REDLEGG BLOG
Person reading a newspaper - critical vulnerabilities bulletin.

Critical Vulnerabilities Bulletin - May 2021

5/12/21 3:09 PM  |  by RedLegg Blog

How do these critical vulnerabilities affect your business? 

See the latest bulletin from our threat research team.

Get new security bulletins directly in your inbox as soon as they're released by our threat research team.

 

Hyper-V Remote Code Execution Vulnerability

Identifier: CVE-2021-28476

Exploit or POC: No.

Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28476

Description: CVE-2021-28476 allows an attacker on a guest VM to force the Hyper-V host's kernel to read from an arbitrary, potentially invalid address. Contents of the address do not get returned to the guest VM and may be leveraged to perform a denial-of-service attack on the Hyper-V host.

Mitigation recommendation: Patching is currently the only method of mitigation.

 

HTTP Protocol Stack Remote Code Execution Vulnerability

Identifier: CVE-2021-31166

Exploit or POC: No.

Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31166

Description: An unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets and execute code.

Mitigation recommendation: Patching is currently the only method of mitigation.

 

See The Full List

*Active exploits may have changed since the dissemination of this bulletin which was May 12. This list does not represent the full list of every current vulnerability.

**And to see the full list of vulnerabilities we released with this batch.

Get Blog Updates

Related Articles

Summoning Cyber Awareness: Exorcising the Malevolent Realm of Remote Monitoring and Management Tools threat intel, 96bravo

Summoning Cyber Awareness: Exorcising the Malevolent Realm of Remote Monitoring and Management Tools

EXECUTIVE SUMMARY RedLegg would like to recognize the efforts instituted by the Cybersecurity & Infrastructure ...
Patch Tuesday - August 2023 96bravo

Patch Tuesday - August 2023

*Important note: These are not the only vulnerabilities that have been recently released; however, these are the ...
Critical Security Vulnerabilities Bulletin