Report Name: Microsoft Patch Tuesday, May 2021Generated: 2021-07-09 02:33:28
| Product Name | Prevalence | U | C | H | M | L | Comment |
|---|---|---|---|---|---|---|---|
| HTTP Protocol Stack | 0.9 | 1 | HTTP Protocol Stack | ||||
| Windows Container Isolation FS Filter Driver | 0.9 | 1 | Windows Container Isolation FS Filter Driver | ||||
| Windows Container Manager Service | 0.9 | 1 | 4 | Windows Container Manager Service | |||
| Windows Media Foundation Core | 0.9 | 1 | Windows Media Foundation Core | ||||
| Windows SMB Client | 0.9 | 1 | Windows SMB Client | ||||
| Common Utilities | 0.8 | 1 | Common Utilities | ||||
| Microsoft Accessibility Insights for Web | 0.8 | 1 | Microsoft Accessibility Insights for Web | ||||
| Microsoft Bluetooth Driver | 0.8 | 1 | Microsoft Bluetooth Driver | ||||
| OLE Automation | 0.8 | 1 | OLE Automation | ||||
| Windows CSC Service | 0.8 | 1 | Windows component | ||||
| Windows Graphics Component | 0.8 | 2 | Windows Graphics Component | ||||
| Windows Projected File System FS Filter Driver | 0.8 | 1 | Windows component | ||||
| Windows Remote Desktop Protocol (RDP) | 0.8 | 1 | Windows Remote Desktop Protocol (RDP) | ||||
| Windows SSDP Service | 0.8 | 1 | Windows SSDP Service | ||||
| Windows WalletService | 0.8 | 1 | Windows component | ||||
| Windows Wireless Networking | 0.8 | 1 | 2 | Windows Wireless Networking | |||
| .NET and Visual Studio | 0.7 | 1 | .NET and Visual Studio | ||||
| Dynamics Finance and Operations | 0.7 | 1 | Dynamics Finance and Operations | ||||
| Microsoft Exchange Server | 0.7 | 3 | 1 | Microsoft Exchange Server | |||
| Microsoft Jet Red Database Engine and Access Connectivity Engine | 0.7 | 1 | Microsoft Jet Red Database Engine and Access Connectivity Engine | ||||
| Microsoft SharePoint | 0.7 | 1 | 1 | 5 | Microsoft SharePoint | ||
| Web Media Extensions | 0.7 | 1 | Web Media Extensions | ||||
| Windows Desktop Bridge | 0.7 | 1 | Windows Desktop Bridge | ||||
| Windows Infrared Data Association (IrDA) | 0.7 | 1 | Windows Infrared Data Association (IrDA) | ||||
| Microsoft Excel | 0.6 | 1 | MS Office product | ||||
| Microsoft Office | 0.6 | 4 | 1 | Microsoft Office | |||
| Microsoft Office Graphics | 0.6 | 1 | Microsoft Office Graphics | ||||
| Microsoft Scripting Engine | 0.6 | 1 | Microsoft Scripting Engine | ||||
| Skype for Business and Lync | 0.6 | 1 | 1 | Skype for Business and Lync | |||
| Windows Hyper-V | 0.6 | 1 | Hardware virtualization component of the client editions of Windows NT | ||||
| Visual Studio | 0.5 | 1 | Visual Studio | ||||
| Visual Studio Code | 0.3 | 2 | Integrated development environment | ||||
| Visual Studio Code Remote Containers Extension | 0.2 | 1 | Extension for Visual Studio Code IDE |
| Vulnerability Type | Criticality | U | C | H | M | L | Comment |
|---|---|---|---|---|---|---|---|
| Remote Code Execution | 1.0 | 1 | 17 | 3 | Remote Code Execution | ||
| Security Feature Bypass | 0.9 | 2 | Security Feature Bypass | ||||
| Denial of Service | 0.7 | 1 | Denial of Service | ||||
| Memory Corruption | 0.6 | 1 | Memory Corruption | ||||
| Elevation of Privilege | 0.5 | 1 | 10 | Elevation of Privilege | |||
| Cross Site Scripting | 0.4 | 1 | Cross Site Scripting | ||||
| Information Disclosure | 0.4 | 1 | 9 | Information Disclosure | |||
| Spoofing | 0.4 | 8 | Spoofing |
1. 
