Microsoft 14 grudnia 2021 roku wydał nowy pakiet aktualizacji bezpieczeństwa w ramach comiesięcznego Patch Tuesday. Wydano łącznie 83 poprawki bezpieczeństwa, w tym 7 oznaczonych jako krytyczne.
Istotne podatności:
- CVE-2021-43890 – luka 0day w zabezpieczeniach instalatora Windows AppX
- CVE-2021-43215 – uszkodzenie pamięci w serwerze iSNS prowadzące do zdalnego wykonania kodu
- CVE-2021-43905 – zdalne wykonanie kodu w Microsoft Office
- CVE-2021-43907 – zdalne wykonanie kodu w rozszerzeniu Visual Studio Code WSL
Description |
|||||||
CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) |
CVSS Temporal (AVG) |
ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability | |||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
Bot Framework SDK Remote Code Execution Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.5 | 6.7 | |
Chromium: CVE-2021-4052 Use after free in web apps |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2021-4053 Use after free in UI |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2021-4054 Incorrect security UI in autofill |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2021-4055 Heap buffer overflow in extensions |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2021-4056: Type Confusion in loader |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2021-4057 Use after free in file API |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2021-4058 Heap buffer overflow in ANGLE |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2021-4059 Insufficient data validation in loader |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2021-4061 Type Confusion in V8 |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2021-4062 Heap buffer overflow in BFCache |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2021-4063 Use after free in developer tools |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2021-4064 Use after free in screen capture |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2021-4065 Use after free in autofill |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2021-4066 Integer underflow in ANGLE |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2021-4067 Use after free in window manager |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2021-4068 Insufficient validation of untrusted input in new tab page |
|||||||
No | No | – | – | – | |||
DirectX Graphics Kernel File Denial of Service Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.4 | 6.4 | |
HEVC Video Extensions Remote Code Execution Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
CVE-2021-40453 | No | No | Less Likely | Less Likely | Important | 7.8 |
6.8 |
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Critical | 9.8 | 8.5 | |
Microsoft BizTalk ESB Toolkit Spoofing Vulnerability |
|||||||
No | No | – | – | Important | 7.4 | 6.7 | |
Microsoft Defender for IOT Elevation of Privilege Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
Microsoft Defender for IoT Information Disclosure Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.5 | 7.0 | |
Microsoft Defender for IoT Remote Code Execution Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Critical | 8.1 | 7.1 | |
CVE-2021-42311 | No | No | Less Likely | Less Likely | Important | 8.8 |
7.7 |
No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 | |
CVE-2021-42314 | No | No | Less Likely | Less Likely | Important | 8.8 |
7.7 |
No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 | |
CVE-2021-43882 | No | No | Less Likely | Less Likely | Important | 9.0 |
7.8 |
No | No | Less Likely | Less Likely | Important | 7.2 | 6.7 | |
CVE-2021-41365 | No | No | Less Likely | Less Likely | Important | 8.8 |
7.7 |
Microsoft Excel Remote Code Execution Vulnerability |
|||||||
CVE-2021-43256 | No | No | Less Likely | Less Likely | Important | 7.8 |
6.8 |
Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability |
|||||||
CVE-2021-42293 | No | No | Less Likely | Less Likely | Important | 6.5 |
5.7 |
Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability |
|||||||
CVE-2021-43216 | No | No | Less Likely | Less Likely | Important | 6.5 |
5.7 |
Microsoft Message Queuing Information Disclosure Vulnerability |
|||||||
CVE-2021-43222 | No | No | Less Likely | Less Likely | Important | 7.5 |
6.5 |
No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 | |
Microsoft Office Graphics Remote Code Execution Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
Microsoft Office Trust Center Spoofing Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 | |
Microsoft Office app Remote Code Execution Vulnerability |
