![](\"https:\/\/lh3.googleusercontent.com\/R3epJoJlTJPfN3wm4M_NBWVTK2CTTPIelJoaeJJTPJDoAdz2Xi2socGxaOPZglQmBZGfcBhRU2TyLCuMewOWnjdZNahmAJjmxetKBWkbTIRuX7mFOax5N5mxWlcRqg\")
<\/p>\nMicrosoft patched 55 unique security vulnerabilities this May.\u00a0We analyzed all 55\u00a0 weaknesses and spotlighted the most important vulnerabilities that ought to be patched on priority.<\/p>\n
<\/p>\n
This May, Microsoft patched 55 vulnerabilities that were discovered in early 2021, including three publicly disclosed bugs.<\/p>\n
Of these 55, Microsoft has fixed key vulnerabilities, such as:<\/p>\n
22 CVEs classified under RCE bugs<\/p>\n<\/li>\n
11 CVEs with Privilege Escalation capabilities<\/p>\n<\/li>\n
1 CVE linked to Denial of Service<\/p>\n<\/li>\n<\/ul>\n
It must be noted that none of these vulnerabilities had been under active attack before the patch was issued. However, a week after the patches were issued, an exploit code was released for the wormable Windows IIS server (CVE-2021-31166) vulnerability, which has been allocated a CVSS V3 score of 9.8.<\/p>\n
Microsoft also continued the issue of a patch for its exchange server vulnerabilities, which have recently become high-profile targets to Hafnium threat actors.<\/p>\n
The “Proxy Logon” vulnerabilities that were exploited in the wild were CVE-2021-31198, CVE-2021-31207, CVE-2021-31209, and CVE-2021-31195.<\/p>\n
Zero-Day Vulnerabilities:<\/strong>\u00a0\u00a0Microsoft released patches for three zero-days: CVE-2021-31207<\/a>, \u00a0CVE-2021-31200<\/a>, \u00a0and CVE-2021-31204<\/a>. However, these zero-days have not yet been exploited despite having been made public. Patching these vulnerabilities should be undertaken immediately and considered a top priority.<\/p>\n In this round-up, patches were issued for 19 products. Windows\u2019 Server accounted for 22 vulnerabilities, of which ten were categorized with privilege escalation capabilities.<\/p>\n This month’s patch release fixed four critical vulnerabilities in the Windows Server and Internet Explorer, which posed a significant risk to organizations. On account of their severity rating, prioritizing these CVEs for patching is essential to ensure functionality and security. \nProduct Analysis<\/strong><\/h2>\n
![](\"https:\/\/lh4.googleusercontent.com\/ExsGEa_fPs3sWhLvAxGvrcvBjEKwc31oBoQJf2MSySk51oh6ltfE1m_P3Br6009oIRdQ4IRRc1t8zZkyM0QmOeM7YXDkte-luM0Wfkna-A7rLIblknrGpftmY3fDTQ\")
Severity Scores<\/strong><\/h2>\n
![](\"https:\/\/lh6.googleusercontent.com\/3fHbo_cOCmvhppFcL7OIzDlQPJ8BmaiqC-8iyOsFeVAlE5jZzbdpQw9AlqrYJZsBQk0Sz2IA52MO-AmyTqwwK9VwiLXcEAKumbk8h9_JawBkXrQWKFrso5ub32cejg\")