98 CVEs were discovered during the May security report

Teodor Nechita
by Teodor Nechita
Software Managing Editor
Eager to help those in need, Teodor writes articles daily on subjects regarding Windows, Xbox, and all things tech-related. When not working, you may usually find him either at the gym or taking a... Read more
Affiliate Disclosure
  • CVEs stand for Common Vulnerabilities and Exposures, and they vary in form and what they affect.
  • During Patch Tuesday, a report of all CVEs is released to the general public.
  • CVEs are rated based on severity, from Important, to the more serious ones rated as Critical.
  • Read more about this month's CVE,s and update your PC if needed.

We all know that the focus of the Patch Tuesday updates is the improvement of the Windows experience for users, but they aren’t only about adding, enhancing, and fixing features.

However, another key aspect to these updates is the security improvements that come with them, and that’s pretty much why we recommend that everyone get these updates as soon as they become available in your region.

Well, May 11th is here, and so are the Patch Tuesday updates, and this means that the CVE reports are here as well.

So far, 2021 has been quite abundant in CVEs, with the following numbers being discovered each month:

  • January: 91
  • February: 106
  • March: 97
  • April: 124

All in all, here’s a brief rundown of this month’s CVE situation for both Adobe and Microsoft-related products, and we will also highlight some of the more severe ones detected.

The May CVE report includes 98 identified CVEs

Vulnerabilities found in Adobe products

Adobe has released a total of 12 patches that are meant to fix 43 identified CVEs that affected Experience Manager, InDesign, Illustrator, InCopy, Adobe Genuine Service, Acrobat and Reader, Magento, Creative Cloud Desktop, Media Encoder, Medium, and Animate.

Of the 43 total Adobe CVEs, 14 targeted Adobe Acrobat Reader, one of which has still been left unresolved, and they can be used to exploit user data via modified PDFs opened in Acrobat.

Vulnerabilities found in Microsoft products

The bulk of this month’s CVE report, as always, is the Microsoft-related CVEs, and they add up to a grand total of 55.

These CVEs target Microsoft Windows, .NET Core and Visual Studio, Internet Explorer (IE), Microsoft Office, SharePoint Server, Open-Source Software, Hyper-V, Skype for Business and Microsoft Lync, and Exchange Server.

As far as severity is concerned of these 55 bugs, they were rated as follows:

  • 4 are rated as Critical
  • 50 are rated Important
  • One is rated Moderate in severity.

Which were some of the most severe CVEs?

Some CVEs stand out in this report either because of how easily they were to exploit, or the popularity of teh program that was targeted, and they are the following:

Here’s a complete list of all the CVEs included in this month’s report:

CVE

Title

Severity

CVE-2021-31204 .NET Core and Visual Studio Elevation of Privilege Vulnerability Important
CVE-2021-31200 Common Utilities Remote Code Execution Vulnerability Important
CVE-2021-31207 Microsoft Exchange Server Security Feature Bypass Vulnerability Moderate
CVE-2021-31166 HTTP Protocol Stack Remote Code Execution Vulnerability Critical
CVE-2021-28476 Hyper-V Remote Code Execution Vulnerability Critical
CVE-2021-31194 OLE Automation Remote Code Execution Vulnerability Critical
CVE-2021-26419 Scripting Engine Memory Corruption Vulnerability Critical
CVE-2021-28461 Dynamics Finance and Operations Cross-site Scripting Vulnerability Important
CVE-2021-31936 Microsoft Accessibility Insights for Web Information Disclosure Vulnerability Important
CVE-2021-31182 Microsoft Bluetooth Driver Spoofing Vulnerability Important
CVE-2021-31174 Microsoft Excel Information Disclosure Vulnerability Important
CVE-2021-31195 Microsoft Exchange Server Remote Code Execution Vulnerability Important
CVE-2021-31198 Microsoft Exchange Server Remote Code Execution Vulnerability Important
CVE-2021-31209 Microsoft Exchange Server Spoofing Vulnerability Important
CVE-2021-28455 Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability Important
CVE-2021-31180 Microsoft Office Graphics Remote Code Execution Vulnerability Important
CVE-2021-31178 Microsoft Office Information Disclosure Vulnerability Important
CVE-2021-31175 Microsoft Office Remote Code Execution Vulnerability Important
CVE-2021-31176 Microsoft Office Remote Code Execution Vulnerability Important
CVE-2021-31177 Microsoft Office Remote Code Execution Vulnerability Important
CVE-2021-31179 Microsoft Office Remote Code Execution Vulnerability Important
CVE-2021-31171 Microsoft SharePoint Information Disclosure Vulnerability Important
CVE-2021-31181 Microsoft SharePoint Remote Code Execution Vulnerability Important
CVE-2021-31173 Microsoft SharePoint Server Information Disclosure Vulnerability Important
CVE-2021-28474 Microsoft SharePoint Server Remote Code Execution Vulnerability Important
CVE-2021-26418 Microsoft SharePoint Spoofing Vulnerability Important
CVE-2021-28478 Microsoft SharePoint Spoofing Vulnerability Important
CVE-2021-31172 Microsoft SharePoint Spoofing Vulnerability Important
CVE-2021-31184 Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability Important
CVE-2021-26422 Skype for Business and Lync Remote Code Execution Vulnerability Important
CVE-2021-26421 Skype for Business and Lync Spoofing Vulnerability Important
CVE-2021-31214 Visual Studio Code Remote Code Execution Vulnerability Important
CVE-2021-31211 Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability Important
CVE-2021-31213 Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability Important
CVE-2021-27068 Visual Studio Remote Code Execution Vulnerability Important
CVE-2021-28465 Web Media Extensions Remote Code Execution Vulnerability Important
CVE-2021-31190 Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability Important
CVE-2021-31165 Windows Container Manager Service Elevation of Privilege Vulnerability Important
CVE-2021-31167 Windows Container Manager Service Elevation of Privilege Vulnerability Important
CVE-2021-31168 Windows Container Manager Service Elevation of Privilege Vulnerability Important
CVE-2021-31169 Windows Container Manager Service Elevation of Privilege Vulnerability Important
CVE-2021-31208 Windows Container Manager Service Elevation of Privilege Vulnerability Important
CVE-2021-28479 Windows CSC Service Information Disclosure Vulnerability Important
CVE-2021-31185 Windows Desktop Bridge Denial of Service Vulnerability Important
CVE-2021-31170 Windows Graphics Component Elevation of Privilege Vulnerability Important
CVE-2021-31188 Windows Graphics Component Elevation of Privilege Vulnerability Important
CVE-2021-31192 Windows Media Foundation Core Remote Code Execution Vulnerability Important
CVE-2021-31191 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability Important
CVE-2021-31186 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Important
CVE-2021-31205 Windows SMB Client Security Feature Bypass Vulnerability Important
CVE-2021-31193 Windows SSDP Service Elevation of Privilege Vulnerability Important
CVE-2021-31187 Windows WalletService Elevation of Privilege Vulnerability Important
CVE-2020-24587 Windows Wireless Networking Information Disclosure Vulnerability Important
CVE-2020-24588 Windows Wireless Networking Spoofing Vulnerability Important
CVE-2020-26144 Windows Wireless Networking Spoofing Vulnerability Important

That being said, we will conclude our overview of this month’s CVE report, and we recommend that anyone using any of the affected Adobe or Microsoft products apply the latest Patch Tuesday updates as soon as possible.

On the other hand, users could always try third-party antiviruses to help with security, since they work just as well, if not better, than updating your PC.

Let us know what you think about this month’s CVE report by leaving us your feedback in the comments section below.

This article covers:Topics: