- CVEs stand for Common Vulnerabilities and Exposures, and they vary in form and what they affect.
- During Patch Tuesday, a report of all CVEs is released to the general public.
- CVEs are rated based on severity, from Important, to the more serious ones rated as Critical.
- Read more about this month's CVE,s and update your PC if needed.
We all know that the focus of the Patch Tuesday updates is the improvement of the Windows experience for users, but they aren’t only about adding, enhancing, and fixing features.
However, another key aspect to these updates is the security improvements that come with them, and that’s pretty much why we recommend that everyone get these updates as soon as they become available in your region.
Well, May 11th is here, and so are the Patch Tuesday updates, and this means that the CVE reports are here as well.
So far, 2021 has been quite abundant in CVEs, with the following numbers being discovered each month:
All in all, here’s a brief rundown of this month’s CVE situation for both Adobe and Microsoft-related products, and we will also highlight some of the more severe ones detected.
The May CVE report includes 98 identified CVEs
Vulnerabilities found in Adobe products
Adobe has released a total of 12 patches that are meant to fix 43 identified CVEs that affected Experience Manager, InDesign, Illustrator, InCopy, Adobe Genuine Service, Acrobat and Reader, Magento, Creative Cloud Desktop, Media Encoder, Medium, and Animate.
Of the 43 total Adobe CVEs, 14 targeted Adobe Acrobat Reader, one of which has still been left unresolved, and they can be used to exploit user data via modified PDFs opened in Acrobat.
Vulnerabilities found in Microsoft products
The bulk of this month’s CVE report, as always, is the Microsoft-related CVEs, and they add up to a grand total of 55.
These CVEs target Microsoft Windows, .NET Core and Visual Studio, Internet Explorer (IE), Microsoft Office, SharePoint Server, Open-Source Software, Hyper-V, Skype for Business and Microsoft Lync, and Exchange Server.
As far as severity is concerned of these 55 bugs, they were rated as follows:
- 4 are rated as Critical
- 50 are rated Important
- One is rated Moderate in severity.
Which were some of the most severe CVEs?
Some CVEs stand out in this report either because of how easily they were to exploit, or the popularity of teh program that was targeted, and they are the following:
- HTTP Protocol Stack Remote Code Execution Vulnerability
- Hyper-V Remote Code Execution Vulnerability
- Visual Studio Remote Code Execution Vulnerability
- Windows Wireless Networking Information Disclosure Vulnerability
Here’s a complete list of all the CVEs included in this month’s report:
|CVE-2021-31204||.NET Core and Visual Studio Elevation of Privilege Vulnerability||Important|
|CVE-2021-31200||Common Utilities Remote Code Execution Vulnerability||Important|
|CVE-2021-31207||Microsoft Exchange Server Security Feature Bypass Vulnerability||Moderate|
|CVE-2021-31166||HTTP Protocol Stack Remote Code Execution Vulnerability||Critical|
|CVE-2021-28476||Hyper-V Remote Code Execution Vulnerability||Critical|
|CVE-2021-31194||OLE Automation Remote Code Execution Vulnerability||Critical|
|CVE-2021-26419||Scripting Engine Memory Corruption Vulnerability||Critical|
|CVE-2021-28461||Dynamics Finance and Operations Cross-site Scripting Vulnerability||Important|
|CVE-2021-31936||Microsoft Accessibility Insights for Web Information Disclosure Vulnerability||Important|
|CVE-2021-31182||Microsoft Bluetooth Driver Spoofing Vulnerability||Important|
|CVE-2021-31174||Microsoft Excel Information Disclosure Vulnerability||Important|
|CVE-2021-31195||Microsoft Exchange Server Remote Code Execution Vulnerability||Important|
|CVE-2021-31198||Microsoft Exchange Server Remote Code Execution Vulnerability||Important|
|CVE-2021-31209||Microsoft Exchange Server Spoofing Vulnerability||Important|
|CVE-2021-28455||Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability||Important|
