Microsoft 12 października 2021 roku wydał nowy pakiet aktualizacji bezpieczeństwa w ramach comiesięcznego Patch Tuesday. Wydano łącznie 81 poprawek bezpieczeństwa, w tym 3 oznaczone jako krytyczne.

Istotne podatności:

  • CVE-2021-40461 i CVE-2021-38672 – zdalne wykonanie kodu w Windows Hyper-V.
  • CVE-2021-40449 – eskalacja uprawnień w Win32k.
  • CVE-2021-40486 – zdalne wykonanie kodu w Microsoft Word.

Description

CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG)

CVSS Temporal (AVG)

.NET Core and Visual Studio Information Disclosure Vulnerability

CVE-2021-41355 No No Less Likely Less Likely Important 5.7

5.0

Active Directory Federation Server Spoofing Vulnerability

CVE-2021-41361 No No Less Likely Less Likely Important 5.4

4.7

Active Directory Security Feature Bypass Vulnerability

CVE-2021-41337 No No Less Likely Less Likely Important 4.9

4.3

Chromium: CVE-2021-37974 Use after free in Safe Browsing

CVE-2021-37974 No No

Chromium: CVE-2021-37975 Use after free in V8

CVE-2021-37975 No No

Chromium: CVE-2021-37976 Information leak in core

CVE-2021-37976 No No

Chromium: CVE-2021-37977 Use after free in Garbage Collection

CVE-2021-37977 No No

Chromium: CVE-2021-37978 Heap buffer overflow in Blink

CVE-2021-37978 No No

Chromium: CVE-2021-37979 Heap buffer overflow in WebRTC

CVE-2021-37979 No No

Chromium: CVE-2021-37980 Inappropriate implementation in Sandbox

CVE-2021-37980 No No

Console Window Host Security Feature Bypass Vulnerability

CVE-2021-41346 No No Less Likely Less Likely Important 5.3

4.6

DirectX Graphics Kernel Elevation of Privilege Vulnerability

CVE-2021-40470 No No More Likely More Likely Important 7.8

6.8

Intune Management Extension Security Feature Bypass Vulnerability

CVE-2021-41363 No No Less Likely Less Likely Important 4.2

3.8

Microsoft DWM Core Library Elevation of Privilege Vulnerability

CVE-2021-41339 No No Less Likely Less Likely Important 4.7

4.2

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

CVE-2021-41354 No No Important 4.1

3.8

Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability

CVE-2021-41353 No No Important 5.4

4.7

Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability

CVE-2021-40457 No No Less Likely Less Likely Important 7.4

6.9

Microsoft Excel Information Disclosure Vulnerability

CVE-2021-40472 No No Less Likely Less Likely Important 5.5

4.8

Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-40471 No No Less Likely Less Likely Important 7.8

6.8

CVE-2021-40473

No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-40474 No No Less Likely Less Likely Important 7.8

6.8

CVE-2021-40479

No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-40485 No No Less Likely Less Likely Important 7.8

6.8

Microsoft Exchange Server Denial of Service Vulnerability

CVE-2021-34453 No No Less Likely Less Likely Important 7.5

6.5

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVE-2021-41348 No No Less Likely Less Likely Important 8.0

7.0

Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2021-26427 No No Less Likely Less Likely Important 9.0

7.8

Microsoft Exchange Server Spoofing Vulnerability

CVE-2021-41350 No No Less Likely Less Likely Important 6.5

5.7

Microsoft Office Visio Remote Code Execution Vulnerability

CVE-2021-40480 No No Less Likely Less Likely Important 7.8

6.8

CVE-2021-40481

No No Less Likely Less Likely Important 7.1 6.2

Microsoft SharePoint Server Information Disclosure Vulnerability

CVE-2021-40482

No No Less Likely Less Likely Important 5.3 4.8

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2021-41344

No No More Likely More Likely Important 8.1 7.1
CVE-2021-40487 No No More Likely More Likely Important 8.1

7.1

Microsoft SharePoint Server Spoofing Vulnerability

CVE-2021-40483 No No Less Likely Less Likely Low 7.6

6.6

CVE-2021-40484

No No Less Likely Less Likely Important 7.6 6.6

Microsoft Windows Media Foundation Remote Code Execution Vulnerability

CVE-2021-41330

No No Less Likely Less Likely Important 7.8 6.8

Microsoft Word Remote Code Execution Vulnerability

CVE-2021-40486

No No Less Likely Less Likely Critical 7.8 6.8

OpenSSL: CVE-2020-1971 EDIPARTYNAME NULL pointer de-reference

CVE-2020-1971

No No Less Likely Less Likely Important

OpenSSL: CVE-2021-3449 NULL pointer deref in signature_algorithms processing

CVE-2021-3449

No No Less Likely Less Likely Important

OpenSSL: CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT

CVE-2021-3450

No No Unlikely Unlikely Important

Rich Text Edit Control Information Disclosure Vulnerability

CVE-2021-40454

No No Less Likely Less Likely Important 5.5 5.1

SCOM Information Disclosure Vulnerability

CVE-2021-41352

No No Less Likely Less Likely Important 7.5 6.5

Storage Spaces Controller Elevation of Privilege Vulnerability

CVE-2021-40478

No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-40488 No No Less Likely Less Likely Important 7.8

