Microsoft Security Bulletin Coverage for May 2021

May 11, 2021

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of May 2021. A list of issues reported, along with SonicWall coverage information is as follows:

CVE-2021-26419 Scripting Engine Memory Corruption Vulnerability
IPS 15554:Scripting Engine Memory Corruption Vulnerability (CVE-2021-26419)

CVE-2021-31166 HTTP Protocol Stack Remote Code Execution Vulnerability
IPS 15553:Windows HTTP Protocol Stack Remote Code Execution 3

CVE-2021-31170 Windows Graphics Component Elevation of Privilege Vulnerability
ASPY 180:Malformed-File exe.MP.180

CVE-2021-31181 Microsoft SharePoint Remote Code Execution Vulnerability
ASPY 181:Malformed-File exe.MP.181

CVE-2021-31188 Windows Graphics Component Elevation of Privilege Vulnerability
ASPY 182:Malformed-File exe.MP.182

Adobe Coverage:
CVE-2021-28550 Acrobat Reader Use After Free Vulnerability
ASPY 183:Malformed-File pdf.MP.473

CVE-2021-28560 Acrobat Reader Heap-based Buffer Overflow Vulnerability
ASPY 184:Malformed-File pdf.MP.474

The following vulnerabilities do not have exploits in the wild :

CVE-2020-24587 Windows Wireless Networking Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-24588 Windows Wireless Networking Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-26144 Windows Wireless Networking Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-26418 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-26421 Skype for Business and Lync Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-26422 Skype for Business and Lync Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-27068 Visual Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28455 Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28461 Dynamics Finance and Operations Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2021-28465 Web Media Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28474 Microsoft SharePoint Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28476 Hyper-V Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28478 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-28479 Windows CSC Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-31165 Windows Container Manager Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-31167 Windows Container Manager Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-31168 Windows Container Manager Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-31169 Windows Container Manager Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-31171 Microsoft SharePoint Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-31172 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-31173 Microsoft SharePoint Server Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-31174 Microsoft Excel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-31175 Microsoft Office Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-31176 Microsoft Office Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-31177 Microsoft Office Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-31178 Microsoft Office Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-31179 Microsoft Office Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-31180 Microsoft Office Graphics Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-31182 Microsoft Bluetooth Driver Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-31184 Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-31185 Windows Desktop Bridge Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-31186 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-31187 Windows WalletService Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-31190 Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-31191 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-31192 Windows Media Foundation Core Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-31193 Windows SSDP Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-31194 OLE Automation Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-31195 Microsoft Exchange Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-31198 Microsoft Exchange Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-31200 Common Utilities Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-31204 .NET and Visual Studio Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-31205 Windows SMB Client Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2021-31207 Microsoft Exchange Server Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2021-31208 Windows Container Manager Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-31209 Microsoft Exchange Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-31211 Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-31213 Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-31214 Visual Studio Code Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-31936 Microsoft Accessibility Insights for Web Information Disclosure Vulnerability
There are no known exploits in the wild.