By Jon Munshaw, with contributions from Edmund Brumaghin.
Microsoft released its monthly security update Tuesday, disclosing 51 vulnerabilities across its suite of products, breaking last month’s 16-month record of the fewest vulnerabilities disclosed in a month by the company.
There are only four critical vulnerabilities patched in this month, while all the other ones are considered “important.” However, there are several vulnerabilities that Microsoft states are being actively exploited in the wild.
This month’s security update provides updates for several pieces of software and Windows functions, including SharePoint Server, the Windows kernel and Outlook. For a full rundown of these CVEs, head to Microsoft’s security update page.
Two of the vulnerabilities Microsoft disclosed today are related to a separate vulnerability in Adobe Acrobat Reader. Microsoft released fixes for CVE-2021-31199 and CVE-2021-31201 in its Enhanced Cryptographic Provider. An attacker could elevate their privileges on the targeted system if they trick a user into opening a specially crafted PDF file in a vulnerable version of Adobe Acrobat or Adobe Reader while the software is running on an affected version of Windows. Microsoft stated in its advisories that it’s seen these vulnerabilities be exploited in the wild.