Microsoft 13 lipca 2021 roku wydał nowy pakiet aktualizacji bezpieczeństwa w ramach comiesięcznego Patch Tuesday. Wydano łącznie 117 poprawek bezpieczeństwa, w tym 13 oznaczone jako krytyczne.

Istotne podatności:

Pełna lista poprawek:

Description

CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG)

CVSS Temporal (AVG)

Active Directory Security Feature Bypass Vulnerability

CVE-2021-33781 Yes No Less Likely Less Likely Important 8.1

7.1

Bowser.sys Denial of Service Vulnerability

CVE-2021-34476 No No Less Likely Less Likely Important 7.5

6.5

DirectWrite Remote Code Execution Vulnerability

CVE-2021-34489 No No Less Likely Less Likely Important 7.8

6.8

Dynamics Business Central Remote Code Execution Vulnerability

CVE-2021-34474 No No Less Likely Less Likely Critical 8.0

7.0

GDI+ Information Disclosure Vulnerability

CVE-2021-34440 No No Less Likely Less Likely Important 5.5

4.8

HEVC Video Extensions Remote Code Execution Vulnerability

CVE-2021-31947 No No Less Likely Less Likely Important 7.8

6.8

CVE-2021-33775

No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-33776 No No Less Likely Less Likely Important 7.8

6.8

CVE-2021-33777

No No

Less Likely

Less Likely Important 7.8 6.8
CVE-2021-33778 No No Less Likely Less Likely Important 7.8

6.8

Media Foundation Information Disclosure Vulnerability

CVE-2021-33760 No No Less Likely Less Likely Important 5.5

4.8

Microsoft Bing Search Spoofing Vulnerability

CVE-2021-33753 No No Less Likely Less Likely Important 4.7

4.1

Microsoft Defender Remote Code Execution Vulnerability

CVE-2021-34464 No No Less Likely Less Likely Critical 7.8

6.8

CVE-2021-34522

No No Less Likely Less Likely Critical 7.8 6.8

Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-34501

No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-34518 No No Less Likely Less Likely Important 7.8

6.8

Microsoft Exchange Information Disclosure Vulnerability

CVE-2021-33766 No No Less Likely Less Likely Important 7.3

6.4

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVE-2021-34523 Yes No Less Likely Less Likely Important 9.0

7.8

CVE-2021-33768

No No Less Likely Less Likely Important 8.0 7.0
CVE-2021-34470 No No Less Likely Less Likely Important 8.0

7.0

Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2021-31196 No No Less Likely Less Likely Important 7.2

6.3

CVE-2021-31206

No No Less Likely Less Likely Important 7.6 7.1
CVE-2021-34473 Yes No More Likely More Likely Critical 9.1

7.9

Microsoft Office Online Server Spoofing Vulnerability

CVE-2021-34451 No No Less Likely Less Likely Important 5.3

4.6

Microsoft Office Security Feature Bypass Vulnerability

CVE-2021-34469 No No Less Likely Less Likely Important 8.2

7.1

Microsoft SharePoint Server Information Disclosure Vulnerability

CVE-2021-34519 No No Less Likely Less Likely Moderate 5.5

4.8

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2021-34467 No No More Likely More Likely Important 7.1

6.2

CVE-2021-34468

No No More Likely More Likely Important 7.1 6.2
CVE-2021-34520 No No More Likely More Likely Important 8.1

7.1

Microsoft SharePoint Server Spoofing Vulnerability

CVE-2021-34517 No No Less Likely Less Likely Important 5.5

4.8

Microsoft Visual Studio Spoofing Vulnerability

CVE-2021-34479 No No Less Likely Less Likely Important 7.8

6.8

Microsoft Windows Media Foundation Remote Code Execution Vulnerability

CVE-2021-34441 No No Less Likely Less Likely Important 7.8

6.8

CVE-2021-34439

No No Less Likely Less Likely Critical 7.8 6.8
CVE-2021-34503 No No Less Likely Less Likely Critical 7.8

6.8

Microsoft Word Remote Code Execution Vulnerability

CVE-2021-34452 No No Less Likely Less Likely Important 7.8

6.8

Open Enclave SDK Elevation of Privilege Vulnerability

CVE-2021-33767 No No Less Likely Less Likely Important 8.2

7.1

Power BI Remote Code Execution Vulnerability

CVE-2021-31984 No No Less Likely Less Likely Important 7.6

6.6

Raw Image Extension Remote Code Execution Vulnerability

CVE-2021-34521 No No Less Likely Less Likely Important 7.8

6.8

Scripting Engine Memory Corruption Vulnerability

CVE-2021-34448 No Yes Detected Detected Critical 6.8

6.3

Storage Spaces Controller Elevation of Privilege Vulnerability

CVE-2021-33751 No No Less Likely Less Likely Important 7.0

6.1

CVE-2021-34460

No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-34510 No No Less Likely Less Likely Important 7.8

