
Η Microsoft κυκλοφόρησε χθες το Patch Tuesday Μαΐου 2021, το οποίο μεταξύ άλλων διορθώνει τρεις zero-day ευπάθειες, οπότε οι διαχειριστές των Windows θα πρέπει να εφαρμόσουν άμεσα τις ενημερώσεις ασφαλείας.
Δείτε επίσης: Microsoft: Η ενημέρωση των Windows 10 Μαΐου 2021 είναι σχεδόν έτοιμη
Με το νέο Patch Tuesday, η Microsoft διορθώνει συνολικά 55 ευπάθειες. Οι 4 έχουν θεωρηθεί κρίσιμες, οι 50 σημαντικές και η 1 μέτρια.
Microsoft Patch Tuesday Μαΐου 2021: Διόρθωση zero-day ευπαθειών
Οι τρεις zero-day ευπάθειες που διορθώνονται σε αυτό το patch, είχαν αποκαλυφθεί δημοσίως αλλά δεν ήταν γνωστό αν είχαν χρησιμοποιηθεί σε επιθέσεις.

Φυσικά, οι εγκληματίες του κυβερνοχώρου θα προσπαθήσουν να αναλύσουν τα patches για να δημιουργήσουν exploits για τις ευπάθειες, και ειδικά για εκείνη που επηρεάζει το Microsoft Exchange. Επομένως, είναι σημαντικό να εφαρμοστούν οι ενημερώσεις άμεσα.
Δείτε επίσης: Το Prometei botnet στοχεύει unpatched Microsoft Exchange servers!
Αυτό το μήνα, πολλές εταιρείες, όπως η Apple, η Adobe, η Cisco και η VMware έχουν κυκλοφορήσει, επίσης, ενημερώσεις ασφαλείας για τα προϊόντα τους.
Δείτε επίσης: Adobe: Διορθώνει ευπάθεια που χρησιμοποιούνταν ήδη από hackers
Microsoft Patch Tuesday Μαΐου 2021
Στον παρακάτω πίνακα, μπορείτε να δείτε όλες τις ευπάθειες που διορθώνει η Microsoft αυτό το μήνα:
Tag | CVE ID | CVE Title | Severity |
.NET Core & Visual Studio | CVE-2021-31204 | .NET and Visual Studio Elevation of Privilege Vulnerability | Important |
HTTP.sys | CVE-2021-31166 | HTTP Protocol Stack Remote Code Execution Vulnerability | Critical |
Internet Explorer | CVE-2021-26419 | Scripting Engine Memory Corruption Vulnerability | Critical |
Jet Red and Access Connectivity | CVE-2021-28455 | Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability | Important |
Microsoft Accessibility Insights for Web | CVE-2021-31936 | Microsoft Accessibility Insights for Web Information Disclosure Vulnerability | Important |
Microsoft Bluetooth Driver | CVE-2021-31182 | Microsoft Bluetooth Driver Spoofing Vulnerability | Important |
Microsoft Dynamics Finance & Operations | CVE-2021-28461 | Dynamics Finance and Operations Cross-site Scripting Vulnerability | Important |
Microsoft Exchange Server | CVE-2021-31195 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
Microsoft Exchange Server | CVE-2021-31209 | Microsoft Exchange Server Spoofing Vulnerability | Important |
Microsoft Exchange Server | CVE-2021-31207 | Microsoft Exchange Server Security Feature Bypass Vulnerability | Moderate |
Microsoft Exchange Server | CVE-2021-31198 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
Microsoft Graphics Component | CVE-2021-31170 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
Microsoft Graphics Component | CVE-2021-31188 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
Microsoft Office | CVE-2021-31176 | Microsoft Office Remote Code Execution Vulnerability | Important |
Microsoft Office Excel | CVE-2021-31175 | Microsoft Office Remote Code Execution Vulnerability | Important |
Microsoft Office Excel | CVE-2021-31177 | Microsoft Office Remote Code Execution Vulnerability | Important |
Microsoft Office Excel | CVE-2021-31179 | Microsoft Office Remote Code Execution Vulnerability | Important |
Microsoft Office Excel | CVE-2021-31178 | Microsoft Office Information Disclosure Vulnerability | Important |
Microsoft Office Excel | CVE-2021-31174 | Microsoft Excel Information Disclosure Vulnerability | Important |
Microsoft Office SharePoint | CVE-2021-28478 | Microsoft SharePoint Spoofing Vulnerability | Important |
Microsoft Office SharePoint | CVE-2021-31181 | Microsoft SharePoint Remote Code Execution Vulnerability | Important |
Microsoft Office SharePoint | CVE-2021-26418 | Microsoft SharePoint Spoofing Vulnerability | Important |