|||||||
No | No | More Likely | More Likely | Critical | 9.6 | 8.6 | |
Microsoft PowerShell Spoofing Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 | |
Microsoft SharePoint Server Remote Code Execution Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.2 | 6.3 | |
CVE-2021-42309 | No | No | Less Likely | Less Likely | Important | 8.8 |
7.7 |
Microsoft SharePoint Server Spoofing Vulnerability |
|||||||
CVE-2021-42320 | No | No | Less Likely | Less Likely | Important | 8.0 |
7.0 |
No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 | |
NTFS Set Short Name Elevation of Privilege Vulnerability |
|||||||
Yes | No | Less Likely | Less Likely | Important | 7.8 | 7.0 | |
Remote Desktop Client Remote Code Execution Vulnerability |
|||||||
No | No | More Likely | More Likely | Critical | 7.5 | 6.5 | |
Storage Spaces Controller Information Disclosure Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 | |
CVE-2021-43235 | No | No | Less Likely | Less Likely | Important | 5.5 |
4.8 |
SymCrypt Denial of Service Vulnerability |
|||||||
CVE-2021-43228 | No | No | Less Likely | Less Likely | Important | 7.5 |
6.5 |
VP9 Video Extensions Information Disclosure Vulnerability |
|||||||
CVE-2021-43243 | No | No | Less Likely | Less Likely | Important | 5.5 |
4.8 |
Visual Basic for Applications Information Disclosure Vulnerability |
|||||||
CVE-2021-42295 | No | No | Less Likely | Less Likely | Important | 5.5 |
4.8 |
Visual Studio Code Remote Code Execution Vulnerability |
|||||||
CVE-2021-43891 | No | No | Less Likely | Less Likely | Important | 7.8 |
6.8 |
Visual Studio Code Spoofing Vulnerability |
|||||||
CVE-2021-43908 | No | No | Less Likely | Less Likely |
Important |
||
Visual Studio Code WSL Extension Remote Code Execution Vulnerability |
|||||||
CVE-2021-43907 | No | No | Less Likely | Less Likely | Critical | 9.8 |
8.5 |
Web Media Extensions Remote Code Execution Vulnerability |
|||||||
CVE-2021-43214 | No | No | Less Likely | Unlikely | Important | 7.8 |
6.8 |
Windows AppX Installer Spoofing Vulnerability |
|||||||
CVE-2021-43890 | Yes | Yes | Detected | Detected | Important | 7.1 |
6.2 |
Windows Common Log File System Driver Elevation of Privilege Vulnerability |
|||||||
CVE-2021-43226 | No | No | More Likely | More Likely | Important | 7.8 |
6.8 |
No | No | More Likely | More Likely | Important | 7.8 | 6.8 | |
Windows Common Log File System Driver Information Disclosure Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 | |
Windows Digital Media Receiver Elevation of Privilege Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
Windows Digital TV Tuner Elevation of Privilege Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability |
|||||||
Yes | No | Less Likely | Less Likely | Important | 7.5 | 6.5 | |
Windows Encrypting File System (EFS) Remote Code Execution Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Critical | 8.1 | 7.1 | |
Windows Event Tracing Remote Code Execution Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
Windows Fax Service Remote Code Execution Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
Windows Hyper-V Denial of Service Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 5.6 | 4.9 | |
Windows Installer Elevation of Privilege Vulnerability |
|||||||
Yes | No | More Likely | More Likely | Important | 7.8 | 7.0 | |
Windows Kernel Information Disclosure Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 | |
Windows Media Center Elevation of Privilege Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
Windows Mobile Device Management Elevation of Privilege Vulnerability |
|||||||
Yes | No | More Likely | More Likely | Important | 5.5 | 4.8 | |
Windows NTFS Elevation of Privilege Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
CVE-2021-43230 | No | No | Less Likely | Less Likely | Important | 7.8 |
6.8 |
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
Windows Print Spooler Elevation of Privilege Vulnerability |
|||||||
Yes | No | More Likely | More Likely | Important | 7.8 | 7.2 | |
Windows Recovery Environment Agent Elevation of Privilege Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.1 | 6.2 | |
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
Windows Remote Access Elevation of Privilege Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
Windows Setup Elevation of Privilege Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
Windows TCP/IP Driver Elevation of Privilege Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution |
|||||||
No | No | More Likely | More Likely | Critical | 9.8 |
8.5 |