Daily Bulletin

Technology


There are a number of Publicly Disclosed vulnerabilities and one Zero Day exploit this month across Microsoft and Adobe. Microsoft has resolved 55 vulnerabilities, four of which are rated as Critical. The top concern from the Microsoft updates this month is the update for Microsoft Exchange that includes the fix for CVE-2021-31207, which made its debut in the 2021 Pwn2Own competition. There are two other publicly disclosed vulnerabilities resolved by Microsoft this month in Common Utilities found in the NNI open source toolkit (CVE-2021-31200), and in .NET and Visual Studio (CVE-2021-31204)

 

Microsoft Exchange Admins have had a rough stretch in the past few months starting with the zero day exploits targeted by HAFNIUM followed by the April Exchange update resolving four NSA discovered vulnerabilities, and with the May update we are seeing the first of several vulnerabilities that were showcased in Pwn2Own getting to resolution. CVE-2021-31207 is only rated as Moderate, but the Security Feature Bypass exploit was showcased prominently in the Pwn2Own contest and at some point details of the exploit will be published. At that point threat actors will be able to take advantage of the vulnerability if they have not already begun attempting to reverse engineer an exploit.

 

There are two other publicly disclosed vulnerabilities resolved by Microsoft this month. CVE-2021-31200 is a Remote Code Execution vulnerability in Common Utilities, which is a python script from the NNI (Neural Network Intelligence) open source toolkit, and CVE-2021-31204 which is a Elevation of Privilege vulnerability in .NET and Visual Studio. Both Publicly Disclosed vulnerabilities are rated as Important, but the disclosure puts them at a higher risk of being exploited.

 

Adobe has released 12 updates for May Patch Tuesday. These updates resolve 42 unique CVEs, 16 of which are rated as critical and one is actively being exploited in targeted attacks (CVE-2021-28550). Adobe Acrobat and Reader (APSB21-29) is a priority 1 update indicating it resolves a vulnerability that is actively being exploited. The updates for Adobe Magento (APSB21-30) and Adobe Experience Manager (APSB21-15) are rated priority 2 by Adobe. The updates for Adobe InDesign, Illustrator, InCopy, Adobe Creative Cloud Desktop Application, Animate, and Medium are rated as priority 3, but do include Critical vulnerabilities. The remainder of Adobe’s releases are rated priority 3 and include updates for vulnerabilities rated as Important.

 

On a side topic, this month marks the final update for several Windows 10 and Server editions, so make sure you have updated any systems to newer branches to avoid a disruption in security update coverage come June. Windows 10 1803 and 1809 and Server 1909 all received their final update on May Patch Tuesday 2021.

 

May Patch Tuesday Priorities:

  • Microsoft Exchange - due to the very public demonstration of the exploit during Pwn2Own this update should be considered a higher risk than the Moderate rating it received from Microsoft.
  • Windows Operating System and Internet Explorer – The OS and IE updates this month carried all four Critical CVEs that were resolved. These should also get more immediate attention.
  • Adobe Acrobat and Reader should be deployed quickly followed by Magento and Experience Manager. The priority 3 updates are not as urgent, but should be updated as testing allows.
  • Common Utilities and .NET and Visual Studio are less likely to be targeted, but due to the public disclosures they should not be ignored for long.

Explore the South Coast in Australia With These Outdoor Activities

arrow_forward

What Makes Shiatsu Massage Unique?

arrow_forward

What Can We Learn from Modern Art Exhibitions?

arrow_forward

The Conversation
INTERWEBS DIGITAL AGENCY

Business News

Top 3 Things to Consider When Finding the Best Amazon Marketing Agency

It is true that selling on Amazon is not a walk in the park - with intense competition and a big reputation, many sellers on the platform are finding themselves overworked simply trying to keep up...

Daily Bulletin - avatar Daily Bulletin

Marketing tips to help brands to be more present

Are you looking for marketing tips? Well, in this post we will share important marketing tips that can help the brand to be more present. A / B Test your shopping journey AB testing is  a scient...

Daily Bulletin - avatar Daily Bulletin

4 Things To Look For In A Customs Broker

Running a business entails the teamwork of many professionals. Some work within the four walls of the main business premises while others work outside. One of those who work in the field is a cust...

NewsServices.com - avatar NewsServices.com