6.8

CVE-2021-34512

No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-34513 No No Less Likely Less Likely Important 7.8

6.8

Storage Spaces Controller Information Disclosure Vulnerability

CVE-2021-34509 No No Less Likely Less Likely Important 5.5

4.8

Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability

CVE-2021-34477 No No Less Likely Less Likely Important 7.8

6.8

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-34528 No No Less Likely Less Likely Important 7.8

6.8

CVE-2021-34529

No No Less Likely Less Likely Important 7.8 6.8

Win32k Elevation of Privilege Vulnerability

CVE-2021-34449

No No More Likely More Likely Important 7.0 6.1
CVE-2021-34516 No No Less Likely Less Likely Important 7.8

6.8

Win32k Information Disclosure Vulnerability

CVE-2021-34491 No No Less Likely Less Likely Important 5.5

4.8

Windows ADFS Security Feature Bypass Vulnerability

CVE-2021-33779 Yes No Less Likely Less Likely Important 8.1

7.1

Windows AF_UNIX Socket Provider Denial of Service Vulnerability

CVE-2021-33785 No No Less Likely Less Likely Important 7.5

6.5

Windows Address Book Remote Code Execution Vulnerability

CVE-2021-34504 No No Less Likely Less Likely Important 7.8

6.8

Windows AppContainer Elevation Of Privilege Vulnerability

CVE-2021-34459 No No Less Likely Less Likely Important 7.8

6.8

Windows AppX Deployment Extensions Elevation of Privilege Vulnerability

CVE-2021-34462 No No Less Likely Less Likely Important 7.0

6.1

Windows Authenticode Spoofing Vulnerability

CVE-2021-33782 No No Less Likely Less Likely Important 5.5

4.8

Windows Certificate Spoofing Vulnerability

CVE-2021-34492 Yes No Less Likely Less Likely Important 8.1

7.1

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVE-2021-33784 No No Less Likely Less Likely Important 7.8

6.8

Windows Console Driver Elevation of Privilege Vulnerability

CVE-2021-34488 No No Less Likely Less Likely Important 7.8

6.8

Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability

CVE-2021-34461 No No Less Likely Less Likely Important 7.8

6.8

Windows DNS Server Denial of Service Vulnerability

CVE-2021-34442 No No Less Likely Less Likely Important 7.5

6.5

CVE-2021-34444

No No Less Likely Less Likely Important 6.5 5.7
CVE-2021-34499 No No Less Likely Less Likely Important 6.5

5.7

CVE-2021-33745

No No Less Likely Less Likely Important 6.5 5.7

Windows DNS Server Remote Code Execution Vulnerability

CVE-2021-33780

No No More Likely More Likely Important 8.8 7.7
CVE-2021-34494 No No Less Likely Less Likely Critical 8.8

7.7

CVE-2021-33746

No No Less Likely Less Likely Important 8.0 7.0
CVE-2021-33754 No No Less Likely Less Likely Important 8.0

7.0

CVE-2021-34525

No No Less Likely Less Likely Important 8.8 7.7

Windows DNS Snap-in Remote Code Execution Vulnerability

CVE-2021-33749

No No Less Likely Less Likely Important 8.8 7.7
CVE-2021-33750 No No Less Likely Less Likely Important 8.8

7.7

CVE-2021-33752

No No Less Likely Less Likely Important 8.8 7.7
CVE-2021-33756 No No Less Likely Less Likely Important 8.8