Remote Code Execution - Microsoft SharePoint (CVE-2021-31181) - Critical [686]
Description: Microsoft SharePoint Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 1.0 | 17 | Public exploit is found at Vulners (Microsoft SharePoint Unsafe Control And ViewState Remote Code Execution) | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | Microsoft SharePoint | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
qualys: CVE-2021-31181 – SharePoint Remote Code Execution Vulnerability
qualys: Microsoft released patches addressing a critical RCE vulnerability in SharePoint (CVE-2021-31181). This CVE has a high likelihood of exploitability and is assigned a CVSSv3 base score of 8.8 by the vendor.
tenable: CVE-2021-28474 and CVE-2021-31181 are a pair of RCE vulnerabilities in Microsoft SharePoint Server. Both were assigned a CVSSv3 score of 8.8 and a severity of Important. Microsoft rates these vulnerabilities as “Exploitation More Likely.” An attacker would need to be authenticated in order to exploit these flaws, though successful exploitation would grant an attacker remote code execution through the creation of a SharePoint site.
2. 
Elevation of Privilege - Windows Container Manager Service (CVE-2021-31167) - Critical [622]
Description: Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31165, CVE-2021-31168, CVE-2021-31169, CVE-2021-31208.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 1.0 | 18 | Exploitation in the wild is mentioned at AttackerKB | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows Container Manager Service | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
3. 
Memory Corruption - Microsoft Scripting Engine (CVE-2021-26419) - High [572]
Description: Scripting Engine Memory Corruption Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 1.0 | 17 | Public exploit is found at Vulners (Internet Explorer jscript9.dll Memory Corruption) | |
| 0.6 | 15 | Memory Corruption | |
| 0.6 | 14 | Microsoft Scripting Engine | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data |
4. 
Information Disclosure - Windows Wireless Networking (CVE-2020-24587) - High [570]
Description: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 1.0 | 18 | Exploitation in the wild is mentioned at Vulners (AttackerKB object), AttackerKB | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows Wireless Networking | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data |
zdi: CVE-2020-24587 - Windows Wireless Networking Information Disclosure Vulnerability. We don’t normally highlight info disclosure bugs, but this one has the potential to be pretty damaging. This patch fixes a vulnerability that could allow an attacker to disclose the contents of encrypted wireless packets on an affected system. It’s not clear what the range on such an attack would be, but you should assume some proximity is needed. You’ll also note this CVE is from 2020, which could indicate Microsoft has been working on this fix for some time.
5. Remote Code Execution - HTTP Protocol Stack (CVE-2021-31166) - High [508]
Description: HTTP Protocol Stack Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | HTTP Protocol Stack | |
| 1.0 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 9.8. Based on Microsoft data |
qualys: CVE-2021-31166 – HTTP Protocol Stack Remote Code Execution Vulnerability
qualys: HTTP Protocol Stack Remote Code Execution Vulnerability CVE-2021-31166 is a 9.8 not 7.8.
tenable: Update May 17: The section for CVE-2021-31166 has been updated to reflect the release of proof-of-concept (PoC) code.
tenable: CVE-2021-31166 is a RCE vulnerability which can be exploited by a remote, unauthenticated attacker sending a crafted HTTP packet to a system utilizing the HTTP Protocol Stack (http.sys). The vulnerability is considered to be wormable, which means that a single infection could result in a chain reaction of systems impacted across an enterprise without any user interaction. Microsoft assigned this critical flaw with a 9.8 CVSSv3 score, emphasizing the severity of the vulnerability. While details have not been released, this vulnerability is rated as “Exploitation More Likely” according to Microsoft’s Exploitability Index and we strongly recommend ensuring this patch is applied as soon as possible.
tenable: On May 16, security researcher 0vercl0k published PoC code to github for CVE-2021-31166. Based on our analysis, this exploit could only result in a denial of service (DoS) condition.
rapid7: HTTP Protocol Stack Remote Code Execution Vulnerability - CVE-2021-31166. The hottest vulnerability this month is in the HTTP.sys library. If an attacker has network access to a webserver running on an unpatched asset they may be able to send a specially crafted packet which could result in RCE. This was found internally by Microsoft and has not yet been observed in the wild. However, it is only a matter of time before someone figures out how to craft that special packet and we start to see widespread use against Windows 10 and Windows Server machines. Rated at 9.8, this potentially wormable vulnerability should be a high priority for remediation.
zdi: CVE-2021-31166 - HTTP Protocol Stack Remote Code Execution Vulnerability. This patch corrects a bug that could allow an unauthenticated attacker to remotely execute code as kernel. An attacker would simply need to send a specially crafted packet to an affected server. That makes this bug wormable, with even Microsoft calling that out in their write-up. Before you pass this aside, Windows 10 can also be configured as a web server, so it is impacted as well. Definitely put this on the top of your test-and-deploy list.
