Microsoft released its monthly security update Tuesday 11th May 2021, disclosing 55 vulnerabilities across its suite of products.
A new update for Windows 10 known as “Version 21H1” was released on the 18th of May 2021. This update comes from Microsoft’s Semi-Annual update program which aims to release a new stable build every 6 months. Following this, as reported by Lansweeper.com, two previous Windows 10 updates have now reached end of life for security updates. These updates are “Version 1803”, “Version 1809” and “Version 1909”.
In all, there are 4 critical vulnerabilities as part of this release, and one considered of “moderate” severity. The remainder are all “important.”
As reported by dshield.org, the most notable critical vulnerability from this month’s Patch Tuesday is CVE-2021-31166 which allows for remote code execution to occur. This vulnerability can be found in HTTP.sys and is achieved by sending a purpose-built HTTP request to the infected Windows machine. Unfortunately, this vulnerability is found across several versions of Windows so is rated as critical.
This month’s security update provides patches for several other pieces of software, including Microsoft Office SharePoint, Microsoft Excel and Visual Studio.
SNORT rules are available for CVE-2021-26419, CVE-2021-31166, CVE-2021-31170, CVE-2021-31181, CVE-2021-31188. The GID’s for which can be found here.
A full list of Microsoft’s May 2021 Patches, their CVE’s Severities, scores, exploits, and disclosures can be found here: SANS Internet Storm Centre.