REDLEGG BLOG
Person reading a newspaper - critical vulnerabilities bulletin.

Critical Vulnerabilities Bulletin - May 2021

5/12/21 3:09 PM  |  by RedLegg Blog

How do these critical vulnerabilities affect your business? 

See the latest bulletin from our threat research team.

Get new security bulletins directly in your inbox as soon as they're released by our threat research team.

 

Hyper-V Remote Code Execution Vulnerability

Identifier: CVE-2021-28476

Exploit or POC: No.

Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28476

Description: CVE-2021-28476 allows an attacker on a guest VM to force the Hyper-V host's kernel to read from an arbitrary, potentially invalid address. Contents of the address do not get returned to the guest VM and may be leveraged to perform a denial-of-service attack on the Hyper-V host.

Mitigation recommendation: Patching is currently the only method of mitigation.

 

HTTP Protocol Stack Remote Code Execution Vulnerability

Identifier: CVE-2021-31166

Exploit or POC: No.

Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31166

Description: An unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets and execute code.

Mitigation recommendation: Patching is currently the only method of mitigation.

 

See The Full List

*Active exploits may have changed since the dissemination of this bulletin which was May 12. This list does not represent the full list of every current vulnerability.

**And to see the full list of vulnerabilities we released with this batch.

Get Blog Updates

Related Articles

Critical Vulnerabilities Bulletin -September 2021 96bravo

Critical Vulnerabilities Bulletin -September 2021

Open Management Infrastructure Remote Code Execution Vulnerability Identifier: CVE-2021-38647 Exploit or POC: No. ...
Emergency Vulnerability Bulletin 96bravo

Emergency Vulnerability Bulletin

Microsoft MSHTML Remote Code Execution Vulnerability Identifier: CVE-2021-40444 Exploit or POC: Yes Update: ...
Critical Security Vulnerabilities Bulletin