May 18, 2021

Latest Microsoft Windows Updates Patch Dozens of Security Flaws

The Hacker News (THN) posts a blog about the latest Microsoft Windows Updates that patch dozes of security flaws with Microsoft has scheduled to release for 55 security flaws affecting Windows, Exchange Server, Internet Explorer, Office, Hyper-V, Visual Studio, and Skype for Business.

Here's the quick analysis of a few that highlighted in the blog post.

 [ CVE Description ]
 [*] CVE_ID : CVE-2021-31166
 [_] Desc   : HTTP Protocol Stack Remote Code Execution Vulnerability

 [_] C:2021-04-14 / P:2021-05-11 / L:2021-05-14
 [*] Vuln Risk           : 53.4037
 [*] Exploited [trend]   : 0 [holding]  [RCE]
 [_] Exploit/likehood    : False/3.0235% confidence

 [*] Malware sample : 0
 [*] Exploits/POC   : [1]
 [_] Fixes          : [3]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 7.5 / 9.8 ]

 [_] Vuln Products  : [4]

[ CVE Malware Family Info : None ]

[ CVE Chatter Info : 28 ]


[ CVE Description ]
 [*] CVE_ID : CVE-2021-28476
 [_] Desc   : Hyper-V Remote Code Execution Vulnerability

 [_] C:2021-03-15 / P:2021-05-11 / L:2021-05-14
 [*] Vuln Risk           : 30.59
 [*] Exploited [trend]   : 0 [holding]  [RCE]
 [_] Exploit/likehood    : False/1.8544% confidence

 [*] Malware sample : 0
 [*] Exploits/POC   : [0]
 [_] Fixes          : [2]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 6.5 / 9.9 ]

 [_] Vuln Products  : [18]

[ CVE Malware Family Info : None ]

[ CVE Chatter Info : 10 ]


[ CVE Description ]
 [*] CVE_ID : CVE-2021-26419
 [_] Desc   : Scripting Engine Memory Corruption Vulnerability

 [_] C:2021-01-30 / P:2021-05-11 / L:2021-05-17
 [*] Vuln Risk           : 26.5164
 [*] Exploited [trend]   : 0 [holding]
 [_] Exploit/likehood    : False/12.1532% confidence

 [*] Malware sample : 0
 [*] Exploits/POC   : [0]
 [_] Fixes          : [2]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 7.6 / 7.5 ]

 [_] Vuln Products  : [2]

[ CVE Malware Family Info : None ]

[ CVE Chatter Info : 8 ]


[ CVE Description ]
 [*] CVE_ID : CVE-2021-31207
 [_] Desc   : Microsoft Exchange Server Security Feature Bypass Vulnerability

 [_] C:2021-04-14 / P:2021-05-11 / L:2021-05-18
 [*] Vuln Risk           : 27.8091
 [*] Exploited [trend]   : 0 [holding]
 [_] Exploit/likehood    : False/0.8183% confidence

 [*] Malware sample : 0
 [*] Exploits/POC   : [0]
 [_] Fixes          : [2]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 6.5 / 7.2 ]

 [_] Vuln Products  : [5]

[ CVE Malware Family Info : None ]

[ CVE Chatter Info : 10 ]


[ CVE Description ]
 [*] CVE_ID : CVE-2021-31195
 [_] Desc   : Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31198.

 [_] C:2021-04-14 / P:2021-05-11 / L:2021-05-17
 [*] Vuln Risk           : 29.6687
 [*] Exploited [trend]   : 0 [holding]  [RCE]
 [_] Exploit/likehood    : False/9.7243% confidence

 [*] Malware sample : 0
 [*] Exploits/POC   : [0]
 [_] Fixes          : [2]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 6.8 / 8.8 ]

 [_] Vuln Products  : [5]

[ CVE Malware Family Info : None ]

[ CVE Chatter Info : 3 ]


[ CVE Description ]
 [*] CVE_ID : CVE-2021-31198
 [_] Desc   : Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31195.

 [_] C:2021-04-14 / P:2021-05-11 / L:2021-05-18
 [*] Vuln Risk           : 29.6687
 [*] Exploited [trend]   : 0 [holding]  [RCE]
 [_] Exploit/likehood    : False/9.7243% confidence

 [*] Malware sample : 0
 [*] Exploits/POC   : [0]
 [_] Fixes          : [2]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 6.8 / 7.8 ]

 [_] Vuln Products  : [5]

[ CVE Malware Family Info : None ]

[ CVE Chatter Info : None ]


[ CVE Description ]
 [*] CVE_ID : CVE-2021-31209
 [_] Desc   : Microsoft Exchange Server Spoofing Vulnerability

 [_] C:2021-04-14 / P:2021-05-11 / L:2021-05-19
 [*] Vuln Risk           : 20.3933
 [*] Exploited [trend]   : 0 [holding]
 [_] Exploit/likehood    : False/1.3769% confidence

 [*] Malware sample : 0
 [*] Exploits/POC   : [0]
 [_] Fixes          : [2]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 5.8 / 8.1 ]

 [_] Vuln Products  : [5]

[ CVE Malware Family Info : None ]

[ CVE Chatter Info : None ]

[ High_Profile_Vulnerability ]
 [!!!]   CVE-2021-31166 (53.4037) : ['hpv_poc']
 [!!!]   CVE-2021-28476 (30.59) : []
 [!!!]   CVE-2021-26419 (26.5164) : []
 [!!!]   CVE-2021-31207 (27.8091) : []
 [!!!]   CVE-2021-31195 (29.6687) : []
 [!!!]   CVE-2021-31198 (29.6687) : []
 [!!!]   CVE-2021-31209 (20.3933) : []


 ** [5] threads completed [21 tasks] / [40.55 KB] within [14.45 sec].


Links:

  • https://thehackernews.com/2021/05/latest-microsoft-windows-updates-patch.html