[SANS ISC] Microsoft May 2021 Patch Tuesday, (Tue, May 11th)

This month we got patches for 55 vulnerabilities. Of these, 4 are critical, 3 were previously disclosed and none is being exploited according to Microsoft.

One of the critical vulnerabilities which requires special attention this month is a remote code execution (RCE) on HTTP Protocol Stack (CVE-2021-31166). An unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets. This vulnerability requires no user authentication or interaction – thus, it is considered a wormable vulnerability. The vulnerability affects different versions of Windows 10, Windows Server 2004 and Windows Server 20H2 and has a CVSS score of 9.8.

A second critical vulnerabilities addressed this month is RCE affecing Hyper-V on virtually all supported Windows versions (CVE-2021-28476). Microsoft’s advisory states that the issue a guest VM to force the Hyper-V host’s kernel to read from an arbitrary, potentially invalid address. In most circumstances, this would result in a denial of service of the Hyper-V host due to reading an unmapped address, but it may also could lead to other types of compromise of the Hyper-V host’s security. The CVSS for this vulnerability is 9.9

The other two critical vulnerabilities are a RCE on OLE Automation (CVE-2021-31194) associated with a CVSS of 7.50 and a Scripting Engine Memory Corruption Vulnerability (CVE-2021-26419) affecting Internet Explorer 11 with a CVSS of 6.40. None of four critical vulnerabilities was previously disclosed. 

See my dashboard for a more detailed breakout: (https://patchtuesdaydashboard.com).

 

Description

CVE
Disclosed
Exploited
Exploitability (old versions)
current version
Severity
CVSS Base (AVG)
CVSS Temporal (AVG)

.NET and Visual Studio Elevation of Privilege Vulnerability

%%cve:2021-31204%%
Yes
No
Less Likely
Less Likely
Important
7.3
6.4

Common Utilities Remote Code Execution Vulnerability

%%cve:2021-31200%%
Yes
No
Less Likely
Less Likely
Important
7.2
6.7

Dynamics Finance and Operations Cross-site Scripting Vulnerability

%%cve:2021-28461%%
No
No
Less Likely
Less Likely
Important
6.1
5.5

HTTP Protocol Stack Remote Code Execution Vulnerability

%%cve:2021-31166%%
No
No
More Likely
More Likely
Critical
9.8
8.5

Hyper-V Remote Code Execution Vulnerability

%%cve:2021-28476%%
No
No
Less Likely
Less Likely
Critical
9.9
8.6

Microsoft Accessibility Insights for Web Information Disclosure Vulnerability

%%cve:2021-31936%%
No
No
Less Likely
Less Likely
Important
7.4
6.7

Microsoft Bluetooth Driver Spoofing Vulnerability

%%cve:2021-31182%%
No
No
Less Likely
Less Likely
Important
7.1
6.2

Microsoft Excel Information Disclosure Vulnerability

%%cve:2021-31174%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

Microsoft Exchange Server Remote Code Execution Vulnerability

%%cve:2021-31195%%
No
No
Less Likely
Less Likely
Important
6.5
5.7

%%cve:2021-31198%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Microsoft Exchange Server Security Feature Bypass Vulnerability

%%cve:2021-31207%%
Yes
No
Less Likely
Less Likely
Moderate
6.6
5.8

Microsoft Exchange Server Spoofing Vulnerability

%%cve:2021-31209%%
No
No
Less Likely
Less Likely
Important
6.5
5.7

Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability

%%cve:2021-28455%%
No
No
Less Likely
Less Likely
Important
8.8
7.7

Microsoft Office Graphics Remote Code Execution Vulnerability

%%cve:2021-31180%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Microsoft Office Information Disclosure Vulnerability

%%cve:2021-31178%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

Microsoft Office Remote Code Execution Vulnerability

%%cve:2021-31175%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-31176%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-31177%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-31179%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Microsoft SharePoint Information Disclosure Vulnerability

