Daily Bulletin

Technology

  • Written by Chris Goettl, Senior Director of Product Management, Security at Ivanti

There are a number of Publicly Disclosed vulnerabilities and one Zero Day exploit this month across Microsoft and Adobe. Microsoft has resolved 55 vulnerabilities, four of which are rated as Critical. The top concern from the Microsoft updates this month is the update for Microsoft Exchange that includes the fix for CVE-2021-31207, which made its debut in the 2021 Pwn2Own competition. There are two other publicly disclosed vulnerabilities resolved by Microsoft this month in Common Utilities found in the NNI open source toolkit (CVE-2021-31200), and in .NET and Visual Studio (CVE-2021-31204)

 

Microsoft Exchange Admins have had a rough stretch in the past few months starting with the zero day exploits targeted by HAFNIUM followed by the April Exchange update resolving four NSA discovered vulnerabilities, and with the May update we are seeing the first of several vulnerabilities that were showcased in Pwn2Own getting to resolution. CVE-2021-31207 is only rated as Moderate, but the Security Feature Bypass exploit was showcased prominently in the Pwn2Own contest and at some point details of the exploit will be published. At that point threat actors will be able to take advantage of the vulnerability if they have not already begun attempting to reverse engineer an exploit.

 

There are two other publicly disclosed vulnerabilities resolved by Microsoft this month. CVE-2021-31200 is a Remote Code Execution vulnerability in Common Utilities, which is a python script from the NNI (Neural Network Intelligence) open source toolkit, and CVE-2021-31204 which is a Elevation of Privilege vulnerability in .NET and Visual Studio. Both Publicly Disclosed vulnerabilities are rated as Important, but the disclosure puts them at a higher risk of being exploited.

 

Adobe has released 12 updates for May Patch Tuesday. These updates resolve 42 unique CVEs, 16 of which are rated as critical and one is actively being exploited in targeted attacks (CVE-2021-28550). Adobe Acrobat and Reader (APSB21-29) is a priority 1 update indicating it resolves a vulnerability that is actively being exploited. The updates for Adobe Magento (APSB21-30) and Adobe Experience Manager (APSB21-15) are rated priority 2 by Adobe. The updates for Adobe InDesign, Illustrator, InCopy, Adobe Creative Cloud Desktop Application, Animate, and Medium are rated as priority 3, but do include Critical vulnerabilities. The remainder of Adobe’s releases are rated priority 3 and include updates for vulnerabilities rated as Important.

 

On a side topic, this month marks the final update for several Windows 10 and Server editions, so make sure you have updated any systems to newer branches to avoid a disruption in security update coverage come June. Windows 10 1803 and 1809 and Server 1909 all received their final update on May Patch Tuesday 2021.

 

May Patch Tuesday Priorities:

  • Microsoft Exchange - due to the very public demonstration of the exploit during Pwn2Own this update should be considered a higher risk than the Moderate rating it received from Microsoft.
  • Windows Operating System and Internet Explorer – The OS and IE updates this month carried all four Critical CVEs that were resolved. These should also get more immediate attention.
  • Adobe Acrobat and Reader should be deployed quickly followed by Magento and Experience Manager. The priority 3 updates are not as urgent, but should be updated as testing allows.
  • Common Utilities and .NET and Visual Studio are less likely to be targeted, but due to the public disclosures they should not be ignored for long.

Fitzgibbon is quitting politics but this doesn't mean Albanese can party

arrow_forward

When COVID patients are intubated in ICU, the trauma can stay with them long after this breathing emergency

arrow_forward

Back to the Rafters review: series reboot is full of heart and reflects changing times

arrow_forward

The Conversation
INTERWEBS DIGITAL AGENCY

Business News

Why PPC Matters For Small Businesses in 2021

When it comes to PPC advertising, being creative isn't enough to acquire favourable top positions and results. Instead, PPC necessitates extensive study and experimentation and an understanding of...

NewsServices.com - avatar NewsServices.com

3 Keys to Help You Find the Perfect Business Phone Number

Every business needs a phone number that a potential customer can contact. This can change the game for your business and put you ahead of competitors. The 1300 number availability in Australia is g...

NewsServices.com - avatar NewsServices.com

Benefits of Using a Client Portal in Your Business

A client portal is a gateway for your clients to collaborate with team members in your business. Users are given access to various digital files, information, and communication through the use of ...

Daily Bulletin - avatar Daily Bulletin