6. Remote Code Execution - OLE Automation (CVE-2021-31194) - High [475]
Description: OLE Automation Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | OLE Automation | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
7. Remote Code Execution - Windows Media Foundation Core (CVE-2021-31192) - High [467]
Description: Windows Media Foundation Core Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Windows Media Foundation Core | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.3. Based on Microsoft data |
8. Remote Code Execution - Microsoft Jet Red Database Engine and Access Connectivity Engine (CVE-2021-28455) - High [456]
Description: Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | Microsoft Jet Red Database Engine and Access Connectivity Engine | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
9. Remote Code Execution - Microsoft SharePoint (CVE-2021-28474) - High [456]
Description: Microsoft SharePoint Server Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | Microsoft SharePoint | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
tenable: CVE-2021-28474 and CVE-2021-31181 are a pair of RCE vulnerabilities in Microsoft SharePoint Server. Both were assigned a CVSSv3 score of 8.8 and a severity of Important. Microsoft rates these vulnerabilities as “Exploitation More Likely.” An attacker would need to be authenticated in order to exploit these flaws, though successful exploitation would grant an attacker remote code execution through the creation of a SharePoint site.
10. Remote Code Execution - Windows Hyper-V (CVE-2021-28476) - High [451]
Description: Hyper-V Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Hardware virtualization component of the client editions of Windows NT | |
| 1.0 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 9.9. Based on Microsoft data |
qualys: CVE-2021-28476 – Hyper-V Remote Code Execution Vulnerability
tenable: CVE-2021-28476 is a RCE vulnerability in Hyper-V which could allow a remote, unauthenticated attacker to compromise a Hyper-V host via a guest virtual machine (VM). The critical flaw was assigned a CVSSv3 score of 9.9, however it is rated as “Exploitation Less Likely.” The advisory from Microsoft does point out that the likely exploitation scenario for this flaw would result in a denial of service (DoS) condition, though in some cases RCE is possible as a guest VM could cause the Hyper-V host’s kernel to read from an arbitrary address.
rapid7: Hyper-V Remote Code Execution - CVE-2021-28476. There is some debate whether this vulnerability deserves its assigned 9.9 severity score. The limited details indicate that the most likely use of this bug is to cause a DoS on the Hyper-V host. This can cause a good amount of trouble for anyone running virtual machines but is not as damaging as the theoretical RCE this vulnerability could provide. In either case this is a good patch to put at the top of the todo-list.
zdi: CVE-2021-28476 - Hyper-V Remote Code Execution Vulnerability. With a CVSS of 9.9, this bug scores the highest severity rating for this month’s release. However, Microsoft notes an attacker is more likely to abuse this vulnerability for a denial of service in the form of a bugcheck rather than code execution. Because of this, it could be argued that the attack complexity would be high, which changes the CVSS rating to 8.5. That still rates as high severity, but not critical. Still, the bugcheck alone is worth making sure your Hyper-V systems get this update.
11. Remote Code Execution - Common Utilities (CVE-2021-31200) - High [448]
Description: Common Utilities Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Common Utilities | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.2. Based on Microsoft data |
qualys: - CVE-2021-31200 – Common Utilities Remote Code Execution Vulnerability
12. Remote Code Execution - Web Media Extensions (CVE-2021-28465) - High [443]
Description: Web Media Extensions Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | Web Media Extensions | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
13. Remote Code Execution - Microsoft Exchange Server (CVE-2021-31198) - High [443]
Description: Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31195.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | Microsoft Exchange Server | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
tenable: CVE-2021-31198, CVE-2021-31207, CVE-2021-31209 and CVE-2021-31195 are several flaws that impact Microsoft Exchange Server 2013, 2016, and 2019 and are all rated “Exploitation Less Likely,” ranging in severity from CVSSv3 6.5 to 7.8. Given the history of prior Exchange Server vulnerabilities in 2021 we felt it was important to highlight them and ensure administrators take action.
tenable: CVE-2021-31209 is a server spoofing vulnerability and received a CVSSv3 score of 6.5. CVE-2021-31195 and CVE-2021-31198 are both RCE vulnerabilities, but CVE-2021-31198, which received a CVSSv3 score of 7.8, is listed as a local attack vector. On the other hand, CVE-2021-31195 received a CVSSv3 score of 6.5 and is listed as having no impact on integrity or availability. Both RCEs require user interaction to exploit.
14. Remote Code Execution - Microsoft Exchange Server (CVE-2021-31195) - High [429]
Description: Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31198.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | Microsoft Exchange Server | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data |
tenable: CVE-2021-31198, CVE-2021-31207, CVE-2021-31209 and CVE-2021-31195 are several flaws that impact Microsoft Exchange Server 2013, 2016, and 2019 and are all rated “Exploitation Less Likely,” ranging in severity from CVSSv3 6.5 to 7.8. Given the history of prior Exchange Server vulnerabilities in 2021 we felt it was important to highlight them and ensure administrators take action.
tenable: CVE-2021-31209 is a server spoofing vulnerability and received a CVSSv3 score of 6.5. CVE-2021-31195 and CVE-2021-31198 are both RCE vulnerabilities, but CVE-2021-31198, which received a CVSSv3 score of 7.8, is listed as a local attack vector. On the other hand, CVE-2021-31195 received a CVSSv3 score of 6.5 and is listed as having no impact on integrity or availability. Both RCEs require user interaction to exploit.
15. Remote Code Execution - Microsoft Office (CVE-2021-31175) - High [424]
Description: Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31176, CVE-2021-31177, CVE-2021-31179.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Microsoft Office | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
16. Remote Code Execution - Microsoft Office (CVE-2021-31176) - High [424]
Description: Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31175, CVE-2021-31177, CVE-2021-31179.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Microsoft Office | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
17. Remote Code Execution - Microsoft Office (CVE-2021-31177) - High [424]
Description: Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31175, CVE-2021-31176, CVE-2021-31179.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Microsoft Office | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
18. Remote Code Execution - Microsoft Office (CVE-2021-31179) - High [424]
Description: Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31175, CVE-2021-31176, CVE-2021-31177.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Microsoft Office | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
19. Remote Code Execution - Microsoft Office Graphics (CVE-2021-31180) - High [424]
Description: Microsoft Office Graphics Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Microsoft Office Graphics | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
20. Remote Code Execution - Visual Studio (CVE-2021-27068) - High [418]
Description: Visual Studio Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Visual Studio | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
zdi: CVE-2021-27068 - Visual Studio Remote Code Execution Vulnerability. This patch fixes an unusual bug in Visual Studio 2019 that could allow code execution. It’s unusual because it’s listed as not requiring any user interaction, so it’s unclear how an attacker would leverage this vulnerability. It does appear that the attacker would need to be authenticated at some level, but the attack complexity is listed as low. If you are a developer running Visual Studio, make sure you grab this update.
21. Remote Code Execution - Skype for Business and Lync (CVE-2021-26422) - High [410]
Description: Skype for Business and Lync Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Skype for Business and Lync | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.2. Based on Microsoft data |
22. 
Security Feature Bypass - Microsoft Exchange Server (CVE-2021-31207) - High [409]
Description: Microsoft Exchange Server Security Feature Bypass Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.7 | 14 | Microsoft Exchange Server | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.6. Based on Microsoft data |
qualys: - CVE-2021-31207 – Microsoft Exchange Server Security Feature Bypass Vulnerability
tenable: CVE-2021-31198, CVE-2021-31207, CVE-2021-31209 and CVE-2021-31195 are several flaws that impact Microsoft Exchange Server 2013, 2016, and 2019 and are all rated “Exploitation Less Likely,” ranging in severity from CVSSv3 6.5 to 7.8. Given the history of prior Exchange Server vulnerabilities in 2021 we felt it was important to highlight them and ensure administrators take action.
tenable: Only one of these vulnerabilities, CVE-2021-31207 — a security feature bypass which received a CVSSv3 score of 6.6, was publicly disclosed. According to Microsoft, it was one of the Exchange Server vulnerabilities found during Pwn2Own 2021. None of these vulnerabilities have been reported as exploited in the wild at the time of publication.
rapid7: Exchange Server Security Feature Bypass - CVE-2021-31207. Not to be outdone, Exchange Server is back again with yet another patch. This one is not nearly as high profile as the recent vulnerability which saw widespread use, but still an important patch to apply given that Exchange Servers are almost always exposed to the internet. There are a few other less severe vulnerabilities this month for Exchange which were disclosed at Pwn2Own in April. We expect to see a continued focus on Exchange Server in the months to come.
