Don't delay installing your Windows 10 May Patch Tuesday update - it fixes 3 Zero-day exploits

Reading time icon 2 min. read


Readers help support MSPoweruser. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help MSPoweruser effortlessly and without spending any money. Read more

network hacked

There is always a debate about whether it is best to delay installing the monthly Windows 10 Cumulative Update to allow others to discover its bugs, or whether one should install it immediately to get the fixes as soon as possible.

This month the news that the update fixes 55 recently discovered flaws , including 4 classified as critical and three Zero-Day Exploits may help tip the balance.

Those are:

CVE-2021-31204

CVE-2021-31204  is a vulnerability that impacts .NET and Visual Studio and could allow a successful attacker to elevate their permissions. Microsoft has released patches for Microsoft Visual Studio 2019 for Windows and macOS as well as .NET 5.0 and .NET Core 3.1. Microsoft indicates that while this has been publicly disclosed, it has not been exploited in the wild. There are additional details regarding this vulnerability available on the dotnet github page.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

CVE-2021-31207

CVE-2021-31207  is a Microsoft Exchange Server vulnerability. On this occasion, it is a security feature bypass discovered during PWN2OWN 2021.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

CVE-2021-31200

This code execution vulnerability is found in Neural Network Intelligence (NNI), an open-source tool for managing AutoML experiments. Since it is an open-source project, you can see the code change that was made to resolve this vulnerability.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

Read the rest of thePatch Tuesday changelog here, and install the update by Checking for Updates in Settings.

via TripWire, WBI

More about the topics: microsoft, security, windows 10

Leave a Reply

Your email address will not be published. Required fields are marked *