|CVE-2021-31180||Microsoft Office Graphics Remote Code Execution Vulnerability||Important|
|CVE-2021-31178||Microsoft Office Information Disclosure Vulnerability||Important|
|CVE-2021-31175||Microsoft Office Remote Code Execution Vulnerability||Important|
|CVE-2021-31176||Microsoft Office Remote Code Execution Vulnerability||Important|
|CVE-2021-31177||Microsoft Office Remote Code Execution Vulnerability||Important|
|CVE-2021-31179||Microsoft Office Remote Code Execution Vulnerability||Important|
|CVE-2021-31171||Microsoft SharePoint Information Disclosure Vulnerability||Important|
|CVE-2021-31181||Microsoft SharePoint Remote Code Execution Vulnerability||Important|
|CVE-2021-31173||Microsoft SharePoint Server Information Disclosure Vulnerability||Important|
|CVE-2021-28474||Microsoft SharePoint Server Remote Code Execution Vulnerability||Important|
|CVE-2021-26418||Microsoft SharePoint Spoofing Vulnerability||Important|
|CVE-2021-28478||Microsoft SharePoint Spoofing Vulnerability||Important|
|CVE-2021-31172||Microsoft SharePoint Spoofing Vulnerability||Important|
|CVE-2021-31184||Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability||Important|
|CVE-2021-26422||Skype for Business and Lync Remote Code Execution Vulnerability||Important|
|CVE-2021-26421||Skype for Business and Lync Spoofing Vulnerability||Important|
|CVE-2021-31214||Visual Studio Code Remote Code Execution Vulnerability||Important|
|CVE-2021-31211||Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability||Important|
|CVE-2021-31213||Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability||Important|
|CVE-2021-27068||Visual Studio Remote Code Execution Vulnerability||Important|
|CVE-2021-28465||Web Media Extensions Remote Code Execution Vulnerability||Important|
|CVE-2021-31190||Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability||Important|
|CVE-2021-31165||Windows Container Manager Service Elevation of Privilege Vulnerability||Important|
|CVE-2021-31167||Windows Container Manager Service Elevation of Privilege Vulnerability||Important|
|CVE-2021-31168||Windows Container Manager Service Elevation of Privilege Vulnerability||Important|
|CVE-2021-31169||Windows Container Manager Service Elevation of Privilege Vulnerability||Important|
|CVE-2021-31208||Windows Container Manager Service Elevation of Privilege Vulnerability||Important|
|CVE-2021-28479||Windows CSC Service Information Disclosure Vulnerability||Important|
|CVE-2021-31185||Windows Desktop Bridge Denial of Service Vulnerability||Important|
|CVE-2021-31170||Windows Graphics Component Elevation of Privilege Vulnerability||Important|
|CVE-2021-31188||Windows Graphics Component Elevation of Privilege Vulnerability||Important|
|CVE-2021-31192||Windows Media Foundation Core Remote Code Execution Vulnerability||Important|
|CVE-2021-31191||Windows Projected File System FS Filter Driver Information Disclosure Vulnerability||Important|
|CVE-2021-31186||Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability||Important|
|CVE-2021-31205||Windows SMB Client Security Feature Bypass Vulnerability||Important|
|CVE-2021-31193||Windows SSDP Service Elevation of Privilege Vulnerability||Important|
|CVE-2021-31187||Windows WalletService Elevation of Privilege Vulnerability||Important|
|CVE-2020-24587||Windows Wireless Networking Information Disclosure Vulnerability||Important|
|CVE-2020-24588||Windows Wireless Networking Spoofing Vulnerability||Important|
|CVE-2020-26144||Windows Wireless Networking Spoofing Vulnerability||Important|
That being said, we will conclude our overview of this month’s CVE report, and we recommend that anyone using any of the affected Adobe or Microsoft products apply the latest Patch Tuesday updates as soon as possible.
On the other hand, users could always try third-party antiviruses to help with security, since they work just as well, if not better, than updating your PC.
Let us know what you think about this month’s CVE report by leaving us your feedback in the comments section below.