23. Security Feature Bypass - Windows SMB Client (CVE-2021-31205) - High [406]
Description: Windows SMB Client Security Feature Bypass Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.9 | 14 | Windows SMB Client | |
| 0.4 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.3. Based on Microsoft data |
24. Elevation of Privilege - Windows Container Manager Service (CVE-2021-31165) - Medium [379]
Description: Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31167, CVE-2021-31168, CVE-2021-31169, CVE-2021-31208.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows Container Manager Service | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
25. Elevation of Privilege - Windows Container Manager Service (CVE-2021-31168) - Medium [379]
Description: Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31165, CVE-2021-31167, CVE-2021-31169, CVE-2021-31208.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows Container Manager Service | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
26. Elevation of Privilege - Windows Container Manager Service (CVE-2021-31169) - Medium [379]
Description: Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31165, CVE-2021-31167, CVE-2021-31168, CVE-2021-31208.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows Container Manager Service | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
27. Elevation of Privilege - Windows Container Isolation FS Filter Driver (CVE-2021-31190) - Medium [379]
Description: Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows Container Isolation FS Filter Driver | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
28. Elevation of Privilege - Windows Container Manager Service (CVE-2021-31208) - Medium [379]
Description: Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31165, CVE-2021-31167, CVE-2021-31168, CVE-2021-31169.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows Container Manager Service | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
29. Remote Code Execution - Visual Studio Code (CVE-2021-31211) - Medium [367]
Description: Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31214.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.3 | 14 | Integrated development environment | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
30. Remote Code Execution - Visual Studio Code (CVE-2021-31214) - Medium [367]
Description: Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31211.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.3 | 14 | Integrated development environment | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
31. Elevation of Privilege - Windows Graphics Component (CVE-2021-31170) - Medium [360]
Description: Windows Graphics Component Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31188.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows Graphics Component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
32. Elevation of Privilege - Windows WalletService (CVE-2021-31187) - Medium [360]
Description: Windows WalletService Elevation of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
33. Elevation of Privilege - Windows Graphics Component (CVE-2021-31188) - Medium [360]
Description: Windows Graphics Component Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31170.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows Graphics Component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
34. Elevation of Privilege - Windows SSDP Service (CVE-2021-31193) - Medium [360]
Description: Windows SSDP Service Elevation of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows SSDP Service | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
35. 
Denial of Service - Windows Desktop Bridge (CVE-2021-31185) - Medium [355]
Description: Windows Desktop Bridge Denial of Service Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.7 | 15 | Denial of Service | |
| 0.7 | 14 | Windows Desktop Bridge | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
36. Remote Code Execution - Visual Studio Code Remote Containers Extension (CVE-2021-31213) - Medium [348]
Description: Visual Studio Code Remote Containers Extension Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.2 | 14 | Extension for Visual Studio Code IDE | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
37. Elevation of Privilege - .NET and Visual Studio (CVE-2021-31204) - Medium [328]
Description: .NET and Visual Studio Elevation of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.7 | 14 | .NET and Visual Studio | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.3. Based on Microsoft data |
qualys: - CVE-2021-31204 – .NET and Visual Studio Elevation of Privilege Vulnerability
38. 