7.7

Windows Desktop Bridge Elevation of Privilege Vulnerability

CVE-2021-33759 No No Less Likely Less Likely Important 7.8

6.8

Windows Event Tracing Elevation of Privilege Vulnerability

CVE-2021-33774 No No Less Likely Less Likely Important 7.0

6.1

Windows File History Service Elevation of Privilege Vulnerability

CVE-2021-34455 No No Less Likely Less Likely Important 7.8

6.8

Windows Font Driver Host Remote Code Execution Vulnerability

CVE-2021-34438 No No Less Likely Less Likely Important 7.8

6.8

Windows GDI Elevation of Privilege Vulnerability

CVE-2021-34498 No No Less Likely Less Likely Important 7.8

6.8

Windows GDI Information Disclosure Vulnerability

CVE-2021-34496 No No Less Likely Less Likely Important 5.5

4.7

Windows HTML Platforms Security Feature Bypass Vulnerability

CVE-2021-34446 No No Less Likely Less Likely Important 8.0

7.0

Windows Hello Security Feature Bypass Vulnerability

CVE-2021-34466 No No Less Likely Less Likely Important 5.7

5.0

Windows Hyper-V Denial of Service Vulnerability

CVE-2021-33755 No No Less Likely Less Likely Important 6.3

5.5

CVE-2021-33758

No No Less Likely Less Likely Important 7.7 6.7

Windows Hyper-V Remote Code Execution Vulnerability

CVE-2021-34450

No No Less Likely Less Likely Critical 8.5 7.4

Windows InstallService Elevation of Privilege Vulnerability

CVE-2021-31961

No No Less Likely Less Likely Important 6.1 5.3

Windows Installer Elevation of Privilege Vulnerability

CVE-2021-34511

No No Less Likely Less Likely Important 7.8 6.8

Windows Installer Spoofing Vulnerability

CVE-2021-33765

No No Less Likely Less Likely Important 6.2 5.4

Windows Kernel Elevation of Privilege Vulnerability

CVE-2021-33771

No Yes Detected Detected Important 7.8 7.2
CVE-2021-31979 No Yes Detected Detected Important 7.8

7.2

CVE-2021-34514

No No Less Likely Less Likely Important 7.8 6.8

Windows Kernel Memory Information Disclosure Vulnerability

CVE-2021-34500

No No Less Likely Less Likely Important 6.5 5.5

Windows Kernel Remote Code Execution Vulnerability

CVE-2021-34458

No No Less Likely Less Likely Critical 9.9 8.6
CVE-2021-34508 No No Less Likely Less Likely Important 8.8

7.7

Windows Key Distribution Center Information Disclosure Vulnerability

CVE-2021-33764 No No Less Likely Less Likely Important 5.9

5.2

Windows LSA Denial of Service Vulnerability

CVE-2021-33788 No No Less Likely Less Likely Important 7.5

6.5

Windows LSA Security Feature Bypass Vulnerability

CVE-2021-33786 No No Less Likely Less Likely Important 8.1

7.1

Windows MSHTML Platform Remote Code Execution Vulnerability

CVE-2021-34447 No No Less Likely Less Likely Important 6.8

5.9

CVE-2021-34497

No No Less Likely Less Likely Critical 6.8 5.9

Windows Media Remote Code Execution Vulnerability

CVE-2021-33740

No No Less Likely Less Likely Critical 7.8 6.8

Windows Partition Management Driver Elevation of Privilege Vulnerability

CVE-2021-34493

No No Less Likely Less Likely Important 6.7 5.8

Windows Print Spooler Remote Code Execution Vulnerability

CVE-2021-34527

Yes Yes Detected Detected Critical 8.8 8.2

Windows Projected File System Elevation of Privilege Vulnerability

CVE-2021-33743

No No Less Likely Less Likely Important 7.8 6.8

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

CVE-2021-33761

No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-33773 No No Less Likely Less Likely Important 7.8

6.8

CVE-2021-34445

No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-34456 No No Less Likely Less Likely Important 7.8

6.8

Windows Remote Access Connection Manager Information Disclosure Vulnerability

CVE-2021-33763 No No Less Likely Less Likely Important 5.5

4.8

CVE-2021-34454

No No Less Likely Less Likely Important 5.5 4.8
CVE-2021-34457 No No Less Likely Less Likely Important 5.5

4.8

Windows Remote Assistance Information Disclosure Vulnerability

CVE-2021-34507 No No Less Likely Less Likely Important 6.5

5.7

Windows SMB Information Disclosure Vulnerability

CVE-2021-33783 No No Less Likely Less Likely Important 6.5

5.7

Windows Secure Kernel Mode Security Feature Bypass Vulnerability

CVE-2021-33744 No No Less Likely Less Likely Important 5.5

4.6

Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability

CVE-2021-33757 No No Less Likely Less Likely Important 5.5

4.6

Windows TCP/IP Driver Denial of Service Vulnerability

CVE-2021-31183 No No Less Likely Less Likely Important 7.5

6.5

CVE-2021-33772

No No Less Likely Less Likely Important 7.5 6.5
CVE-2021-34490 No No Less Likely Less Likely Important 7.5

6.5