[SANS ISC] Microsoft May 2021 Patch Tuesday, (Tue, May 11th)

This month we got patches for 55 vulnerabilities. Of these, 4 are critical, 3 were previously disclosed and none is being exploited according to Microsoft.

One of the critical vulnerabilities which requires special attention this month is a remote code execution (RCE) on HTTP Protocol Stack (CVE-2021-31166). An unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets. This vulnerability requires no user authentication or interaction – thus, it is considered a wormable vulnerability. The vulnerability affects different versions of Windows 10, Windows Server 2004 and Windows Server 20H2 and has a CVSS score of 9.8.

A second critical vulnerabilities addressed this month is RCE affecing Hyper-V on virtually all supported Windows versions (CVE-2021-28476). Microsoft’s advisory states that the issue a guest VM to force the Hyper-V host’s kernel to read from an arbitrary, potentially invalid address. In most circumstances, this would result in a denial of service of the Hyper-V host due to reading an unmapped address, but it may also could lead to other types of compromise of the Hyper-V host’s security. The CVSS for this vulnerability is 9.9

The other two critical vulnerabilities are a RCE on OLE Automation (CVE-2021-31194) associated with a CVSS of 7.50 and a Scripting Engine Memory Corruption Vulnerability (CVE-2021-26419) affecting Internet Explorer 11 with a CVSS of 6.40. None of four critical vulnerabilities was previously disclosed. 

See my dashboard for a more detailed breakout: (https://patchtuesdaydashboard.com).

 

Description

CVE
Disclosed
Exploited
Exploitability (old versions)
current version
Severity
CVSS Base (AVG)
CVSS Temporal (AVG)

.NET and Visual Studio Elevation of Privilege Vulnerability

%%cve:2021-31204%%
Yes
No
Less Likely
Less Likely
Important
7.3
6.4

Common Utilities Remote Code Execution Vulnerability

%%cve:2021-31200%%
Yes
No
Less Likely
Less Likely
Important
7.2
6.7

Dynamics Finance and Operations Cross-site Scripting Vulnerability

%%cve:2021-28461%%
No
No
Less Likely
Less Likely
Important
6.1
5.5

HTTP Protocol Stack Remote Code Execution Vulnerability

%%cve:2021-31166%%
No
No
More Likely
More Likely
Critical
9.8
8.5

Hyper-V Remote Code Execution Vulnerability

%%cve:2021-28476%%
No
No
Less Likely
Less Likely
Critical
9.9
8.6

Microsoft Accessibility Insights for Web Information Disclosure Vulnerability

%%cve:2021-31936%%
No
No
Less Likely
Less Likely
Important
7.4
6.7

Microsoft Bluetooth Driver Spoofing Vulnerability

%%cve:2021-31182%%
No
No
Less Likely
Less Likely
Important
7.1
6.2

Microsoft Excel Information Disclosure Vulnerability

%%cve:2021-31174%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

Microsoft Exchange Server Remote Code Execution Vulnerability

%%cve:2021-31195%%
No
No
Less Likely
Less Likely
Important
6.5
5.7

%%cve:2021-31198%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Microsoft Exchange Server Security Feature Bypass Vulnerability

%%cve:2021-31207%%
Yes
No
Less Likely
Less Likely
Moderate
6.6
5.8

Microsoft Exchange Server Spoofing Vulnerability

%%cve:2021-31209%%
No
No
Less Likely
Less Likely
Important
6.5
5.7

Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability

%%cve:2021-28455%%
No
No
Less Likely
Less Likely
Important
8.8
7.7

Microsoft Office Graphics Remote Code Execution Vulnerability

%%cve:2021-31180%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Microsoft Office Information Disclosure Vulnerability

%%cve:2021-31178%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

Microsoft Office Remote Code Execution Vulnerability

%%cve:2021-31175%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-31176%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-31177%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-31179%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Microsoft SharePoint Information Disclosure Vulnerability

