Security advisories

Microsoft Patches Critical Vulnerabilities 

May 11, 2021 | 2 MINS READ

Speak With A Security Expert Now

TALK TO AN EXPERT

THE THREAT

On May 11th, 2021, Microsoft released scheduled security patches for fifty-five separate vulnerabilities impacting a variety of Microsoft products [1]. Four vulnerabilities (CVE-2021-31166, CVE-2021-26419, CVE-2021-28476, CVE-2021-31194) are tracked as critical and should be immediate priority for patching. Additionally, Microsoft announced a high impact vulnerability (CVE-2021-31207) affecting on premises Microsoft Exchange servers that may allow threat actors to bypass Microsoft security features.

At this time, there is no indication that any of the vulnerabilities from this month’s release have been exploited in attacks in the wild. Organizations are strongly recommended to review Microsoft’s Patch Tuesday release and apply the available security patches.

What we’re doing about it

What you should do about it

Additional information

CVE-2021-31166 (CVSS: 9.8): HTTP Protocol Stack Remote Code Execution Vulnerability

CVE-2021-26419 (CVSS: 7.5): Scripting Engine Memory Corruption Vulnerability

CVE-2021-28476 (CVSS: 9.9): Hyper-V Remote Code Execution Vulnerability

CVE-2021-31194 (CVSS: 8.8): OLE Automation Remote Code Execution Vulnerability

CVE-2021-31207 (CVSS: 6.6): Microsoft Exchange Server Security Feature Bypass Vulnerability

For additional details and information on the rest of the vulnerabilities covered in the May Patch Tuesday release, please see the full release from Microsoft.

References:

[1] https://msrc.microsoft.com/update-guide/vulnerability
[2] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31166
[3] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26419
[4] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28476
[5] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31194
[6] https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31207

View Most Recent Advisories