Cybersecurity Threat Advisory: Microsoft Patch Tuesday – May 2021

As part of our effort to inform our clients about potential and serious cybersecurity issues, MCP provides advisories about vulnerabilities and exploits that could threaten the operations of their critical communications networks. Sign up to receive these advisories in your inbox as soon as they are released.

This week there is a new critical alert that requires the mission-critical community’s immediate attention.

Advisory overview

Microsoft’s Patch Tuesday release for May 2021 includes a Windows update that will remediate a multitude of vulnerabilities. The update will patch 55 vulnerabilities; one is critical, 50 are important, and one is moderate. It also includes patches for three zero-day vulnerabilities that are identified below. MCP recommends updating all Windows machines to apply these patches and remediate the vulnerabilities.

What is the threat?

The notable zero vulnerabilities include the following:

• CVE-2021-31204 – .NET and Visual Studio Elevation of Privilege Vulnerability

This vulnerability existed in both .Net and Visual Studio and could have allowed cyberattackers to potentially escalate privileges. Privilege escalation attacks often allow cyberattackers to perform actions that they should not be allowed to perform, such as administrative actions.

• CVE-2021-31207 – Microsoft Exchange Server Security Feature Bypass Vulnerability

This vulnerability was used in the 2021 Pwn2Own hacking competition. Specific details of the exploit have not been disclosed in an effort to prevent cyberattackers from taking advantage of it; however, it has been patched in the most recent Windows update.

• CVE-2021-31200 – Common Utilities Remote Code Execution Vulnerability

This vulnerability existed in the Microsoft Neural Network Intelligence toolkit. It could allow attackers to execute potentially malicious arbitrary commands or code on a device.

None of these zero-day vulnerabilities are reported to have been exploited in the wild.

Why is this noteworthy?

Thousands of individuals and businesses use and trust Microsoft products, many of which run the Windows operating system. Microsoft products are integrated into everyday business worldwide; consequently, cyberattackers always are looking to target Microsoft devices. This is because the scope for potential targets on which they could exploit vulnerabilities is incredibly large due to the amount of Microsoft devices, which exist inside the vast majority of businesses. It is very important to keep these devices updated regularly, because these patches are developed specifically to prevent these vulnerabilities from being exploited.

What is the exposure?

The zero-day exploits identified above, along with some of the vulnerabilities noted in the links below, could allow attackers to escalate privileges, bypass authentication or execute remote code, amongst other potential threats. These vulnerabilities could lead to several possible compromises, such as denial-of-service attacks and even complete system compromises. This could enable cyberattackers to execute arbitrary system commands and create or delete files. Many companies rely on sensitive data stored on their Windows machines remaining private, and on the ability to use these machines to conduct everyday business. These vulnerabilities put these expectations at potential risk if they are exploited by cyberattackers, so it is very important to ensure that they are patched.

What are the recommendations?

Microsoft has released Windows updates KB5003169 and KB5003173, which address these vulnerabilities. MCP highly recommends downloading these updates to enable patches to be applied.

For more in-depth information about the recommendations, please visit the following links:

• https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2021-patch-tuesday-fixes-55-flaws-3-zero-days/
• https://www.infosecurity-magazine.com/news/microsoft-exchange-server-zeroday/
• https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/May-2021.html

If you are looking for guidance, please reach out. MCP offers a comprehensive cybersecurity solutions suite that is designed specifically for public-safety and justice entities and other critical-infrastructure organizations, to help them determine their network, data, and application vulnerabilities. We can help you develop a complete cyberattack prevention strategy. Contact us today to learn more.