Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing

        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing

        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing

        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing

        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training

        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing

        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review

        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention

        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise

        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle

        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

I'VE BEEN BREACHED

Microsoft May 2021 Patch Tuesday Fixes 55 Flaws, 3 Zero-days

Microsoft May 2021 Patch Tuesday Fixes 55 Flaws, 3 Zero-days

Today is Microsoft’s May 2021 Patch Tuesday, and with it comes three zero-day vulnerabilities, so Windows admins will be rushing to apply updates. 

With today’s update, Microsoft has fixed 55 vulnerabilities, with four classified as Critical, 50 as Important, and one as Moderate.

The three zero-day vulnerabilities patched today were publicly disclosed but not known to be used in attacks.

For information about the non-security Windows updates, you can read about today’s Windows 10 KB5003169 & KB5003173 cumulative updates.

Three zero-day vulnerabilities fixed

As part of today’s Patch Tuesday, Microsoft has fixed three publicly disclosed vulnerabilities.

The following four vulnerabilities Microsoft states were publicly exposed but not exploited:

  • CVE-2021-31204 – .NET and Visual Studio Elevation of Privilege Vulnerability
  • CVE-2021-31207 – Microsoft Exchange Server Security Feature Bypass Vulnerability
  • CVE-2021-31200 – Common Utilities Remote Code Execution Vulnerability

Also Read: What You Should Know About The Data Protection Obligation Singapore

The CVE-2021-31200 vulnerability is for Microsoft’s NNI (Neural Network Intelligence) toolkit. This vulnerability was disclosed by Abhiram V of Resec System in a GitHub commit.

The CVE-2021-31207 Microsoft Exchange vulnerability was used by in the 2021 Pwn2Own hacking challenge. It is not clear if it is the vulnerability disclosed by Devcore or Team Viettel.

None of today’s zero-days are known to be actively exploited in the wild. 

It is expected that threat actors will analyze the patches to create exploits for the vulnerabilities, especially the one for Microsoft Exchange. Therefore it is vital to apply the security updates as soon as possible.

Recent updates from other companies

Other vendors who released updates in May include:

The May 2021 Patch Tuesday Security Updates

Below is the full list of resolved vulnerabilities and released advisories in the May 2021 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

