VERT Threat Alert: May 2021 Patch Tuesday Analysis

VERT Threat Alert: May 2021 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s May 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-943 on Wednesday, May 12th.In-The-Wild & Disclosed CVEsCVE-2021-31204Up first in the list this month, we have a vulnerability that impacts .NET and Visual Studio and could allow a successful attacker to elevate their permissions. We see patches for Microsoft Visual Studio 2019 for Windows and macOS as well as .NET 5.0 and .NET Core 3.1. Microsoft indicates that while this has been publicly disclosed, it has not been exploited in the wild. There are additional details regarding this vulnerability available on the dotnet github page.Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.CVE-2021-31207Once again, we have a Microsoft Exchange Server vulnerability in the patch round-up. This time, it is a security feature bypass and is one of the Exchange vulnerabilities that was found during PWN2OWN 2021.Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.CVE-2021-31200This code execution vulnerability is found in Neural Network Intelligence (NNI), an open-source tool for managing AutoML experiments. Since it is an open-source project, you can see the threat alert patch tuesday analysis