3 min read
How do these critical vulnerabilities affect your business?
See the latest bulletin from our threat research team.
Hyper-V Remote Code Execution Vulnerability
Identifier: CVE-2021-28476
Exploit or POC: No.
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28476
Description: CVE-2021-28476 allows an attacker on a guest VM to force the Hyper-V host's kernel to read from an arbitrary, potentially invalid address. Contents of the address do not get returned to the guest VM and may be leveraged to perform a denial-of-service attack on the Hyper-V host.
Mitigation recommendation: Patching is currently the only method of mitigation.
HTTP Protocol Stack Remote Code Execution Vulnerability
Identifier: CVE-2021-31166
Exploit or POC: No.
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31166
Description: An unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets and execute code.
Mitigation recommendation: Patching is currently the only method of mitigation.
*Active exploits may have changed since the dissemination of this bulletin which was May 12. This list does not represent the full list of every current vulnerability.
**And to see the full list of vulnerabilities we released with this batch.
