless integration between Qualys VMDR and Patch Management and reduce the median time to remediate critical vulnerabilities, the Qualys Research team is hosting a monthly webinar series This Month in Patches.
We discuss some of the key vulnerabilities disclosed in the past month and how to patch them:
- 21Nails Exim Mail Server Multiple Vulnerabilities
- Pulse Connect Secure Remote Code Execution Vulnerability (CVE-2021-22893)
- Microsoft Patch Tuesday, May 2021