Here we are again with another installment of Patch Tuesday. When compared to the past few months this one feels a bit light both in severity and number of vulnerabilities addressed. Microsoft has only released patches for 55 CVEs this month, less than half of the usual volume, with only 4 of them being scored as critical. Let's dive into the details.
HTTP Protocol Stack Remote Code Execution Vulnerability - CVE-2021-31166
The hottest vulnerability this month is in the HTTP.sys library. If an attacker has network access to a webserver running on an unpatched asset they may be able to send a specially crafted packet which could result in RCE. This was found internally by Microsoft and has not yet been observed in the wild. However, it is only a matter of time before someone figures out how to craft that special packet and we start to see widespread use against Windows 10 and Windows Server machines. Rated at 9.8, this potentially wormable vulnerability should be a high priority for remediation.
Hyper-V Remote Code Execution - CVE-2021-28476
There is some debate whether this vulnerability deserves its assigned 9.9 severity score. The limited details indicate that the most likely use of this bug is to cause a DoS on the Hyper-V host. This can cause a good amount of trouble for anyone running virtual machines but is not as damaging as the theoretical RCE this vulnerability could provide. In either case this is a good patch to put at the top of the todo-list.
Exchange Server Security Feature Bypass - CVE-2021-31207
Not to be outdone, Exchange Server is back again with yet another patch. This one is not nearly as high profile as the recent vulnerability which saw widespread use, but still an important patch to apply given that Exchange Servers are almost always exposed to the internet. There are a few other less severe vulnerabilities this month for Exchange which were disclosed at Pwn2Own in April. We expect to see a continued focus on Exchange Server in the months to come.
Summary Tables
Azure Vulnerabilities
| CVE | Title | Exploited | Disclosed | CVSS3 | FAQ |
|---|
| CVE-2021-31936 | Microsoft Accessibility Insights for Web Information Disclosure Vulnerability | No | No | 7.4 | Yes |
Browser ESU Vulnerabilities
| CVE | Title | Exploited | Disclosed | CVSS3 | FAQ |
|---|
| CVE-2021-26419 | Scripting Engine Memory Corruption Vulnerability | No | No | 7.5 | Yes |
Developer Tools Vulnerabilities
| CVE | Title | Exploited | Disclosed | CVSS3 | FAQ |
|---|
| CVE-2021-27068 | Visual Studio Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2021-31213 | Visual Studio Code Remote Containers Extension Remote Code Execution Vulnerability | No | No | 7.8 | Yes |
| CVE-2021-31211 | Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | Yes |
| CVE-2021-31214 | Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | Yes |
| CVE-2021-31204 | .NET and Visual Studio Elevation of Privilege Vulnerability | No | Yes | 7.3 | No |
Exchange Server Vulnerabilities
| CVE | Title | Exploited | Disclosed | CVSS3 | FAQ |
|---|
| CVE-2021-31209 | Microsoft Exchange Server Spoofing Vulnerability | No | No | 6.5 | Yes |
| CVE-2021-31207 | Microsoft Exchange Server Security Feature Bypass Vulnerability | No | Yes | 6.6 | Yes |
| CVE-2021-31198 | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 7.8 | No |
| CVE-2021-31195 | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 6.5 | No |
Microsoft Dynamics Vulnerabilities
| CVE | Title | Exploited | Disclosed | CVSS3 | FAQ |
|---|
| CVE-2021-28461 | Dynamics Finance and Operations Cross-site Scripting Vulnerability | No | No | 6.1 | No |
Microsoft Office Vulnerabilities
| CVE | Title | Exploited | Disclosed | CVSS3 | FAQ |
|---|
| CVE-2021-26421 | Skype for Business and Lync Spoofing Vulnerability | No | No | 6.5 | No |
| CVE-2021-26422 | Skype for Business and Lync Remote Code Execution Vulnerability | No | No | 7.2 | No |
| CVE-2021-28478 | Microsoft SharePoint Spoofing Vulnerability | No | No | 7.6 | No |
| CVE-2021-31172 | Microsoft SharePoint Spoofing Vulnerability | No | No | 7.1 | No |