Spoofing - Windows Wireless Networking (CVE-2020-24588) - Medium [327]
Description: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Windows Wireless Networking | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data |
39. Spoofing - Windows Wireless Networking (CVE-2020-26144) - Medium [327]
Description: An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Windows Wireless Networking | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data |
40. Spoofing - Microsoft Bluetooth Driver (CVE-2021-31182) - Medium [327]
Description: Microsoft Bluetooth Driver Spoofing Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Microsoft Bluetooth Driver | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.1. Based on Microsoft data |
41. Information Disclosure - Windows Remote Desktop Protocol (RDP) (CVE-2021-31186) - Medium [327]
Description: Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows Remote Desktop Protocol (RDP) | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.4. Based on Microsoft data |
42. Information Disclosure - Microsoft Accessibility Insights for Web (CVE-2021-31936) - Medium [327]
Description: Microsoft Accessibility Insights for Web Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.8 | 14 | Microsoft Accessibility Insights for Web | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.4. Based on Microsoft data |
43. Spoofing - Microsoft SharePoint (CVE-2021-28478) - Medium [321]
Description: Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-26418, CVE-2021-31172.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Spoofing | |
| 0.7 | 14 | Microsoft SharePoint | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.6. Based on Microsoft data |
44. Information Disclosure - Windows CSC Service (CVE-2021-28479) - Medium [313]
Description: Windows CSC Service Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
45. Information Disclosure - Windows Projected File System FS Filter Driver (CVE-2021-31191) - Medium [313]
Description: Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
46. Spoofing - Microsoft SharePoint (CVE-2021-31172) - Medium [308]
Description: Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-26418, CVE-2021-28478.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Spoofing | |
| 0.7 | 14 | Microsoft SharePoint | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.1. Based on Microsoft data |
47. Spoofing - Microsoft Exchange Server (CVE-2021-31209) - Medium [308]
Description: Microsoft Exchange Server Spoofing Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Spoofing | |
| 0.7 | 14 | Microsoft Exchange Server | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data |
tenable: CVE-2021-31198, CVE-2021-31207, CVE-2021-31209 and CVE-2021-31195 are several flaws that impact Microsoft Exchange Server 2013, 2016, and 2019 and are all rated “Exploitation Less Likely,” ranging in severity from CVSSv3 6.5 to 7.8. Given the history of prior Exchange Server vulnerabilities in 2021 we felt it was important to highlight them and ensure administrators take action.
tenable: CVE-2021-31209 is a server spoofing vulnerability and received a CVSSv3 score of 6.5. CVE-2021-31195 and CVE-2021-31198 are both RCE vulnerabilities, but CVE-2021-31198, which received a CVSSv3 score of 7.8, is listed as a local attack vector. On the other hand, CVE-2021-31195 received a CVSSv3 score of 6.5 and is listed as having no impact on integrity or availability. Both RCEs require user interaction to exploit.
48. 
Cross Site Scripting - Dynamics Finance and Operations (CVE-2021-28461) - Medium [294]
Description: Dynamics Finance and Operations Cross-site Scripting Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Cross Site Scripting | |
| 0.7 | 14 | Dynamics Finance and Operations | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.1. Based on Microsoft data |
49. Information Disclosure - Windows Infrared Data Association (IrDA) (CVE-2021-31184) - Medium [294]
Description: Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.7 | 14 | Windows Infrared Data Association (IrDA) | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
50. Spoofing - Skype for Business and Lync (CVE-2021-26421) - Medium [289]
Description: Skype for Business and Lync Spoofing Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Spoofing | |
| 0.6 | 14 | Skype for Business and Lync | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data |
51. Spoofing - Microsoft SharePoint (CVE-2021-26418) - Medium [281]
Description: Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-28478, CVE-2021-31172.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Spoofing | |
| 0.7 | 14 | Microsoft SharePoint | |
| 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.6. Based on Microsoft data |
52. Information Disclosure - Microsoft SharePoint (CVE-2021-31173) - Medium [281]
Description: Microsoft SharePoint Server Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.7 | 14 | Microsoft SharePoint | |
| 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.3. Based on Microsoft data |
53. Information Disclosure - Microsoft Excel (CVE-2021-31174) - Medium [275]
Description: Microsoft Excel Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.6 | 14 | MS Office product | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
54. Information Disclosure - Microsoft Office (CVE-2021-31178) - Medium [275]
Description: Microsoft Office Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.6 | 14 | Microsoft Office | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
55. Information Disclosure - Microsoft SharePoint (CVE-2021-31171) - Medium [267]
Description: Microsoft SharePoint Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.7 | 14 | Microsoft SharePoint | |
| 0.4 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.1. Based on Microsoft data |
Elevation of Privilege (1)Information Disclosure (1)zdi: CVE-2020-24587 - Windows Wireless Networking Information Disclosure Vulnerability. We don’t normally highlight info disclosure bugs, but this one has the potential to be pretty damaging. This patch fixes a vulnerability that could allow an attacker to disclose the contents of encrypted wireless packets on an affected system. It’s not clear what the range on such an attack would be, but you should assume some proximity is needed. You’ll also note this CVE is from 2020, which could indicate Microsoft has been working on this fix for some time.
