Dealer Threat Advisory 14-21: Microsoft Patch Tuesday, May 2021

THREAT UPDATE

Microsoft’s Patch Tuesday release for May 2021 comes with a Windows update that will remediate a multitude of vulnerabilities. The update will patch 55 vulnerabilities, one of which is critical, 50 important, and one moderate. It also includes patches for three zero-day vulnerabilities; CVE-2021-31204 – .NET and Visual Studio Elevation of Privilege Vulnerability, CVE-2021-31207 – Microsoft Exchange Server Security Feature Bypass Vulnerability, and CVE-2021-31200 – Common Utilities Remote Code Execution Vulnerability. rocketwise recommends updating all Windows machines in order to apply these patches and remediate the vulnerabilities.

TECHNICAL DETAIL & ADDITIONAL INFORMATION

WHAT IS THE THREAT?

There are 55 vulnerabilities that were patched with these recent Windows updates, which included three notable zero vulnerabilities.

CVE-2021-31204 – .NET and Visual Studio Elevation of Privilege Vulnerability

• This vulnerability existed in both .Net and Visual Studio and could have allowed attackers to potentially escalate privileges. Privilege escalation attacks often allow attackers to perform actions they should not be allowed to perform, such as administrative actions.

CVE-2021-31207 – Microsoft Exchange Server Security Feature Bypass Vulnerability

• This vulnerability was used in the 2021 Pwn2Own hacking competition. Specific details of the exploit have not yet been disclosed in an effort to prevent malicious actors from taking advantage of it, however it has been patched in the most recent Windows update.

CVE-2021-31200 – Common Utilities Remote Code Execution Vulnerability

• This vulnerability existed in the Microsoft Neural Network Intelligence toolkit. It could allow attackers to execute potentially malicious arbitrary commands or code on a device.

None of these zero-day vulnerabilities are reported to have been exploited in the wild.

WHY IS IT NOTEWORTHY?

Thousands of individuals and dealerships use and trust Microsoft products, many of which run Windows. Microsoft products are integrated into everyday businesses worldwide, and as a result of that, attackers will always be looking to target Microsoft devices. This is because the scope for potential targets on which they could exploit vulnerabilities is so large due to the amount of Microsoft devices which exist inside all these businesses. It is very important to keep these devices updated regularly, as these patches are made specifically to prevent these vulnerabilities from being exploited.

WHAT IS THE EXPOSURE OR RISK?

The zero-day exploits listed above, along with some of the vulnerabilities listed in the links below, could potentially allow attackers to escalate privileges, bypass authentication or execute remote code, amongst other potential threats. These vulnerabilities could lead to several possible compromises, such as denial of service attacks, and even complete system compromises. This could enable attackers to execute arbitrary system commands and create or delete files. Many companies rely on sensitive data stored on their Windows machines remaining private and being able to use these machines to conduct everyday business. These vulnerabilities put these expectations at potential risk if they are exploited by attackers, so it is very important to ensure that they are patched.

WHAT ARE THE RECOMMENDATIONS?

Microsoft has released Windows updates “KB5003169 & KB5003173” which address these vulnerabilities. rocketwise highly recommends downloading these updates, to allow for patches to be applied.

REFERENCES

For more in-depth information about the recommendations, please visit the following links:

• https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2021-patch-tuesday-fixes-55-flaws-3-zero-days/
• https://www.infosecurity-magazine.com/news/microsoft-exchange-server-zeroday/
• https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/May-2021.html

If you have any questions, please contact us.