- These Sony headphones deliver premium sound and comfort - without the premium price
- The LG soundbar I prefer for my home theater slaps with immersive audio - and it's not the newest model
- Samsung's new flagship laptop rivals the MacBook Pro, and it's not just because of the display
- Email marketing is back and big social is panicking - everything you need to know
- Revisiting Docker Hub Policies: Prioritizing Developer Experience | Docker
Tripwire Patch Priority Index for May 2021 | The State of Security
Tripwire’s May 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Google Chrome, Adobe and Microsoft.
First on the patch priority list this month are patches for macOS (CVE-2021-30657) and Google Chrome (CVE-2021-21220). Exploits for these vulnerabilities have been recently added to the Metasploit Exploit Framework. These systems should be patched as soon as possible.
Up next is a patch for a memory corruption vulnerability in Internet Explorer.
Next on the patch priority list this month are patches for Microsoft Excel, Office, and Word. These patches resolve 7 issues including remote code execution and information disclosure vulnerabilities.
Next are patches for Adobe Reader and Acrobat. These patches resolve 14 issues, including arbitrary code execution, privilege escalation, memory leak vulnerabilities.
Next are patches that affect components of the Windows operating systems. These patches resolve over 20 vulnerabilities, including elevation of privilege, information disclosure, remote code execution, security feature bypass, denial of service, and memory corruption vulnerabilities. These vulnerabilities affect core Windows, WalletService, Container Isolation FS drive, Container Manager Service, OLE Automation, SSDP, Meida Foundation, Jet Red Database Engine, Wireless Networking, and others.
Up next are patches for .NET, Visual Studio Code, and Hyper-V that resolve elevation of privilege and remote code exeuction vulnerabilities.
Lastly, administrators should focus on server-side patches for Microsoft, which resolve issues in Microsoft Exchange and SharePoint. These patches resolve several issues including remote code execution, information disclosure, spoofing, and denial of service vulnerabilities.
| BULLETIN | CVE |
| Exploit Framework: Metasploit | CVE-2021-30657, CVE-2021-21220 |
| Internet Explorer | CVE-2021-26419 |
| Microsoft Office | CVE-2021-31176 |
| Microsoft Office Word | CVE-2021-31180 |
| Microsoft Office Excel | CVE-2021-31174, CVE-2021-31178, CVE-2021-31179, CVE-2021-31175, CVE-2021-31177 |
| APSB21-29: Adobe Reader and Acrobat | CVE-2021-28561, CVE-2021-28560, CVE-2021-28558, CVE-2021-28557, CVE-2021-28555, CVE-2021-28565, CVE-2021-28564, CVE-2021-21044, CVE-2021-21038, CVE-2021-21086, CVE-2021-28559, CVE-2021-28562, CVE-2021-28550, CVE-2021-28553 |
| Microsoft Windows | CVE-2021-31187, CVE-2021-31184, CVE-2021-31190, CVE-2021-31166, CVE-2021-31193, CVE-2021-31192, CVE-2021-28455, CVE-2021-31188, CVE-2021-31170, CVE-2021-31182, CVE-2021-28479, CVE-2021-31185, CVE-2021-31194, CVE-2020-24587, CVE-2020-24588, CVE-2020-26144, CVE-2021-31168, CVE-2021-31169, CVE-2021-31167, CVE-2021-31165, CVE-2021-31208, CVE-2021-31186, CVE-2021-31191, CVE-2021-31205 |
| .NET and Visual Studio | CVE-2021-31204 |
| Microsoft Hyper-V | CVE-2021-28476 |
| Microsoft Exchange Server | CVE-2021-31195, CVE-2021-31198, CVE-2021-31207, CVE-2021-31209 |
| Microsoft Office SharePoint | CVE-2021-31171, CVE-2021-31181, CVE-2021-31173, CVE-2021-28474, CVE-2021-28478, CVE-2021-26418, CVE-2021-31172 |
