Microsoft 14 grudnia 2021 roku wydał nowy pakiet aktualizacji bezpieczeństwa w ramach comiesięcznego Patch Tuesday. Wydano łącznie 83 poprawki bezpieczeństwa, w tym 7 oznaczonych jako krytyczne.

Istotne podatności:

  • CVE-2021-43890 – luka 0day w zabezpieczeniach instalatora Windows AppX
  • CVE-2021-43215 – uszkodzenie pamięci w serwerze iSNS prowadzące do zdalnego wykonania kodu
  • CVE-2021-43905 – zdalne wykonanie kodu w Microsoft Office
  • CVE-2021-43907 – zdalne wykonanie kodu w rozszerzeniu Visual Studio Code WSL

Description

CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG)

CVSS Temporal (AVG)

ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability

CVE-2021-43877

No No Less Likely Less Likely Important 7.8 6.8

Bot Framework SDK Remote Code Execution Vulnerability

CVE-2021-43225

No No Less Likely Less Likely Important 7.5 6.7

Chromium: CVE-2021-4052 Use after free in web apps

CVE-2021-4052

No No

Chromium: CVE-2021-4053 Use after free in UI

CVE-2021-4053

No No

Chromium: CVE-2021-4054 Incorrect security UI in autofill

CVE-2021-4054

No No

Chromium: CVE-2021-4055 Heap buffer overflow in extensions

CVE-2021-4055

No No

Chromium: CVE-2021-4056: Type Confusion in loader

CVE-2021-4056

No No

Chromium: CVE-2021-4057 Use after free in file API

CVE-2021-4057

No No

Chromium: CVE-2021-4058 Heap buffer overflow in ANGLE

CVE-2021-4058

No No

Chromium: CVE-2021-4059 Insufficient data validation in loader

CVE-2021-4059

No No

Chromium: CVE-2021-4061 Type Confusion in V8

CVE-2021-4061

No No

Chromium: CVE-2021-4062 Heap buffer overflow in BFCache

CVE-2021-4062

No No

Chromium: CVE-2021-4063 Use after free in developer tools

CVE-2021-4063

No No

Chromium: CVE-2021-4064 Use after free in screen capture

CVE-2021-4064

No No

Chromium: CVE-2021-4065 Use after free in autofill

CVE-2021-4065

No No

Chromium: CVE-2021-4066 Integer underflow in ANGLE

CVE-2021-4066

No No

Chromium: CVE-2021-4067 Use after free in window manager

CVE-2021-4067

No No

Chromium: CVE-2021-4068 Insufficient validation of untrusted input in new tab page

CVE-2021-4068

No No

DirectX Graphics Kernel File Denial of Service Vulnerability

CVE-2021-43219

No No Less Likely Less Likely Important 7.4 6.4

HEVC Video Extensions Remote Code Execution Vulnerability

CVE-2021-40452

No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-40453 No No Less Likely Less Likely Important 7.8

6.8

CVE-2021-41360

No No Less Likely Less Likely Important 7.8 6.8

Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability

CVE-2021-43899

No No Less Likely Less Likely Critical 9.8 8.5

Microsoft BizTalk ESB Toolkit Spoofing Vulnerability

CVE-2021-43892

No No Important 7.4 6.7

Microsoft Defender for IOT Elevation of Privilege Vulnerability

CVE-2021-42312

No No Less Likely Less Likely Important 7.8 6.8

Microsoft Defender for IoT Information Disclosure Vulnerability

CVE-2021-43888

No No Less Likely Less Likely Important 7.5 7.0

Microsoft Defender for IoT Remote Code Execution Vulnerability

CVE-2021-42310

No No Less Likely Less Likely Critical 8.1 7.1
CVE-2021-42311 No No Less Likely Less Likely Important 8.8

7.7

CVE-2021-42313

No No Less Likely Less Likely Important 8.8 7.7
CVE-2021-42314 No No Less Likely Less Likely Important 8.8

7.7

CVE-2021-42315

No No Less Likely Less Likely Important 8.8 7.7
CVE-2021-43882 No No Less Likely Less Likely Important 9.0

7.8

CVE-2021-43889

No No Less Likely Less Likely Important 7.2 6.7
CVE-2021-41365 No No Less Likely Less Likely Important 8.8

7.7

Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-43256 No No Less Likely Less Likely Important 7.8

6.8

Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability

CVE-2021-42293 No No Less Likely Less Likely Important 6.5

5.7

Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability

CVE-2021-43216 No No Less Likely Less Likely Important 6.5

5.7

Microsoft Message Queuing Information Disclosure Vulnerability

CVE-2021-43222 No No Less Likely Less Likely Important 7.5

6.5

CVE-2021-43236

No No Less Likely Less Likely Important 7.5 6.5

Microsoft Office Graphics Remote Code Execution Vulnerability

CVE-2021-43875

No No Less Likely Less Likely Important 7.8 6.8

Microsoft Office Trust Center Spoofing Vulnerability

CVE-2021-43255

No No Less Likely Less Likely Important 5.5 4.8

Microsoft Office app Remote Code Execution Vulnerability

CVE-2021-43905

No No More Likely More Likely Critical 9.6 8.6

Microsoft PowerShell Spoofing Vulnerability

CVE-2021-43896

No No Less Likely Less Likely Important 5.5 4.8

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2021-42294

No No Less Likely Less Likely Important 7.2 6.3
CVE-2021-42309 No No Less Likely Less Likely Important 8.8

