Exploits & Vulnerabilities
May Patch Tuesday Offers Relative Respite
Compared to the previous months of 2021, this month’s Patch Tuesday cycle is a slight lull. Only 55 vulnerabilities were fixed this month, with only four of these classified as Critical.
Compared to the previous months of 2021, this month’s Patch Tuesday cycle is a slight lull. Only 55 vulnerabilities were fixed this month, with only four of these classified as Critical. One fell under the rarely used Moderate category, while the remaining 50 were classified as Important. A significant number of these vulnerabilities — 13 in total — were submitted via the Zero Day Initiative (ZDI).
Critical Vulnerabilities: HTTP Protocol Stack Vulnerability
The most serious of the Critical vulnerabilities is CVE-2021-31166, which is a vulnerability in the HTTP protocol stack. An attacker could execute code on a system set up to function as an HTTP server merely by sending a specially crafted packet to it. This may not sound too bad, but even client versions of Windows can be set up as an HTTP server.
Unsurprisingly, this has merited an “Exploitation More Likely” assessment from Microsoft. As there is no real way to prevent this threat without patching, doing so must be a high-priority task for IT administrators.
Important Vulnerabilities: Microsoft Exchange, Office, and SharePoint all at risk
The 44 Important vulnerabilities show a reduction in raw numbers from previous months. However, because the vulnerabilities still cover a wide variety of Microsoft products, IT administrators still cannot afford to become less vigilant. In particular, Microsoft Exchange, Office, and SharePoint all have vulnerabilities that were fixed this month. Some of these Exchange vulnerabilities were as a result of recent Pwn2Own submissions, but future patches are a certainty as not all of those submissions have been resolved.
Somewhat more unusually, the Windows Container Manager also received multiple patches. Networking features such as RDP and SMB also received fixes this month.
Trend Micro Solutions
A proactive, multilayered approach to security is key against threats that exploit vulnerabilities — from the gateway, endpoints, networks, and servers.
The Trend Micro™ Deep Security™ solution provides network security, system security, and malware prevention. Combined with Vulnerability Protection, it can protect user systems from a wide range of upcoming threats that might target vulnerabilities. Both solutions protect users from exploits that target these vulnerabilities via the following rules:
- 1010946 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2021-26419)
- 1010947 - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-31181)
- 1010949 - Microsoft Windows HTTP Protocol Stack Remote Code Execution Vulnerability (CVE-2021-31166)
TippingPoint® Next-Generation Intrusion Prevention System (NGIPS) is a network traffic solution that uses comprehensive and contextual awareness analysis for advanced threats that exploit vulnerabilities.
TippingPoint protects customers through the following rules:
- 39664 - HTTP: Microsoft Windows Script Engine Argument Length Memory Corruption Vulnerability