%%cve:2021-31171%%
No
No
Less Likely
Less Likely
Important
4.1
3.6

Microsoft SharePoint Remote Code Execution Vulnerability

%%cve:2021-31181%%
No
No
More Likely
More Likely
Important
8.8
7.7

Microsoft SharePoint Server Information Disclosure Vulnerability

%%cve:2021-31173%%
No
No
Less Likely
Less Likely
Important
5.3
4.8

Microsoft SharePoint Server Remote Code Execution Vulnerability

%%cve:2021-28474%%
No
No
More Likely
More Likely
Important
8.8
7.7

Microsoft SharePoint Spoofing Vulnerability

%%cve:2021-31172%%
No
No
Less Likely
Less Likely
Important
7.1
6.2

%%cve:2021-28478%%
No
No
Less Likely
Less Likely
Important
7.6
6.6

%%cve:2021-26418%%
No
No
Less Likely
Less Likely
Important
4.6
4.0

Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability

%%cve:2021-31184%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

OLE Automation Remote Code Execution Vulnerability

%%cve:2021-31194%%
No
No
Less Likely
Less Likely
Critical
8.8
7.7

Scripting Engine Memory Corruption Vulnerability

%%cve:2021-26419%%
No
No
More Likely
More Likely
Critical
6.4
5.8

Skype for Business and Lync Remote Code Execution Vulnerability

%%cve:2021-26422%%
No
No
Less Likely
Less Likely
Important
7.2
6.3

Skype for Business and Lync Spoofing Vulnerability

%%cve:2021-26421%%
No
No
Less Likely
Less Likely
Important
6.5
5.7

Visual Studio Code Remote Code Execution Vulnerability

%%cve:2021-31211%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-31214%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Visual Studio Code Remote Containers Extension Remote Code Execution Vulnerability

%%cve:2021-31213%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Visual Studio Remote Code Execution Vulnerability

%%cve:2021-27068%%
No
No
Less Likely
Less Likely
Important
8.8
7.7

Web Media Extensions Remote Code Execution Vulnerability

%%cve:2021-28465%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows CSC Service Information Disclosure Vulnerability

%%cve:2021-28479%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability

%%cve:2021-31190%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows Container Manager Service Elevation of Privilege Vulnerability

%%cve:2021-31165%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-31167%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-31168%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-31169%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-31208%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows Desktop Bridge Denial of Service Vulnerability

%%cve:2021-31185%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

Windows Graphics Component Elevation of Privilege Vulnerability

%%cve:2021-31170%%
No
No
More Likely
More Likely
Important
7.8
6.8

%%cve:2021-31188%%
No
No
More Likely
More Likely
Important
7.8
6.8

Windows Media Foundation Core Remote Code Execution Vulnerability

%%cve:2021-31192%%
No
No
Less Likely
Less Likely
Important
7.3
6.4

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability

%%cve:2021-31191%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

%%cve:2021-31186%%
No
No
Less Likely
Less Likely
Important
7.4
6.4

Windows SMB Client Security Feature Bypass Vulnerability

%%cve:2021-31205%%
No
No
Less Likely
Less Likely
Important
4.3
3.8

Windows SSDP Service Elevation of Privilege Vulnerability

%%cve:2021-31193%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows WalletService Elevation of Privilege Vulnerability

%%cve:2021-31187%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows Wireless Networking Information Disclosure Vulnerability

%%cve:2020-24587%%
No
No
Less Likely
Less Likely
Important
6.5
5.7

Windows Wireless Networking Spoofing Vulnerability

%%cve:2020-24588%%
No
No
Less Likely
Less Likely
Important
6.5
5.7

%%cve:2020-26144%%
No
No
Less Likely
Less Likely
Important
6.5
5.7


Renato Marinho
Morphus Labs| LinkedIn|Twitter

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Source: Read More (SANS Internet Storm Center, InfoCON: green)

You might be interested in …

Daily NCSC-FI news followup 2020-09-18

RampantKitten: An Iranian Surveillance Operation unraveled blog.checkpoint.com/2020/09/18/rampantkitten-an-iranian-surveillance-operation-unraveled/ Check Point Research has unraveled an ongoing surveillance operation by Iranian entities that has been targeting Iranian expats and dissidents for years. While some individual sightings of this attack were previously reported by other researchers and journalists, our investigation allowed us to connect the several different campaigns and […]

Read More

[ZDNet] These phishing emails want to deliver password-stealing malware to energy companies and their suppliers

All posts, ZDNet

The fake emails are well researched in an effort to dupe victims into believing they’re interacting with known companies in the industry. Source: Read More (Latest topics for ZDNet in Security)

Read More

[BleepingComputer] Hackers can exploit bugs in Samsung pre-installed apps to spy on users

Samsung is working on patching multiple vulnerabilities affecting its mobile devices that could be used for spying or to take full control of the system. […] Source: Read More (BleepingComputer)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.