Microsoft’s May 2021 Patch Tuesday updates include fixes for four critical security vulnerabilities.
Microsoft’s May Patch Tuesday release addressed a modest 55 cybersecurity vulnerabilities, including just four critical bugs. It’s the smallest monthly update from the computing giant since 2020, but it does contain a patch for a concerning wormable vulnerability found in the Windows OS.
The good news is that none of the vulnerabilities are being actively exploited in the wild, according to Microsoft, though three are listed as publicly known.
The fixes address security flaws across Microsoft Windows, .NET Core and Visual Studio, Internet Explorer (IE), Microsoft Office, SharePoint Server, Open-Source Software, Hyper-V, Skype for Business and Microsoft Lync, and Exchange Server. Besides the four critical bugs, 50 are rated “important” and one is moderate in severity.
BankInfoSecurity
Compliance
Compliance Twitter Get Permission
Microsoft has patched a critical vulnerability in Windows that can be exploited by tricking users to visit websites that use a malicious font. The flaw was found by Google s Project Zero bug-hunting team.
Hackers can exploit the flaw to wage web-based attacks, Microsoft says. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability, the company says.
Hackers likely would spread links to malicious websites via phishing emails or Instant Messenger, according to Microsoft.