Hear what Automox Patch Tuesday experts have to say about this month’s Patch Tuesday releases. You can view a full list of the latest patches and updates from Microsoft and other third-party applications in our Patch Tuesday Index.
Overview
Microsoft's May Patch Tuesday saw 55 security fixes compared to 108 tallied in the month of April. We are currently tracking 4 critical vulnerabilities, none of which are being exploited in the wild to the best of our knowledge and vendor communications. While that may be true for Microsoft, multiple browser related vulnerabilities exist that should be addressed immediately with Chrome and Firefox. In the news, attacks by the DarkSide hacker group on commercial pipeline infrastructure demonstrate the vitality of cyber security hygiene by virtue of the fact that the assault disrupted 46% of East Coast fuel supply-chain.
Eric Feldman - CVE-2021-26419 - Scripting Engine Memory Corruption Vulnerability
CVE-2021-26419 is a critical remote code execution vulnerability that impacts Internet Explorer 11 and 9 running on multiple versions of Microsoft Windows and Windows Server. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. Automox recommends prioritization in applying this patch, or upgrading to a more modern browser if possible.
Eric Feldman - CVE-2021-31166 - HTTP Protocol Stack Remote Code Execution Vulnerability
This is a remote code execution vulnerability that impacts some versions of Windows 10 32-bit and 64-bit, and some versions of Windows Server. The HTTP Protocol Stack enables Windows and applications to communicate with other devices. If exploited, this vulnerability could enable an unauthenticated attacker to send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets and ultimately, execute arbitrary code, and take control of the affected system. There is no workaround and Automox recommends prioritizing the patching of affected servers.
Justin Knapp - CVE-2021-31194 - OLE Automation Remote Code Execution Vulnerability
CVE-2021-31194 is another critical security flaw in Microsoft Windows Object Linking and Embedding (OLE) Automation that could lead to remote code execution on the victim system if exploited successfully. To exploit the vulnerability, an attacker could host a specially crafted website designed to invoke OLE automation through a web browser. However, this approach requires that the attacker bait a user into visiting the maliciously crafted website. OLE technology has frequently been utilized in the past by hackers for multiple reasons, including masking malicious code within documents and linking to external files that infect systems with malware. In 2020, the CISA released an alert detailing the top 10 routinely exploited vulnerabilities, which identified Microsoft’s OLE as the most commonly exploited technology by state-sponsored cyber actors. Considering the prevalent exploitation of OLE vulnerabilities, including those that had been flagged years ago, organizations should immediately prioritize patching all outstanding OLE vulnerabilities.
Justin Knapp - CVE-2021-28476 - Hyper-V Remote Code Execution Vulnerability
CVE-2021-28476 is a critical remote code execution (RCE) vulnerability that exists within Microsoft Windows Hyper-V, a native hypervisor that can create and run virtual machines on x86-64 systems running Windows. To exploit this vulnerability, an attacker could run a specially crafted application on a Hyper-V guest that could cause the Hyper-V host operating system to execute arbitrary code when it fails to properly validate vSMB packet data. Successful exploitation could enable an attacker to run malicious binaries on Hyper-V virtual machines or execute arbitrary code on the host system itself. The security flaw affects an extensive list of Windows and Windows Server versions and should be prioritized to account for the critical severity rating and low attack complexity.
Jay Goodman - Adobe Security Bulletins
Adobe released a trove of 12 new security bulletins with 9 critical updates covering 25 critical CVEs. The vulnerabilities cover a wide range of Adobe’s portfolio, including Acrobat, Illustrator, and a large portion of the Creative Cloud Suite. There are 10 critical vulnerabilities in Adobe Acrobat and Reader alone, including many that affect arbitrary code execution and privilege escalation concerns. Arbitrary Code Execution, or ACE, is a vulnerability that can lead to an attacker executing code on the target system with the existing privileges of the active user. Combined with the privilege escalation vulnerability disclosed in the same versions of Acrobat & Reader, attackers could easily exploit the out-of-bounds read/write vulnerabilities and provide privilege escalation to the executed code. This is a particularly nefarious combination of vulnerabilities in an extremely common piece of software. The vulnerabilities cover many versions dating back to 2017. As always, patching critical vulnerabilities within the ever-important first 72 hours is vital to maintaining a safe and secure infrastructure. We recommend all Adobe customers quickly patch and remediate this rather large set of disclosures as soon as possible to maintain proper cyber hygiene.
About Automox Automated Patch Management
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, macOS, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.