Microsoft 9 listopada 2021 roku wydał nowy pakiet aktualizacji bezpieczeństwa w ramach comiesięcznego Patch Tuesday. Wydano łącznie 55 poprawek bezpieczeństwa, w tym 3 oznaczone jako krytyczne.
Istotne podatności:
- CVE-2021-42321 – aktywnie wykorzystywana luka zdalnego wykonania kodu w Micrososft Exchange Server
- CVE-2021-42292 – ominięcie funkcji bezpieczeństwa w Microsoft Excel
- CVE-2021-26443 – zdalne wykonanie kodu w Microsoft Virtual Machine Bus (VMBus)
Description |
|||||||
CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) |
CVSS Temporal (AVG) |
3D Viewer Remote Code Execution Vulnerability |
|||||||
CVE-2021-43208 | Yes | No | Less Likely | Less Likely | Important | 7.8 |
6.8 |
Yes | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
Active Directory Domain Services Elevation of Privilege Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 | |
CVE-2021-42282 | No | No | Less Likely | Less Likely | Important | 7.5 |
6.5 |
No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 | |
CVE-2021-42291 | No | No | Less Likely | Less Likely | Important | 7.5 |
6.5 |
Azure RTOS Elevation of Privilege Vulnerability |
|||||||
CVE-2021-42302 | No | No | Less Likely | Less Likely | Important | 6.6 |
5.8 |
No | No | Less Likely | Less Likely | Important | 6.6 | 5.8 | |
No | No | Less Likely | Less Likely | Important | 6.6 |
5.8 |
|
Azure RTOS Information Disclosure Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 3.3 | 2.9 | |
CVE-2021-42323 | No | No | Less Likely | Less Likely | Important | 3.3 |
2.9 |
No | No | Less Likely | Less Likely | Important | 3.3 | 2.9 | |
Azure Sphere Information Disclosure Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 6.7 | 5.8 | |
CVE-2021-41375 | No | No | Less Likely | Less Likely | Important | 4.4 |
3.9 |
No | No | Less Likely | Less Likely | Important | 2.3 | 2.0 | |
Azure Sphere Tampering Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 6.0 | 05.lut | |
Chakra Scripting Engine Memory Corruption Vulnerability |
|||||||
No | No | – | – | Critical | 4.2 | 3.8 | |
Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 | |
FSLogix Information Disclosure Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 | |
Microsoft Access Remote Code Execution Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 5.1 | 5.3 | |
Microsoft COM for Windows Remote Code Execution Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 | |
Microsoft Defender Remote Code Execution Vulnerability |
|||||||
No | No | More Likely | More Likely | Critical | 7.8 | 6.8 | |
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Critical | 8.7 | 7.6 | |
Microsoft Edge (Chrome based) Spoofing on IE Mode |
|||||||
No | No | Less Likely | Less Likely | Important | 3.3 | 3.9 | |
Microsoft Excel Remote Code Execution Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
Microsoft Excel Security Feature Bypass Vulnerability |
|||||||
No | Yes | Detected | Detected | Important | 7.8 | 7.0 | |
Microsoft Exchange Server Remote Code Execution Vulnerability |
|||||||
No | Yes | Detected | Detected | Important | 8.8 | 7.7 | |
Microsoft Exchange Server Spoofing Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 | |
CVE-2021-42305 | No | No | Less Likely | Less Likely | Important | 6.5 |
5.7 |
Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability |
|||||||
CVE-2021-26443 | No | No | Less Likely | Less Likely | Critical | 9.0 |
7.8 |
Microsoft Windows Media Foundation Remote Code Execution Vulnerability |
|||||||
CVE-2021-42276 | No | No | Less Likely | Less Likely | Important | 7.8 |
6.8 |
Microsoft Word Remote Code Execution Vulnerability |
|||||||
CVE-2021-42296 | No | No | Less Likely | Less Likely | Important | 7.8 |
6.8 |
NTFS Elevation of Privilege Vulnerability |
|||||||
CVE-2021-41367 | No | No | Less Likely | Less Likely | Important | 7.8 |
6.8 |
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
CVE-2021-42283 | No | No | Less Likely | Less Likely | Important | 8.8 |
7.7 |
OpenSSL: CVE-2021-3711 SM2 Decryption Buffer Overflow |
|||||||
CVE-2021-3711 | No | No | Less Likely | Less Likely |
Critical |
||
Power BI Report Server Spoofing Vulnerability |
|||||||
CVE-2021-41372 | No | No | Less Likely | Less Likely | Important | 7.6 |
6.8 |
Remote Desktop Client Remote Code Execution Vulnerability |
|||||||
CVE-2021-38666 | No | No | More Likely | More Likely | Critical | 8.8 |
7.7 |
Remote Desktop Protocol Client Information Disclosure Vulnerability |
|||||||
CVE-2021-38665 | No | No | Less Likely | Less Likely | Important | 7.4 |
6.4 |
Visual Studio Code Elevation of Privilege Vulnerability |
|||||||
CVE-2021-42322 | No | No | Less Likely | Less Likely | Important | 7.8 |
6.8 |
Visual Studio Elevation of Privilege Vulnerability |
|||||||
CVE-2021-42319 | No | No | Less Likely | Less Likely | Important | 4.7 |
4.1 |
Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability |
|||||||
CVE-2021-42286 | No | No | Less Likely | Less Likely | Important | 7.8 |
6.8 |
Windows Denial of Service Vulnerability |
|||||||
CVE-2021-41356 | No | No | More Likely | More Likely | Important | 7.5 |
6.7 |
Windows Desktop Bridge Elevation of Privilege Vulnerability |
|||||||
CVE-2021-36957 | No | No | Less Likely | Less Likely | Important | 7.8 |
6.8 |
Windows Fast FAT File System Driver Elevation of Privilege Vulnerability |
|||||||
CVE-2021-41377 | No | No | Less Likely | Less Likely | Important | 7.8 |
6.8 |
Windows Feedback Hub Elevation of Privilege Vulnerability |
|||||||
CVE-2021-42280 | No | No | Less Likely | Less Likely | Important | 5.5 |
4.8 |
Windows Hello Security Feature Bypass Vulnerability |
|||||||
CVE-2021-42288 | No | No | Less Likely | Less Likely | Important | 5.7 |
5.1 |
Windows Hyper-V Denial of Service Vulnerability |
|||||||
CVE-2021-42284 | No | No | Less Likely | Less Likely | Important | 6.8 |
6.1 |
Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability |
|||||||
CVE-2021-42274 | No | No | Less Likely | Less Likely | Important | 6.8 |
5.9 |
Windows Installer Elevation of Privilege Vulnerability |
|||||||
CVE-2021-41379 | No | No | Less Likely | Less Likely | Important | 5.5 |
4.8 |
Windows Kernel Elevation of Privilege Vulnerability |
|||||||
CVE-2021-42285 | No | No | Less Likely | Less Likely | Important | 7.8 |
6.8 |
Windows NTFS Remote Code Execution Vulnerability |
|||||||
CVE-2021-41378 | No | No | Less Likely | Less Likely | Important | 7.8 |
6.8 |
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability |
|||||||
CVE-2021-38631 | Yes | No | Less Likely | Less Likely | Important | 4.4 |
3.9 |
Yes | No | Less Likely | Less Likely | Important | 4.4 |
3.9 |