| CVE-2021-26418 | Microsoft SharePoint Spoofing Vulnerability | No | No | 4.6 | No |
| CVE-2021-28474 | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes |
| CVE-2021-31173 | Microsoft SharePoint Server Information Disclosure Vulnerability | No | No | 5.3 | Yes |
| CVE-2021-31181 | Microsoft SharePoint Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2021-31171 | Microsoft SharePoint Information Disclosure Vulnerability | No | No | 4.1 | Yes |
| CVE-2021-31175 | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 | Yes |
| CVE-2021-31176 | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 | Yes |
| CVE-2021-31177 | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 | Yes |
| CVE-2021-31179 | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 | Yes |
| CVE-2021-31178 | Microsoft Office Information Disclosure Vulnerability | No | No | 5.5 | Yes |
| CVE-2021-31180 | Microsoft Office Graphics Remote Code Execution Vulnerability | No | No | 7.8 | Yes |
| CVE-2021-31174 | Microsoft Excel Information Disclosure Vulnerability | No | No | 5.5 | Yes |
Open Source Software Vulnerabilities
| CVE | Title | Exploited | Disclosed | CVSS3 | FAQ |
|---|
| CVE-2021-31200 | Common Utilities Remote Code Execution Vulnerability | No | Yes | 7.2 | Yes |
Windows Vulnerabilities
| CVE | Title | Exploited | Disclosed | CVSS3 | FAQ |
|---|
| CVE-2021-31187 | Windows WalletService Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-31205 | Windows SMB Client Security Feature Bypass Vulnerability | No | No | 4.3 | Yes |
| CVE-2021-31191 | Windows Projected File System FS Filter Driver Information Disclosure Vulnerability | No | No | 5.5 | Yes |
| CVE-2021-31192 | Windows Media Foundation Core Remote Code Execution Vulnerability | No | No | 7.3 | No |
| CVE-2021-31170 | Windows Graphics Component Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-31185 | Windows Desktop Bridge Denial of Service Vulnerability | No | No | 5.5 | No |
| CVE-2021-31165 | Windows Container Manager Service Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-31167 | Windows Container Manager Service Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-31168 | Windows Container Manager Service Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-31169 | Windows Container Manager Service Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-31208 | Windows Container Manager Service Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-31190 | Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-28479 | Windows CSC Service Information Disclosure Vulnerability | No | No | 5.5 | Yes |
| CVE-2021-28465 | Web Media Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes |
| CVE-2021-31166 | HTTP Protocol Stack Remote Code Execution Vulnerability | No | No | 9.8 | Yes |
Windows ESU Vulnerabilities
| CVE | Title | Exploited | Disclosed | CVSS3 | FAQ |
|---|
| CVE-2020-24588 | Windows Wireless Networking Spoofing Vulnerability | No | No | 6.5 | No |
| CVE-2020-26144 | Windows Wireless Networking Spoofing Vulnerability | No | No | 6.5 | No |
| CVE-2020-24587 | Windows Wireless Networking Information Disclosure Vulnerability | No | No | 6.5 | Yes |
| CVE-2021-31193 | Windows SSDP Service Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-31186 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | No | No | 7.4 | Yes |
| CVE-2021-31188 | Windows Graphics Component Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-31194 | OLE Automation Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2021-31184 | Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability | No | No | 5.5 | Yes |
| CVE-2021-31182 | Microsoft Bluetooth Driver Spoofing Vulnerability | No | No | 7.1 | No |
| CVE-2021-28476 | Hyper-V Remote Code Execution Vulnerability | No | No | 9.9 | Yes |
Windows Microsoft Office ESU Vulnerabilities
| CVE | Title | Exploited | Disclosed | CVSS3 | FAQ |
|---|
| CVE-2021-28455 | Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability | No | No | 8.8 | Yes |
Summary Graphs
