May 2021: Patch Watch Digest

Highlights of May Digest

• 26 vendors released security patches for 811 vulnerabilities, including 150 CVEs with known exploits.

• 4 vulnerabilities that got patched in May were red-flagged by CISA.

• 343 Old vulnerabilities have been patched.

• Microsoft fixed 55 bugs, including 3 zero days.

Weaponized Vulnerabilities

We have 150 vulnerabilities that are known exploits. Here is our analysis  –

• 1 CVE alerted by CISA.

• 62 CVEs have RCE capabilities.

• 17 CVE with Privilege Escalation capabilities.

• 33 CVEs are associated with Denial of Service.

• 27 are linked to Webapp exploits.

• 19 CVEs are rated critical and 42 are of high severity.

Interestingly, when we looked at this data for our patchwatch blogs in May, we found that 33 vulnerabilities were weaponized. By the end of the month when we analyzed the data again we see that 150 vulnerabilities now have known exploits. The rate of weaponization rose from 3% to 19% within a month therefore we urge security teams to prioritize these vulnerabilities for patches.

Click here for our analysis and download patches.

Old Vulnerabilities Patched in May 2021

Security updates for 346 old vulnerabilities (ranging from 2004 to 2020) have been released.

• 102 CVEs have known exploits.

• 38 CVEs are classified as RCE bugs.

• 14 CVEs linked with Privilege escalation.

• 2 CVEs have been alerted by CISA.

• 26 CVE is rated critical and 75 of high severity.

Click here for our analysis and download patches.

Microsoft May Patches 2021

Microsoft issued patches for 55 security vulnerabilities, including three zero-days  (CVE-2021-31207,  CVE-2021-31200,  CVE-2021-31204).

Check out our Microsoft patch watch edition here.

CISA Alerts

CISA has published warning alerts for 4 vulnerabilities (CVE-2021-1531, CVE-2020-7774, CVE-2020-4033, CVE-2021-21101) –

• 1 CVEs has been weaponized with Privilege Escalation capabilities.

• 1 CVEs is rated critical, and 2 of high severity.

• The Common Weakness Enumeration (CWE) assigned to these vulnerabilities are CWE-78, CWE – 79, CWE – 20, and CWE – 125. Notably, these all are classified under the 2020 CWE Top 10 Most Dangerous Software Weaknesses.

Click here for our analysis and download patches.

Table: May 2021 Security Patches

Today, organizations need to adopt a risk-based approach to patch the most critical vulnerabilities based on threat context, ransomware, and APT associations. CSW’s Patch Watch helps organizations prioritize vulnerabilities and improve their security posture and stay safe from attacks and breaches.  Get on our mailing list for more information about emerging threats.

Does your organization have a patch management program? Talk to CSW’s Experts to prioritize the threats that need immediate attention!