Microsoft Patch Tuesday – May 2021

Microsoft-Patch-Tuesday-June-2021

Microsoft released its Patch Tuesday, May 2021 with updates and security patches to fix 55 security flaws within Windows and other products. From these flaws, 4 are rated as critical and 3 are zero-day vulnerabilities.

⚡ TL;DR | Go Straight to the May 2021 Patch Tuesday Audit Report.

3 Zero-Day Vulnerabilities Fixed

In their Patch Tuesday of May 2021, three publicly-disclosed zero-day vulnerabilities were patched:

  • CVE-2021-31204 - .NET and Visual Studio Elevation of Privilege vulnerability
  • CVE-2021-31207 - Exchange Server Security Bypass Feature Vulnerability
  • CVE-2021-31200 - Common Utilities Remote Code Execution vulnerability.

Windows 10 End of Service

Windows 10 Version 1803 & Version 1809

Microsoft just released the last update for version 1803 of Windows 10 named KB5003174. This contains the new Microsoft Edge, updates to improve Windows OLE security, and updates for Bluetooth drivers. Version 1809 received the update KB5003171 which improves security when Windows performs basic operations, updates to improve the Windows OLE security, and updates for the Bluetooth drivers.

These updates remove the Edge Legacy desktop application (which is out of support) and install the new Edge. There are also security updates for Windows App Platform and Framework, Microsoft Scripting Engine, Windows Silicon Platform, and Windows Cryptography.

Remember that this is the latest security update for this version, start updating all your Windows 10 installations.

Get Started with IT Asset Management 2.0

Discover assets you don't even know about and learn why Lansweeper is used by thousands of organizations worldwide.

Windows 10 Version 1909

Version 1909 of Windows also received the last update (KB5003169) for the Home and Pro editions which updates an issue that might cause scroll bar controls to appear blank and not function. This issue affects 32-bit applications running on 64-bit Windows 10.

Run the Patch Tuesday (May 2021) Audit Report

Our experts created a Patch Tuesday Audit Report that checks if the assets in your network are on the latest patch updates. It's color-coded to give you an easy and quick overview of which assets are already on the latest Windows update, and which ones still need to be patched. As always, all admins are advised to install these security updates as soon as possible to protect Windows from security risks.

Other Vulnerability CVE Codes & Description

CVE NumberCVE Title
CVE-2021-31936Microsoft Accessibility Insights for Web Information Disclosure Vulnerability
CVE-2021-31214Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-31213Visual Studio Code Remote Containers Extension Remote Code Execution Vulnerability
CVE-2021-31211Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-31209Microsoft Exchange Server Spoofing Vulnerability
CVE-2021-31208Windows Container Manager Service Elevation of Privilege Vulnerability
CVE-2021-31207Microsoft Exchange Server Security Feature Bypass Vulnerability
CVE-2021-31205Windows SMB Client Security Feature Bypass Vulnerability
CVE-2021-31204.NET and Visual Studio Elevation of Privilege Vulnerability
CVE-2021-31200Common Utilities Remote Code Execution Vulnerability
CVE-2021-31198Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-31195Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-31194OLE Automation Remote Code Execution Vulnerability
CVE-2021-31193Windows SSDP Service Elevation of Privilege Vulnerability
CVE-2021-31192Windows Media Foundation Core Remote Code Execution Vulnerability
CVE-2021-31191Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
CVE-2021-31190Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
CVE-2021-31188Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2021-31187Windows WalletService Elevation of Privilege Vulnerability
CVE-2021-31186Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
CVE-2021-31185Windows Desktop Bridge Denial of Service Vulnerability
CVE-2021-31184Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability
CVE-2021-31182Microsoft Bluetooth Driver Spoofing Vulnerability
CVE-2021-31181Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2021-31180Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2021-31179Microsoft Office Remote Code Execution Vulnerability
CVE-2021-31178Microsoft Office Information Disclosure Vulnerability
CVE-2021-31177Microsoft Office Remote Code Execution Vulnerability
CVE-2021-31176Microsoft Office Remote Code Execution Vulnerability
CVE-2021-31175Microsoft Office Remote Code Execution Vulnerability
CVE-2021-31174Microsoft Excel Information Disclosure Vulnerability
CVE-2021-31173Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2021-31172Microsoft SharePoint Spoofing Vulnerability
CVE-2021-31171Microsoft SharePoint Information Disclosure Vulnerability
CVE-2021-31170Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2021-31169Windows Container Manager Service Elevation of Privilege Vulnerability
CVE-2021-31168Windows Container Manager Service Elevation of Privilege Vulnerability
CVE-2021-31167Windows Container Manager Service Elevation of Privilege Vulnerability
CVE-2021-31166HTTP Protocol Stack Remote Code Execution Vulnerability
CVE-2021-31165Windows Container Manager Service Elevation of Privilege Vulnerability
CVE-2021-28479Windows CSC Service Information Disclosure Vulnerability
CVE-2021-28478Microsoft SharePoint Spoofing Vulnerability
CVE-2021-28476Hyper-V Remote Code Execution Vulnerability
CVE-2021-28474Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-28465Web Media Extensions Remote Code Execution Vulnerability
CVE-2021-28461Dynamics Finance and Operations Cross-site Scripting Vulnerability
CVE-2021-28455Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability
CVE-2021-27068Visual Studio Remote Code Execution Vulnerability
CVE-2021-26422Skype for Business and Lync Remote Code Execution Vulnerability
CVE-2021-26421Skype for Business and Lync Spoofing Vulnerability
CVE-2021-26419Scripting Engine Memory Corruption Vulnerability
CVE-2021-26418Microsoft SharePoint Spoofing Vulnerability
CVE-2020-26144Windows Wireless Networking Spoofing Vulnerability
CVE-2020-24588Windows Wireless Networking Spoofing Vulnerability
CVE-2020-24587Windows Wireless Networking Information Disclosure Vulnerability
ADV990001Latest Servicing Stack Updates

If you haven't already, start your free trial of Lansweeper to run the Microsoft Patch Tuesday Report. Make sure to subscribe via the form below if you want to receive the latest Microsoft Patch reports and bonus network reports.

Receive the Latest Patch Tuesday Report for FREE Every Month

  • Hidden
  • This field is for validation purposes and should be left unchanged.
Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

You may also like...

Try Lansweeper for Free

Learn why Lansweeper is used by thousands of enterprises worldwide.​