98 CVEs were discovered during the May security report

We all know that the focus of the Patch Tuesday updates is the improvement of the Windows experience for users, but they aren’t only about adding, enhancing, and fixing features.

However, another key aspect to these updates is the security improvements that come with them, and that’s pretty much why we recommend that everyone get these updates as soon as they become available in your region.

Well, May 11th is here, and so are the Patch Tuesday updates, and this means that the CVE reports are here as well.

So far, 2021 has been quite abundant in CVEs, with the following numbers being discovered each month:

• January: 91
• February: 106
• March: 97
• April: 124

All in all, here’s a brief rundown of this month’s CVE situation for both Adobe and Microsoft-related products, and we will also highlight some of the more severe ones detected.

The May CVE report includes 98 identified CVEs

Vulnerabilities found in Adobe products

Adobe has released a total of 12 patches that are meant to fix 43 identified CVEs that affected Experience Manager, InDesign, Illustrator, InCopy, Adobe Genuine Service, Acrobat and Reader, Magento, Creative Cloud Desktop, Media Encoder, Medium, and Animate.

Of the 43 total Adobe CVEs, 14 targeted Adobe Acrobat Reader, one of which has still been left unresolved, and they can be used to exploit user data via modified PDFs opened in Acrobat.

Vulnerabilities found in Microsoft products

The bulk of this month’s CVE report, as always, is the Microsoft-related CVEs, and they add up to a grand total of 55.

These CVEs target Microsoft Windows, .NET Core and Visual Studio, Internet Explorer (IE), Microsoft Office, SharePoint Server, Open-Source Software, Hyper-V, Skype for Business and Microsoft Lync, and Exchange Server.

As far as severity is concerned of these 55 bugs, they were rated as follows:

• 4 are rated as Critical
• 50 are rated Important
• One is rated Moderate in severity.

Which were some of the most severe CVEs?

Some CVEs stand out in this report either because of how easily they were to exploit, or the popularity of teh program that was targeted, and they are the following:

• CVE-2021-31166
  • HTTP Protocol Stack Remote Code Execution Vulnerability
• CVE-2021-28476
  • Hyper-V Remote Code Execution Vulnerability
• CVE-2021-27068
  • Visual Studio Remote Code Execution Vulnerability
• CVE-2020-24587
  • Windows Wireless Networking Information Disclosure Vulnerability

Here’s a complete list of all the CVEs included in this month’s report:

CVE	Title	Severity
CVE-2021-31204	.NET Core and Visual Studio Elevation of Privilege Vulnerability	Important
CVE-2021-31200	Common Utilities Remote Code Execution Vulnerability	Important
CVE-2021-31207	Microsoft Exchange Server Security Feature Bypass Vulnerability	Moderate
CVE-2021-31166	HTTP Protocol Stack Remote Code Execution Vulnerability	Critical
CVE-2021-28476	Hyper-V Remote Code Execution Vulnerability	Critical
CVE-2021-31194	OLE Automation Remote Code Execution Vulnerability	Critical
CVE-2021-26419	Scripting Engine Memory Corruption Vulnerability	Critical
CVE-2021-28461	Dynamics Finance and Operations Cross-site Scripting Vulnerability	Important
CVE-2021-31936	Microsoft Accessibility Insights for Web Information Disclosure Vulnerability	Important
CVE-2021-31182	Microsoft Bluetooth Driver Spoofing Vulnerability	Important
CVE-2021-31174	Microsoft Excel Information Disclosure Vulnerability	Important
CVE-2021-31195	Microsoft Exchange Server Remote Code Execution Vulnerability	Important
CVE-2021-31198	Microsoft Exchange Server Remote Code Execution Vulnerability	Important
CVE-2021-31209	Microsoft Exchange Server Spoofing Vulnerability	Important
CVE-2021-28455	Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability	Important
CVE-2021-31180	Microsoft Office Graphics Remote Code Execution Vulnerability	Important
CVE-2021-31178	Microsoft Office Information Disclosure Vulnerability	Important
CVE-2021-31175	Microsoft Office Remote Code Execution Vulnerability	Important
CVE-2021-31176	Microsoft Office Remote Code Execution Vulnerability	Important
CVE-2021-31177	Microsoft Office Remote Code Execution Vulnerability	Important
CVE-2021-31179	Microsoft Office Remote Code Execution Vulnerability	Important
CVE-2021-31171	Microsoft SharePoint Information Disclosure Vulnerability	Important
CVE-2021-31181	Microsoft SharePoint Remote Code Execution Vulnerability	Important
CVE-2021-31173	Microsoft SharePoint Server Information Disclosure Vulnerability	Important
CVE-2021-28474	Microsoft SharePoint Server Remote Code Execution Vulnerability	Important
CVE-2021-26418	Microsoft SharePoint Spoofing Vulnerability	Important
CVE-2021-28478	Microsoft SharePoint Spoofing Vulnerability	Important
CVE-2021-31172	Microsoft SharePoint Spoofing Vulnerability	Important
CVE-2021-31184	Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability	Important
CVE-2021-26422	Skype for Business and Lync Remote Code Execution Vulnerability	Important
CVE-2021-26421	Skype for Business and Lync Spoofing Vulnerability	Important
CVE-2021-31214	Visual Studio Code Remote Code Execution Vulnerability	Important
CVE-2021-31211	Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability	Important
CVE-2021-31213	Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability	Important
CVE-2021-27068	Visual Studio Remote Code Execution Vulnerability	Important
CVE-2021-28465	Web Media Extensions Remote Code Execution Vulnerability	Important
CVE-2021-31190	Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability	Important
CVE-2021-31165	Windows Container Manager Service Elevation of Privilege Vulnerability	Important
CVE-2021-31167	Windows Container Manager Service Elevation of Privilege Vulnerability	Important
CVE-2021-31168	Windows Container Manager Service Elevation of Privilege Vulnerability	Important
CVE-2021-31169	Windows Container Manager Service Elevation of Privilege Vulnerability	Important
CVE-2021-31208	Windows Container Manager Service Elevation of Privilege Vulnerability	Important
CVE-2021-28479	Windows CSC Service Information Disclosure Vulnerability	Important
CVE-2021-31185	Windows Desktop Bridge Denial of Service Vulnerability	Important
CVE-2021-31170	Windows Graphics Component Elevation of Privilege Vulnerability	Important
CVE-2021-31188	Windows Graphics Component Elevation of Privilege Vulnerability	Important
CVE-2021-31192	Windows Media Foundation Core Remote Code Execution Vulnerability	Important
CVE-2021-31191	Windows Projected File System FS Filter Driver Information Disclosure Vulnerability	Important
CVE-2021-31186	Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability	Important
CVE-2021-31205	Windows SMB Client Security Feature Bypass Vulnerability	Important
CVE-2021-31193	Windows SSDP Service Elevation of Privilege Vulnerability	Important
CVE-2021-31187	Windows WalletService Elevation of Privilege Vulnerability	Important
CVE-2020-24587	Windows Wireless Networking Information Disclosure Vulnerability	Important
CVE-2020-24588	Windows Wireless Networking Spoofing Vulnerability	Important
CVE-2020-26144	Windows Wireless Networking Spoofing Vulnerability	Important

That being said, we will conclude our overview of this month’s CVE report, and we recommend that anyone using any of the affected Adobe or Microsoft products apply the latest Patch Tuesday updates as soon as possible.

On the other hand, users could always try third-party antiviruses to help with security, since they work just as well, if not better, than updating your PC.

Let us know what you think about this month’s CVE report by leaving us your feedback in the comments section below.