Patching Recap

Monthly Patching Recap May 2021

VMware, Pulse Secure, Nginx, Exim and Hyper-V – all software products that are critical for many organizations and they all received security patches in May.

At the end of each month, we take a look at our patch data to give an overview on the most important security patches that were released during the last 30 days. In May we tracked 166 patches in total.

The two most important patches of the month both came from VMware. The first affects vRealize Business for Cloud, a tool for cost management of cloud resources, and has a CVSS score of 9.8 which means easy remote code execution.

But even more critical is the second vulnerability because it affects the default configuration of vCenter, the management tool for VMware virtualization environments. Exploitation of the vulnerability is straightforward and all an attacker needs is access to port 443 where vCenter hosts the web-based management interface. You should never expose vCenter to the internet but even if it is only running in a local network, this vulnerability is a great way for attackers to escalate an initial access.

Another serious vulnerability that was made public in May affects yet again Pulse Secure. On May 14 Pulse Secure published an out-of-band advisory describing a buffer overflow vulnerability on the Pulse Connect Secure gateway. There is no patch available as of now but in the advisory Pulse Secure describes a workaround.

Microsoft on the other hand gave us a breather this month with a smaller than usual Patch Tuesday that fixed only 55 flaws. But there were some scary bugs, for example a remote code execution in the Windows HTTP Stack for which there is already a public exploit available (Advisory).

Also, Microsoft fixed a critical Hyper-V bug and a new Exchange vulnerability:

Meanwhile in Linux land, the talk of the month was another round of vulnerabilities in the good old mail transfer agent Exim. Security company Qualys published a writeup of 21 new Exim vulnerabilities which could be chained together for full unauthenticated remote code execution.

And last but not least there was also a patch for the popular web server Nginx which normally does not see many security fixes. But this time security company “X41 D-SEC” discovered a flaw in the DNS resolver part of Nginx that could be used for Denial-of-Service attacks and possibly also for remote code execution.

Sign up for our newsletter!

Get a weekly overview on the most important patches, recent attacks and tips how to secure your systems.