Microsoft 8 czerwca 2021 roku wydał nowy pakiet aktualizacji bezpieczeństwa w ramach comiesięcznego Patch Tuesday. Wydano łącznie 50 poprawek bezpieczeństwa, w tym 5 oznaczone jako krytyczne.

Istotne podatności:

6 luk 0-day:

Pełna lista poprawek:

Description

CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG)

CVSS Temporal (AVG)

.NET Core and Visual Studio Denial of Service Vulnerability

CVE-2021-31957 No No Less Likely Less Likely Important 5.9

5.2

3D Viewer Information Disclosure Vulnerability

CVE-2021-31944 No No Less Likely Less Likely Important 5.0

4.4

3D Viewer Remote Code Execution Vulnerability

CVE-2021-31942 No No Less Likely Less Likely Important 7.8

6.8

CVE-2021-31943

No No Less Likely Less Likely Important 7.8

6.8

Event Tracing for Windows Information Disclosure Vulnerability

CVE-2021-31972

No No Less Likely Less Likely Important 5.5 4.8

Kerberos AppContainer Security Feature Bypass Vulnerability

CVE-2021-31962

No No Less Likely Less Likely Important 9.4

8.2

Microsoft DWM Core Library Elevation of Privilege Vulnerability

CVE-2021-33739

Yes Yes Detected Detected Important 8.4 7.8

Microsoft Defender Denial of Service Vulnerability

CVE-2021-31978

No No Less Likely Less Likely Important 5.5 4.8

Microsoft Defender Remote Code Execution Vulnerability

CVE-2021-31985

No No More Likely More Likely Critical 7.8 6.8

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2021-33741

No No Less Likely Less Likely Important 8.2 7.1

Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability

CVE-2021-31199

No Yes Detected Detected Important 5.2 4.8
CVE-2021-31201 No Yes Detected Detected Important 5.2

4.8

Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-31939 No No Less Likely Less Likely Important 7.8

6.8

Microsoft Intune Management Extension Remote Code Execution Vulnerability

CVE-2021-31980 No No Less Likely Less Likely Important 8.1

7.1

Microsoft Office Graphics Remote Code Execution Vulnerability

CVE-2021-31940 No No Less Likely Less Likely Important 7.8

6.8

CVE-2021-31941

No No Less Likely Less Likely Important 7.8 6.8

Microsoft Outlook Remote Code Execution Vulnerability

CVE-2021-31949

No No Less Likely Less Likely Important 6.7 5.8

Microsoft SharePoint Server Information Disclosure Vulnerability

CVE-2021-31965

No No Less Likely Less Likely Important 5.7 5.0

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2021-26420

No No Less Likely Less Likely Important 7.1 6.2
CVE-2021-31963 No No Less Likely Less Likely Critical 7.1

6.2

CVE-2021-31966

No No Less Likely Less Likely Important 7.3 6.4

Microsoft SharePoint Server Spoofing Vulnerability

CVE-2021-31964

No No Less Likely Less Likely Important 7.6 6.6
CVE-2021-31948 No No Less Likely Less Likely Important 7.6

6.6

CVE-2021-31950

No No Less Likely Less Likely Important 7.6 6.6

Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vulnerability

CVE-2021-31938

No No Less Likely Less Likely Important 7.3 6.4

Paint 3D Remote Code Execution Vulnerability

CVE-2021-31945

No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-31946 No No Less Likely Less Likely Important 7.8

6.8

CVE-2021-31983

No No Less Likely Less Likely Important 7.8 6.8

Scripting Engine Memory Corruption Vulnerability

CVE-2021-31959

No No More Likely More Likely Critical 6.4 5.6

Server for NFS Denial of Service Vulnerability

CVE-2021-31974

No No Less Likely Less Likely Important 7.5 6.5

Server for NFS Information Disclosure Vulnerability

CVE-2021-31975

No No Less Likely Less Likely Important 7.5 6.5
CVE-2021-31976 No No Less Likely Less Likely Important 7.5

6.5

VP9 Video Extensions Remote Code Execution Vulnerability

CVE-2021-31967 No No Less Likely Less Likely Critical 7.8

6.8

Windows Bind Filter Driver Information Disclosure Vulnerability

CVE-2021-31960 No No Less Likely Less Likely Important 5.5

4.8

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVE-2021-31969 No No Less Likely Less Likely Important 7.8

6.8

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2021-31954 No No More Likely More Likely Important 7.8

6.8

Windows DCOM Server Security Feature Bypass

CVE-2021-26414 No No Less Likely Less Likely Important 4.8

4.2

Windows Filter Manager Elevation of Privilege Vulnerability

CVE-2021-31953 No No Less Likely Less Likely Important 7.8

6.8

Windows GPSVC Elevation of Privilege Vulnerability

CVE-2021-31973 No No Less Likely Less Likely Important 7.8

6.8

Windows HTML Platform Security Feature Bypass Vulnerability

CVE-2021-31971 No No Less Likely Less Likely Important 6.8

5.9

Windows Hyper-V Denial of Service Vulnerability

CVE-2021-31977 No No Less Likely Less Likely Important 8.6

7.5

Windows Kernel Elevation of Privilege Vulnerability

CVE-2021-31951 No No More Likely More Likely Important 7.8

6.8

Windows Kernel Information Disclosure Vulnerability

CVE-2021-31955 No Yes Detected Detected Important 5.5

5.1

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

CVE-2021-31952 No No More Likely More Likely Important 7.8

6.8

Windows MSHTML Platform Remote Code Execution Vulnerability

CVE-2021-33742 No Yes Detected Detected Critical 7.5

7.0

Windows NTFS Elevation of Privilege Vulnerability

CVE-2021-31956 No Yes Detected Detected Important 7.8

7.2

Windows NTLM Elevation of Privilege Vulnerability

CVE-2021-31958 No No Less Likely Less Likely Important 7.5

6.5

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2021-1675 No No Less Likely Less Likely Important 7.8

6.8

Windows Remote Desktop Services Denial of Service Vulnerability

CVE-2021-31968 Yes No Less Likely Less Likely Important 7.5

6.5

Windows TCP/IP Driver Security Feature Bypass Vulnerability

CVE-2021-31970 No No Less Likely Less Likely Important 5.5

4.8