Microsoft has released its May 2021 Patch Tuesday security updates that fix over 50 bugs across a variety of the company's products, including Internet Explorer, .NET Core and Visual Studio, Exchange Server, Windows Codecs Library, Bluetooth driver, and Windows Codecs Library to name a few.
As part of the May 2021 Patch Tuesday release the tech giant addressed three previously disclosed vulnerabilities. They are as follows:
CVE-2021-31204 – .NET and Visual Studio Elevation of Privilege Vulnerability
CVE-2021-31207 – Microsoft Exchange Server Security Feature Bypass Vulnerability
CVE-2021-31200 – Common Utilities Remote Code Execution Vulnerability
Of all fixed bugs this month the most noteworthy is CVE-2021-31166, a Windows 10 and Windows Server flaw which allows an unauthenticated attacker to remotely execute malicious code at the operating system level. The vulnerability exists due to improper input validation in HTTP Protocol Stack.
Another interesting vulnerability rated critical is CVE-2021-28476, an RCE flaw in Hyper-V which could allow a remote, unauthenticated attacker to compromise a Hyper-V host via a guest virtual machine (VM).
Adobe has also rolled out a batch of security patches that eliminate a number of vulnerabilities across Adobe Creative Cloud Desktop Application, Illustrator, InDesign, and Magento, including a zero-day vulnerability in Adobe Acrobat PDF reader software.
The flaw, tracked as CVE-2021-28550, “has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows,” Adobe said.
The vulnerability exists due to a use-after-free error when processing PDF content. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.