Microsoft released its Patch Tuesday, May 2021 with updates and security patches to fix 55 security flaws within Windows and other products. From these flaws, 4 are rated as critical and 3 are zero-day vulnerabilities.
⚡ TL;DR | Go Straight to the May 2021 Patch Tuesday Audit Report.
3 Zero-Day Vulnerabilities Fixed
In their Patch Tuesday of May 2021, three publicly-disclosed zero-day vulnerabilities were patched:
- CVE-2021-31204 - .NET and Visual Studio Elevation of Privilege vulnerability
- CVE-2021-31207 - Exchange Server Security Bypass Feature Vulnerability
- CVE-2021-31200 - Common Utilities Remote Code Execution vulnerability.
Windows 10 End of Service
Windows 10 Version 1803 & Version 1809
Microsoft just released the last update for version 1803 of Windows 10 named KB5003174. This contains the new Microsoft Edge, updates to improve Windows OLE security, and updates for Bluetooth drivers. Version 1809 received the update KB5003171 which improves security when Windows performs basic operations, updates to improve the Windows OLE security, and updates for the Bluetooth drivers.
These updates remove the Edge Legacy desktop application (which is out of support) and install the new Edge. There are also security updates for Windows App Platform and Framework, Microsoft Scripting Engine, Windows Silicon Platform, and Windows Cryptography.
Remember that this is the latest security update for this version, start updating all your Windows 10 installations.
Get Started with IT Asset Management 2.0
Discover assets you don't even know about and learn why Lansweeper is used by thousands of organizations worldwide.
Windows 10 Version 1909
Version 1909 of Windows also received the last update (KB5003169) for the Home and Pro editions which updates an issue that might cause scroll bar controls to appear blank and not function. This issue affects 32-bit applications running on 64-bit Windows 10.
Run the Patch Tuesday (May 2021) Audit Report
Our experts created a Patch Tuesday Audit Report that checks if the assets in your network are on the latest patch updates. It's color-coded to give you an easy and quick overview of which assets are already on the latest Windows update, and which ones still need to be patched. As always, all admins are advised to install these security updates as soon as possible to protect Windows from security risks.
Other Vulnerability CVE Codes & Description
|CVE Number||CVE Title|
|CVE-2021-31936||Microsoft Accessibility Insights for Web Information Disclosure Vulnerability|
|CVE-2021-31214||Visual Studio Code Remote Code Execution Vulnerability|
|CVE-2021-31213||Visual Studio Code Remote Containers Extension Remote Code Execution Vulnerability|
|CVE-2021-31211||Visual Studio Code Remote Code Execution Vulnerability|
|CVE-2021-31209||Microsoft Exchange Server Spoofing Vulnerability|
|CVE-2021-31208||Windows Container Manager Service Elevation of Privilege Vulnerability|
|CVE-2021-31207||Microsoft Exchange Server Security Feature Bypass Vulnerability|
|CVE-2021-31205||Windows SMB Client Security Feature Bypass Vulnerability|
|CVE-2021-31204||.NET and Visual Studio Elevation of Privilege Vulnerability|
|CVE-2021-31200||Common Utilities Remote Code Execution Vulnerability|
|CVE-2021-31198||Microsoft Exchange Server Remote Code Execution Vulnerability|
|CVE-2021-31195||Microsoft Exchange Server Remote Code Execution Vulnerability|
|CVE-2021-31194||OLE Automation Remote Code Execution Vulnerability|
|CVE-2021-31193||Windows SSDP Service Elevation of Privilege Vulnerability|
|CVE-2021-31192||Windows Media Foundation Core Remote Code Execution Vulnerability|
|CVE-2021-31191||Windows Projected File System FS Filter Driver Information Disclosure Vulnerability|
|CVE-2021-31190||Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability|
|CVE-2021-31188||Windows Graphics Component Elevation of Privilege Vulnerability|
|CVE-2021-31187||Windows WalletService Elevation of Privilege Vulnerability|
|CVE-2021-31186||Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability|
|CVE-2021-31185||Windows Desktop Bridge Denial of Service Vulnerability|
|CVE-2021-31184||Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability|
|CVE-2021-31182||Microsoft Bluetooth Driver Spoofing Vulnerability|
|CVE-2021-31181||Microsoft SharePoint Remote Code Execution Vulnerability|
|CVE-2021-31180||Microsoft Office Graphics Remote Code Execution Vulnerability|
|CVE-2021-31179||Microsoft Office Remote Code Execution Vulnerability|
|CVE-2021-31178||Microsoft Office Information Disclosure Vulnerability|
|CVE-2021-31177||Microsoft Office Remote Code Execution Vulnerability|
|CVE-2021-31176||Microsoft Office Remote Code Execution Vulnerability|
|CVE-2021-31175||Microsoft Office Remote Code Execution Vulnerability|
|CVE-2021-31174||Microsoft Excel Information Disclosure Vulnerability|
|CVE-2021-31173||Microsoft SharePoint Server Information Disclosure Vulnerability|
|CVE-2021-31172||Microsoft SharePoint Spoofing Vulnerability|
|CVE-2021-31171||Microsoft SharePoint Information Disclosure Vulnerability|
|CVE-2021-31170||Windows Graphics Component Elevation of Privilege Vulnerability|
|CVE-2021-31169||Windows Container Manager Service Elevation of Privilege Vulnerability|
|CVE-2021-31168||Windows Container Manager Service Elevation of Privilege Vulnerability|
|CVE-2021-31167||Windows Container Manager Service Elevation of Privilege Vulnerability|
|CVE-2021-31166||HTTP Protocol Stack Remote Code Execution Vulnerability|
|CVE-2021-31165||Windows Container Manager Service Elevation of Privilege Vulnerability|
|CVE-2021-28479||Windows CSC Service Information Disclosure Vulnerability|
|CVE-2021-28478||Microsoft SharePoint Spoofing Vulnerability|
|CVE-2021-28476||Hyper-V Remote Code Execution Vulnerability|
|CVE-2021-28474||Microsoft SharePoint Server Remote Code Execution Vulnerability|
|CVE-2021-28465||Web Media Extensions Remote Code Execution Vulnerability|
|CVE-2021-28461||Dynamics Finance and Operations Cross-site Scripting Vulnerability|
|CVE-2021-28455||Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability|
|CVE-2021-27068||Visual Studio Remote Code Execution Vulnerability|
|CVE-2021-26422||Skype for Business and Lync Remote Code Execution Vulnerability|
|CVE-2021-26421||Skype for Business and Lync Spoofing Vulnerability|
|CVE-2021-26419||Scripting Engine Memory Corruption Vulnerability|
|CVE-2021-26418||Microsoft SharePoint Spoofing Vulnerability|
|CVE-2020-26144||Windows Wireless Networking Spoofing Vulnerability|
|CVE-2020-24588||Windows Wireless Networking Spoofing Vulnerability|
|CVE-2020-24587||Windows Wireless Networking Information Disclosure Vulnerability|
|ADV990001||Latest Servicing Stack Updates|
If you haven't already, start your free trial of Lansweeper to run the Microsoft Patch Tuesday Report. Make sure to subscribe via the form below if you want to receive the latest Microsoft Patch reports and bonus network reports.