REDLEGG BLOG
Person reading a newspaper - critical vulnerabilities bulletin.

Critical Vulnerabilities Bulletin - May 2021

5/12/21 3:09 PM  |  by RedLegg Blog

How do these critical vulnerabilities affect your business? 

See the latest bulletin from our threat research team.

Get new security bulletins directly in your inbox as soon as they're released by our threat research team.

 

Hyper-V Remote Code Execution Vulnerability

Identifier: CVE-2021-28476

Exploit or POC: No.

Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28476

Description: CVE-2021-28476 allows an attacker on a guest VM to force the Hyper-V host's kernel to read from an arbitrary, potentially invalid address. Contents of the address do not get returned to the guest VM and may be leveraged to perform a denial-of-service attack on the Hyper-V host.

Mitigation recommendation: Patching is currently the only method of mitigation.

 

HTTP Protocol Stack Remote Code Execution Vulnerability

Identifier: CVE-2021-31166

Exploit or POC: No.

Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31166

Description: An unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets and execute code.

Mitigation recommendation: Patching is currently the only method of mitigation.

 

See The Full List

*Active exploits may have changed since the dissemination of this bulletin which was May 12. This list does not represent the full list of every current vulnerability.

**And to see the full list of vulnerabilities we released with this batch.

Get Blog Updates

Related Articles

Log4j In-Depth 96bravo

Log4j In-Depth

About On December 9th, 2021, a severe vulnerability (CVE-2021-44228) was released for the widely utilized Apache Log4j ...
Critical Vulnerability Bulletin December 2021 96bravo

Critical Vulnerability Bulletin December 2021

LOG4J Remote Code Execution Vulnerability (Update) Identifier: CVE-2021-44228 and CVE-2021-45046 Exploit or POC: YES. ...
Critical Security Vulnerabilities Bulletin