Don't delay installing your Windows 10 May Patch Tuesday update - it fixes 3 Zero-day exploits
2 min. read
Updated on
Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more
There is always a debate about whether it is best to delay installing the monthly Windows 10 Cumulative Update to allow others to discover its bugs, or whether one should install it immediately to get the fixes as soon as possible.
This month the news that the update fixes 55 recently discovered flaws , including 4 classified as critical and three Zero-Day Exploits may help tip the balance.
Those are:
CVE-2021-31204
CVE-2021-31204 is a vulnerability that impacts .NET and Visual Studio and could allow a successful attacker to elevate their permissions. Microsoft has released patches for Microsoft Visual Studio 2019 for Windows and macOS as well as .NET 5.0 and .NET Core 3.1. Microsoft indicates that while this has been publicly disclosed, it has not been exploited in the wild. There are additional details regarding this vulnerability available on the dotnet github page.
Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.
CVE-2021-31207
CVE-2021-31207 is a Microsoft Exchange Server vulnerability. On this occasion, it is a security feature bypass discovered during PWN2OWN 2021.
Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.
CVE-2021-31200
This code execution vulnerability is found in Neural Network Intelligence (NNI), an open-source tool for managing AutoML experiments. Since it is an open-source project, you can see the code change that was made to resolve this vulnerability.
Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.
Read the rest of thePatch Tuesday changelog here, and install the update by Checking for Updates in Settings.
User forum
0 messages