%%cve:2021-31171%%
No
No
Less Likely
Less Likely
Important
4.1
3.6

Microsoft SharePoint Remote Code Execution Vulnerability

%%cve:2021-31181%%
No
No
More Likely
More Likely
Important
8.8
7.7

Microsoft SharePoint Server Information Disclosure Vulnerability

%%cve:2021-31173%%
No
No
Less Likely
Less Likely
Important
5.3
4.8

Microsoft SharePoint Server Remote Code Execution Vulnerability

%%cve:2021-28474%%
No
No
More Likely
More Likely
Important
8.8
7.7

Microsoft SharePoint Spoofing Vulnerability

%%cve:2021-31172%%
No
No
Less Likely
Less Likely
Important
7.1
6.2

%%cve:2021-28478%%
No
No
Less Likely
Less Likely
Important
7.6
6.6

%%cve:2021-26418%%
No
No
Less Likely
Less Likely
Important
4.6
4.0

Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability

%%cve:2021-31184%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

OLE Automation Remote Code Execution Vulnerability

%%cve:2021-31194%%
No
No
Less Likely
Less Likely
Critical
8.8
7.7

Scripting Engine Memory Corruption Vulnerability

%%cve:2021-26419%%
No
No
More Likely
More Likely
Critical
6.4
5.8

Skype for Business and Lync Remote Code Execution Vulnerability

%%cve:2021-26422%%
No
No
Less Likely
Less Likely
Important
7.2
6.3

Skype for Business and Lync Spoofing Vulnerability

%%cve:2021-26421%%
No
No
Less Likely
Less Likely
Important
6.5
5.7

Visual Studio Code Remote Code Execution Vulnerability

%%cve:2021-31211%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-31214%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Visual Studio Code Remote Containers Extension Remote Code Execution Vulnerability

%%cve:2021-31213%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Visual Studio Remote Code Execution Vulnerability

%%cve:2021-27068%%
No
No
Less Likely
Less Likely
Important
8.8
7.7

Web Media Extensions Remote Code Execution Vulnerability

%%cve:2021-28465%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows CSC Service Information Disclosure Vulnerability

%%cve:2021-28479%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability

%%cve:2021-31190%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows Container Manager Service Elevation of Privilege Vulnerability

%%cve:2021-31165%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-31167%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-31168%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-31169%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-31208%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows Desktop Bridge Denial of Service Vulnerability

%%cve:2021-31185%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

Windows Graphics Component Elevation of Privilege Vulnerability

%%cve:2021-31170%%
No
No
More Likely
More Likely
Important
7.8
6.8

%%cve:2021-31188%%
No
No
More Likely
More Likely
Important
7.8
6.8

Windows Media Foundation Core Remote Code Execution Vulnerability

%%cve:2021-31192%%
No
No
Less Likely
Less Likely
Important
7.3
6.4

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability

%%cve:2021-31191%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

%%cve:2021-31186%%
No
No
Less Likely
Less Likely
Important
7.4
6.4

Windows SMB Client Security Feature Bypass Vulnerability

%%cve:2021-31205%%
No
No
Less Likely
Less Likely
Important
4.3
3.8

Windows SSDP Service Elevation of Privilege Vulnerability

%%cve:2021-31193%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows WalletService Elevation of Privilege Vulnerability

%%cve:2021-31187%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows Wireless Networking Information Disclosure Vulnerability

%%cve:2020-24587%%
No
No
Less Likely
Less Likely
Important
6.5
5.7

Windows Wireless Networking Spoofing Vulnerability

%%cve:2020-24588%%
No
No
Less Likely
Less Likely
Important
6.5
5.7

%%cve:2020-26144%%
No
No
Less Likely
Less Likely
Important
6.5
5.7


Renato Marinho
Morphus Labs| LinkedIn|Twitter

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Source: Read More (SANS Internet Storm Center, InfoCON: green)

You might be interested in …

[HackerNews] A New Critical SolarWinds Zero-Day Vulnerability Under Active Attack

All posts, HackerNews

SolarWinds, the Texas-based company that became the epicenter of a massive supply chain attack late last year, has issued patches to contain a remote code execution flaw in its Serv-U managed file transfer service. The fixes, which target Serv-U Managed File Transfer and Serv-U Secure FTP products, arrive after Microsoft notified the IT management and remote monitoring […]

Read More

[BleepingComputer] Mozilla starts rolling out Site Isolation to all Firefox channels

Mozilla has started rolling out the Site Isolation security feature to all Firefox channels, now also protecting users in the Beta and Release channels from attacks launched via malicious websites. […] Source: Read More (BleepingComputer)

Read More

[ZDNet] Businesses are getting better at security. But they’re still forgetting one big risk

All posts, ZDNet

The rise of software supply chain attacks are giving rise to the need for engineering chiefs responsible for tech products. Source: Read More (Latest topics for ZDNet in Security)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.