Microsoft Office SharePoint | CVE-2021-28474 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
Microsoft Office SharePoint | CVE-2021-31171 | Microsoft SharePoint Information Disclosure Vulnerability | Important |
Microsoft Office SharePoint | CVE-2021-31173 | Microsoft SharePoint Server Information Disclosure Vulnerability | Important |
Microsoft Office SharePoint | CVE-2021-31172 | Microsoft SharePoint Spoofing Vulnerability | Important |
Microsoft Office Word | CVE-2021-31180 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2021-31192 | Windows Media Foundation Core Remote Code Execution Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2021-28465 | Web Media Extensions Remote Code Execution Vulnerability | Important |
Microsoft Windows IrDA | CVE-2021-31184 | Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability | Important |
Open Source Software | CVE-2021-31200 | Common Utilities Remote Code Execution Vulnerability | Important |
Role: Hyper-V | CVE-2021-28476 | Hyper-V Remote Code Execution Vulnerability | Critical |
Skype for Business and Microsoft Lync | CVE-2021-26422 | Skype for Business and Lync Remote Code Execution Vulnerability | Important |
Skype for Business and Microsoft Lync | CVE-2021-26421 | Skype for Business and Lync Spoofing Vulnerability | Important |
Visual Studio | CVE-2021-27068 | Visual Studio Remote Code Execution Vulnerability | Important |
Visual Studio Code | CVE-2021-31214 | Visual Studio Code Remote Code Execution Vulnerability | Important |
Visual Studio Code | CVE-2021-31211 | Visual Studio Code Remote Code Execution Vulnerability | Important |
Visual Studio Code | CVE-2021-31213 | Visual Studio Code Remote Containers Extension Remote Code Execution Vulnerability | Important |
Windows Container Isolation FS Filter Driver | CVE-2021-31190 | Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | Important |
Windows Container Manager Service | CVE-2021-31168 | Windows Container Manager Service Elevation of Privilege Vulnerability | Important |
Windows Container Manager Service | CVE-2021-31169 | Windows Container Manager Service Elevation of Privilege Vulnerability | Important |
Windows Container Manager Service | CVE-2021-31208 | Windows Container Manager Service Elevation of Privilege Vulnerability | Important |
Windows Container Manager Service | CVE-2021-31165 | Windows Container Manager Service Elevation of Privilege Vulnerability | Important |
Windows Container Manager Service | CVE-2021-31167 | Windows Container Manager Service Elevation of Privilege Vulnerability | Important |
Windows CSC Service | CVE-2021-28479 | Windows CSC Service Information Disclosure Vulnerability | Important |
Windows Desktop Bridge | CVE-2021-31185 | Windows Desktop Bridge Denial of Service Vulnerability | Important |
Windows OLE | CVE-2021-31194 | OLE Automation Remote Code Execution Vulnerability | Critical |
Windows Projected File System FS Filter | CVE-2021-31191 | Windows Projected File System FS Filter Driver Information Disclosure Vulnerability | Important |
Windows RDP Client | CVE-2021-31186 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | Important |
Windows SMB | CVE-2021-31205 | Windows SMB Client Security Feature Bypass Vulnerability | Important |
Windows SSDP Service | CVE-2021-31193 | Windows SSDP Service Elevation of Privilege Vulnerability | Important |
Windows WalletService | CVE-2021-31187 | Windows WalletService Elevation of Privilege Vulnerability | Important |
Windows Wireless Networking | CVE-2020-24588 | Windows Wireless Networking Spoofing Vulnerability | Important |
Windows Wireless Networking | CVE-2020-24587 | Windows Wireless Networking Information Disclosure Vulnerability | Important |
Windows Wireless Networking | CVE-2020-26144 | Windows Wireless Networking Spoofing Vulnerability | Important |
Πηγή: Bleeping Computer