7.7

Microsoft SharePoint Server Spoofing Vulnerability

CVE-2021-42320 No No Less Likely Less Likely Important 8.0

7.0

CVE-2021-43242

No No Less Likely Less Likely Important 7.5 6.5

NTFS Set Short Name Elevation of Privilege Vulnerability

CVE-2021-43240

Yes No Less Likely Less Likely Important 7.8 7.0

Remote Desktop Client Remote Code Execution Vulnerability

CVE-2021-43233

No No More Likely More Likely Critical 7.5 6.5

Storage Spaces Controller Information Disclosure Vulnerability

CVE-2021-43227

No No Less Likely Less Likely Important 5.5 4.8
CVE-2021-43235 No No Less Likely Less Likely Important 5.5

4.8

SymCrypt Denial of Service Vulnerability

CVE-2021-43228 No No Less Likely Less Likely Important 7.5

6.5

VP9 Video Extensions Information Disclosure Vulnerability

CVE-2021-43243 No No Less Likely Less Likely Important 5.5

4.8

Visual Basic for Applications Information Disclosure Vulnerability

CVE-2021-42295 No No Less Likely Less Likely Important 5.5

4.8

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-43891 No No Less Likely Less Likely Important 7.8

6.8

Visual Studio Code Spoofing Vulnerability

CVE-2021-43908 No No Less Likely Less Likely

Important

Visual Studio Code WSL Extension Remote Code Execution Vulnerability

CVE-2021-43907 No No Less Likely Less Likely Critical 9.8

8.5

Web Media Extensions Remote Code Execution Vulnerability

CVE-2021-43214 No No Less Likely Unlikely Important 7.8

6.8

Windows AppX Installer Spoofing Vulnerability

CVE-2021-43890 Yes Yes Detected Detected Important 7.1

6.2

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2021-43226 No No More Likely More Likely Important 7.8

6.8

CVE-2021-43207

No No More Likely More Likely Important 7.8 6.8

Windows Common Log File System Driver Information Disclosure Vulnerability

CVE-2021-43224

No No Less Likely Less Likely Important 5.5 4.8

Windows Digital Media Receiver Elevation of Privilege Vulnerability

CVE-2021-43248

No No Less Likely Less Likely Important 7.8 6.8

Windows Digital TV Tuner Elevation of Privilege Vulnerability

CVE-2021-43245

No No Less Likely Less Likely Important 7.8 6.8

Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability

CVE-2021-43893

Yes No Less Likely Less Likely Important 7.5 6.5

Windows Encrypting File System (EFS) Remote Code Execution Vulnerability

CVE-2021-43217

No No Less Likely Less Likely Critical 8.1 7.1

Windows Event Tracing Remote Code Execution Vulnerability

CVE-2021-43232

No No Less Likely Less Likely Important 7.8 6.8

Windows Fax Service Remote Code Execution Vulnerability

CVE-2021-43234

No No Less Likely Less Likely Important 7.8 6.8

Windows Hyper-V Denial of Service Vulnerability

CVE-2021-43246

No No Less Likely Less Likely Important 5.6 4.9

Windows Installer Elevation of Privilege Vulnerability

CVE-2021-43883

Yes No More Likely More Likely Important 7.8 7.0

Windows Kernel Information Disclosure Vulnerability

CVE-2021-43244

No No Less Likely Less Likely Important 6.5 5.7

Windows Media Center Elevation of Privilege Vulnerability

CVE-2021-40441

No No Less Likely Less Likely Important 7.8 6.8

Windows Mobile Device Management Elevation of Privilege Vulnerability

CVE-2021-43880

Yes No More Likely More Likely Important 5.5 4.8

Windows NTFS Elevation of Privilege Vulnerability

CVE-2021-43229

No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-43230 No No Less Likely Less Likely Important 7.8

6.8

CVE-2021-43231

No No Less Likely Less Likely Important 7.8 6.8

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2021-41333

Yes No More Likely More Likely Important 7.8 7.2

Windows Recovery Environment Agent Elevation of Privilege Vulnerability

CVE-2021-43239

No No Less Likely Less Likely Important 7.1 6.2

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

CVE-2021-43223

No No Less Likely Less Likely Important 7.8 6.8

Windows Remote Access Elevation of Privilege Vulnerability

CVE-2021-43238

No No Less Likely Less Likely Important 7.8 6.8

Windows Setup Elevation of Privilege Vulnerability

CVE-2021-43237

No No Less Likely Less Likely Important 7.8 6.8

Windows TCP/IP Driver Elevation of Privilege Vulnerability

CVE-2021-43247

No No Less Likely Less Likely Important 7.8 6.8

iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution

CVE-2021-43215

No No More Likely More Likely Critical 9.8

8.5