Also Read: The Difference Between GDPR And PDPA Under 10 Key Issues

TagCVE IDCVE TitleSeverity
.NET Core & Visual StudioCVE-2021-31204.NET and Visual Studio Elevation of Privilege VulnerabilityImportant
HTTP.sysCVE-2021-31166HTTP Protocol Stack Remote Code Execution VulnerabilityCritical
Internet ExplorerCVE-2021-26419Scripting Engine Memory Corruption VulnerabilityCritical
Jet Red and Access ConnectivityCVE-2021-28455Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution VulnerabilityImportant
Microsoft Accessibility Insights for WebCVE-2021-31936Microsoft Accessibility Insights for Web Information Disclosure VulnerabilityImportant
Microsoft Bluetooth DriverCVE-2021-31182Microsoft Bluetooth Driver Spoofing VulnerabilityImportant
Microsoft Dynamics Finance & OperationsCVE-2021-28461Dynamics Finance and Operations Cross-site Scripting VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-31195Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-31209Microsoft Exchange Server Spoofing VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-31207Microsoft Exchange Server Security Feature Bypass VulnerabilityModerate
Microsoft Exchange ServerCVE-2021-31198Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2021-31170Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2021-31188Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2021-31176Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-31175Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-31177Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-31179Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-31178Microsoft Office Information Disclosure VulnerabilityImportant
Microsoft Office ExcelCVE-2021-31174Microsoft Excel Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2021-28478Microsoft SharePoint Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2021-31181Microsoft SharePoint Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-26418Microsoft SharePoint Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2021-28474Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-31171Microsoft SharePoint Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2021-31173Microsoft SharePoint Server Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2021-31172Microsoft SharePoint Spoofing VulnerabilityImportant
Microsoft Office WordCVE-2021-31180Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-31192Windows Media Foundation Core Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-28465Web Media Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows IrDACVE-2021-31184Microsoft Windows Infrared Data Association (IrDA) Information Disclosure VulnerabilityImportant
Open Source SoftwareCVE-2021-31200Common Utilities Remote Code Execution VulnerabilityImportant
Role: Hyper-VCVE-2021-28476Hyper-V Remote Code Execution VulnerabilityCritical
Skype for Business and Microsoft LyncCVE-2021-26422Skype for Business and Lync Remote Code Execution VulnerabilityImportant
Skype for Business and Microsoft LyncCVE-2021-26421Skype for Business and Lync Spoofing VulnerabilityImportant
Visual StudioCVE-2021-27068Visual Studio Remote Code Execution VulnerabilityImportant
Visual Studio CodeCVE-2021-31214Visual Studio Code Remote Code Execution VulnerabilityImportant
Visual Studio CodeCVE-2021-31211Visual Studio Code Remote Code Execution VulnerabilityImportant
Visual Studio CodeCVE-2021-31213Visual Studio Code Remote Containers Extension Remote Code Execution VulnerabilityImportant
Windows Container Isolation FS Filter DriverCVE-2021-31190Windows Container Isolation FS Filter Driver Elevation of Privilege VulnerabilityImportant
Windows Container Manager ServiceCVE-2021-31168Windows Container Manager Service Elevation of Privilege VulnerabilityImportant
Windows Container Manager ServiceCVE-2021-31169Windows Container Manager Service Elevation of Privilege VulnerabilityImportant
Windows Container Manager ServiceCVE-2021-31208Windows Container Manager Service Elevation of Privilege VulnerabilityImportant
Windows Container Manager ServiceCVE-2021-31165Windows Container Manager Service Elevation of Privilege VulnerabilityImportant
Windows Container Manager ServiceCVE-2021-31167Windows Container Manager Service Elevation of Privilege VulnerabilityImportant
Windows CSC ServiceCVE-2021-28479Windows CSC Service Information Disclosure VulnerabilityImportant
Windows Desktop BridgeCVE-2021-31185Windows Desktop Bridge Denial of Service VulnerabilityImportant
Windows OLECVE-2021-31194OLE Automation Remote Code Execution VulnerabilityCritical
Windows Projected File System FS FilterCVE-2021-31191Windows Projected File System FS Filter Driver Information Disclosure VulnerabilityImportant
Windows RDP ClientCVE-2021-31186Windows Remote Desktop Protocol (RDP) Information Disclosure VulnerabilityImportant
Windows SMBCVE-2021-31205Windows SMB Client Security Feature Bypass VulnerabilityImportant
Windows SSDP ServiceCVE-2021-31193Windows SSDP Service Elevation of Privilege VulnerabilityImportant
Windows WalletServiceCVE-2021-31187Windows WalletService Elevation of Privilege VulnerabilityImportant
Windows Wireless NetworkingCVE-2020-24588Windows Wireless Networking Spoofing VulnerabilityImportant
Windows Wireless NetworkingCVE-2020-24587Windows Wireless Networking Information Disclosure VulnerabilityImportant
Windows Wireless NetworkingCVE-2020-26144Windows Wireless Networking Spoofing VulnerabilityImportant

0 Comments

Let us help you out.

Grab your free consultation NOW!

Privacy Ninja

Data Protection​

Cybersecurity

Support

Company

Locations

Singapore

7 Temasek Boulevard
#12-07, Suntec Tower One
Singapore 038987

Thailand

The Royal Place 1
2, 2/399 Mahatlek Luang 1 Alley, Lumphini, Pathum Wan, Bangkok 10330, Thailand



email-icon
Facebook Twitter Linkedin Youtube

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
TALK TO US
×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

× Chat with us