6.8

CVE-2021-40489

No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-26441 No No Less Likely Less Likely Important 7.8

6.8

CVE-2021-41345

No No Less Likely Less Likely Important 7.8 6.8

Win32k Elevation of Privilege Vulnerability

CVE-2021-40449

No Yes Detected Detected Important 7.8 7.2
CVE-2021-40450 No No More Likely More Likely Important 7.8

6.8

CVE-2021-41357

No No More Likely More Likely Important 7.8 7.2

Windows AD FS Security Feature Bypass Vulnerability

CVE-2021-40456

No No Less Likely Less Likely Important 5.3 4.6

Windows AppContainer Elevation Of Privilege Vulnerability

CVE-2021-40476

No No Less Likely Less Likely Important 7.5 6.7

Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability

CVE-2021-41338

Yes No Less Likely Less Likely Important 5.5 5.0

Windows AppX Deployment Service Elevation of Privilege Vulnerability

CVE-2021-41347

No No Less Likely Less Likely Important 7.8 6.8

Windows Bind Filter Driver Information Disclosure Vulnerability

CVE-2021-40468

No No Less Likely Less Likely Important 5.5 4.8

Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability

CVE-2021-40475

No No Less Likely Less Likely Important 5.5 4.8

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2021-40443

No No More Likely More Likely Important 7.8 6.8
CVE-2021-40466 No No More Likely More Likely Important 7.8

6.8

CVE-2021-40467

No No More Likely More Likely Important 7.8 6.8

Windows DNS Server Remote Code Execution Vulnerability

CVE-2021-40469

Yes No Less Likely Less Likely Important 7.2 6.5

Windows Desktop Bridge Elevation of Privilege Vulnerability

CVE-2021-41334

No No Less Likely Less Likely Important 7.0 6.1

Windows Event Tracing Elevation of Privilege Vulnerability

CVE-2021-40477

No No Less Likely Less Likely Important 7.8 6.8

Windows Fast FAT File System Driver Information Disclosure Vulnerability

CVE-2021-38662

No No Less Likely Less Likely Important 5.5 4.8
CVE-2021-41343 No No Less Likely Less Likely Important 5.5

4.8

Windows Graphics Component Remote Code Execution Vulnerability

CVE-2021-41340 No No Less Likely Less Likely Important 7.8

6.8

Windows HTTP.sys Elevation of Privilege Vulnerability

CVE-2021-26442 No No Less Likely Less Likely Important 7.0

6.1

Windows Hyper-V Remote Code Execution Vulnerability

CVE-2021-38672 No No Less Likely Less Likely Critical 8.0

7.0

CVE-2021-40461

No No Less Likely Less Likely Critical 8.0 7.0

Windows Installer Spoofing Vulnerability

CVE-2021-40455

No No Less Likely Less Likely Important 5.5 4.8

Windows Kernel Elevation of Privilege Vulnerability

CVE-2021-41335

Yes No Less Likely Less Likely Important 7.8 7.0

Windows Kernel Information Disclosure Vulnerability

CVE-2021-41336

No No Less Likely Less Likely Important 5.5 4.8

Windows MSHTML Platform Remote Code Execution Vulnerability

CVE-2021-41342

No No Less Likely Less Likely Important 6.8 6.1

Windows Media Audio Decoder Remote Code Execution Vulnerability

CVE-2021-41331

No No Less Likely Less Likely Important 7.8 6.8

Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability

CVE-2021-40462

No No Less Likely Less Likely Important 7.8 6.8

Windows NAT Denial of Service Vulnerability

CVE-2021-40463

No No Less Likely Less Likely Important 7.7 6.7

Windows Nearby Sharing Elevation of Privilege Vulnerability

CVE-2021-40464

No No Less Likely Less Likely Important 8.0 7.0

Windows Print Spooler Information Disclosure Vulnerability

CVE-2021-41332

No No Less Likely Less Likely Important 6.5 5.7

Windows Print Spooler Spoofing Vulnerability

CVE-2021-36970

No No More Likely More Likely Important 8.8 8.2

Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability

CVE-2021-40460

No No Less Likely Less Likely Important 6.5 5.7

Windows TCP/IP Denial of Service Vulnerability

CVE-2021-36953

No No Less Likely Less Likely Important 7.5 6.5

Windows Text Shaping Remote Code Execution Vulnerability

CVE-2021-40465

No No Less Likely Less Likely Important 7.8 6.8

Windows exFAT File System Information Disclosure Vulnerability

CVE-2021-38663

No No Less Likely Less Likely Important 5.5

4.8