Remote Code Execution (1)qualys: CVE-2021-31181 – SharePoint Remote Code Execution Vulnerability
qualys: Microsoft released patches addressing a critical RCE vulnerability in SharePoint (CVE-2021-31181). This CVE has a high likelihood of exploitability and is assigned a CVSSv3 base score of 8.8 by the vendor.
tenable: CVE-2021-28474 and CVE-2021-31181 are a pair of RCE vulnerabilities in Microsoft SharePoint Server. Both were assigned a CVSSv3 score of 8.8 and a severity of Important. Microsoft rates these vulnerabilities as “Exploitation More Likely.” An attacker would need to be authenticated in order to exploit these flaws, though successful exploitation would grant an attacker remote code execution through the creation of a SharePoint site.
Memory Corruption (1)Remote Code Execution (20)qualys: CVE-2021-31166 – HTTP Protocol Stack Remote Code Execution Vulnerability
qualys: HTTP Protocol Stack Remote Code Execution Vulnerability CVE-2021-31166 is a 9.8 not 7.8.
tenable: Update May 17: The section for CVE-2021-31166 has been updated to reflect the release of proof-of-concept (PoC) code.
tenable: CVE-2021-31166 is a RCE vulnerability which can be exploited by a remote, unauthenticated attacker sending a crafted HTTP packet to a system utilizing the HTTP Protocol Stack (http.sys). The vulnerability is considered to be wormable, which means that a single infection could result in a chain reaction of systems impacted across an enterprise without any user interaction. Microsoft assigned this critical flaw with a 9.8 CVSSv3 score, emphasizing the severity of the vulnerability. While details have not been released, this vulnerability is rated as “Exploitation More Likely” according to Microsoft’s Exploitability Index and we strongly recommend ensuring this patch is applied as soon as possible.
tenable: On May 16, security researcher 0vercl0k published PoC code to github for CVE-2021-31166. Based on our analysis, this exploit could only result in a denial of service (DoS) condition.
rapid7: HTTP Protocol Stack Remote Code Execution Vulnerability - CVE-2021-31166. The hottest vulnerability this month is in the HTTP.sys library. If an attacker has network access to a webserver running on an unpatched asset they may be able to send a specially crafted packet which could result in RCE. This was found internally by Microsoft and has not yet been observed in the wild. However, it is only a matter of time before someone figures out how to craft that special packet and we start to see widespread use against Windows 10 and Windows Server machines. Rated at 9.8, this potentially wormable vulnerability should be a high priority for remediation.
zdi: CVE-2021-31166 - HTTP Protocol Stack Remote Code Execution Vulnerability. This patch corrects a bug that could allow an unauthenticated attacker to remotely execute code as kernel. An attacker would simply need to send a specially crafted packet to an affected server. That makes this bug wormable, with even Microsoft calling that out in their write-up. Before you pass this aside, Windows 10 can also be configured as a web server, so it is impacted as well. Definitely put this on the top of your test-and-deploy list.
tenable: CVE-2021-28474 and CVE-2021-31181 are a pair of RCE vulnerabilities in Microsoft SharePoint Server. Both were assigned a CVSSv3 score of 8.8 and a severity of Important. Microsoft rates these vulnerabilities as “Exploitation More Likely.” An attacker would need to be authenticated in order to exploit these flaws, though successful exploitation would grant an attacker remote code execution through the creation of a SharePoint site.
qualys: CVE-2021-28476 – Hyper-V Remote Code Execution Vulnerability
tenable: CVE-2021-28476 is a RCE vulnerability in Hyper-V which could allow a remote, unauthenticated attacker to compromise a Hyper-V host via a guest virtual machine (VM). The critical flaw was assigned a CVSSv3 score of 9.9, however it is rated as “Exploitation Less Likely.” The advisory from Microsoft does point out that the likely exploitation scenario for this flaw would result in a denial of service (DoS) condition, though in some cases RCE is possible as a guest VM could cause the Hyper-V host’s kernel to read from an arbitrary address.
rapid7: Hyper-V Remote Code Execution - CVE-2021-28476. There is some debate whether this vulnerability deserves its assigned 9.9 severity score. The limited details indicate that the most likely use of this bug is to cause a DoS on the Hyper-V host. This can cause a good amount of trouble for anyone running virtual machines but is not as damaging as the theoretical RCE this vulnerability could provide. In either case this is a good patch to put at the top of the todo-list.
zdi: CVE-2021-28476 - Hyper-V Remote Code Execution Vulnerability. With a CVSS of 9.9, this bug scores the highest severity rating for this month’s release. However, Microsoft notes an attacker is more likely to abuse this vulnerability for a denial of service in the form of a bugcheck rather than code execution. Because of this, it could be argued that the attack complexity would be high, which changes the CVSS rating to 8.5. That still rates as high severity, but not critical. Still, the bugcheck alone is worth making sure your Hyper-V systems get this update.
qualys: - CVE-2021-31200 – Common Utilities Remote Code Execution Vulnerability
tenable: CVE-2021-31198, CVE-2021-31207, CVE-2021-31209 and CVE-2021-31195 are several flaws that impact Microsoft Exchange Server 2013, 2016, and 2019 and are all rated “Exploitation Less Likely,” ranging in severity from CVSSv3 6.5 to 7.8. Given the history of prior Exchange Server vulnerabilities in 2021 we felt it was important to highlight them and ensure administrators take action.
tenable: CVE-2021-31209 is a server spoofing vulnerability and received a CVSSv3 score of 6.5. CVE-2021-31195 and CVE-2021-31198 are both RCE vulnerabilities, but CVE-2021-31198, which received a CVSSv3 score of 7.8, is listed as a local attack vector. On the other hand, CVE-2021-31195 received a CVSSv3 score of 6.5 and is listed as having no impact on integrity or availability. Both RCEs require user interaction to exploit.
zdi: CVE-2021-27068 - Visual Studio Remote Code Execution Vulnerability. This patch fixes an unusual bug in Visual Studio 2019 that could allow code execution. It’s unusual because it’s listed as not requiring any user interaction, so it’s unclear how an attacker would leverage this vulnerability. It does appear that the attacker would need to be authenticated at some level, but the attack complexity is listed as low. If you are a developer running Visual Studio, make sure you grab this update.
Security Feature Bypass (2)qualys: - CVE-2021-31207 – Microsoft Exchange Server Security Feature Bypass Vulnerability
tenable: CVE-2021-31198, CVE-2021-31207, CVE-2021-31209 and CVE-2021-31195 are several flaws that impact Microsoft Exchange Server 2013, 2016, and 2019 and are all rated “Exploitation Less Likely,” ranging in severity from CVSSv3 6.5 to 7.8. Given the history of prior Exchange Server vulnerabilities in 2021 we felt it was important to highlight them and ensure administrators take action.
tenable: Only one of these vulnerabilities, CVE-2021-31207 — a security feature bypass which received a CVSSv3 score of 6.6, was publicly disclosed. According to Microsoft, it was one of the Exchange Server vulnerabilities found during Pwn2Own 2021. None of these vulnerabilities have been reported as exploited in the wild at the time of publication.
rapid7: Exchange Server Security Feature Bypass - CVE-2021-31207. Not to be outdone, Exchange Server is back again with yet another patch. This one is not nearly as high profile as the recent vulnerability which saw widespread use, but still an important patch to apply given that Exchange Servers are almost always exposed to the internet. There are a few other less severe vulnerabilities this month for Exchange which were disclosed at Pwn2Own in April. We expect to see a continued focus on Exchange Server in the months to come.
Elevation of Privilege (10)qualys: - CVE-2021-31204 – .NET and Visual Studio Elevation of Privilege Vulnerability
Denial of Service (1)Information Disclosure (9)Spoofing (8)tenable: CVE-2021-31198, CVE-2021-31207, CVE-2021-31209 and CVE-2021-31195 are several flaws that impact Microsoft Exchange Server 2013, 2016, and 2019 and are all rated “Exploitation Less Likely,” ranging in severity from CVSSv3 6.5 to 7.8. Given the history of prior Exchange Server vulnerabilities in 2021 we felt it was important to highlight them and ensure administrators take action.
tenable: CVE-2021-31209 is a server spoofing vulnerability and received a CVSSv3 score of 6.5. CVE-2021-31195 and CVE-2021-31198 are both RCE vulnerabilities, but CVE-2021-31198, which received a CVSSv3 score of 7.8, is listed as a local attack vector. On the other hand, CVE-2021-31195 received a CVSSv3 score of 6.5 and is listed as having no impact on integrity or availability. Both RCEs require user interaction to exploit.
Cross Site Scripting (1)