Microsoft 12 października 2021 roku wydał nowy pakiet aktualizacji bezpieczeństwa w ramach comiesięcznego Patch Tuesday. Wydano łącznie 81 poprawek bezpieczeństwa, w tym 3 oznaczone jako krytyczne.
Istotne podatności:
- CVE-2021-40461 i CVE-2021-38672 – zdalne wykonanie kodu w Windows Hyper-V.
- CVE-2021-40449 – eskalacja uprawnień w Win32k.
- CVE-2021-40486 – zdalne wykonanie kodu w Microsoft Word.
Description |
|||||||
CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) |
CVSS Temporal (AVG) |
.NET Core and Visual Studio Information Disclosure Vulnerability |
|||||||
CVE-2021-41355 | No | No | Less Likely | Less Likely | Important | 5.7 |
5.0 |
Active Directory Federation Server Spoofing Vulnerability |
|||||||
CVE-2021-41361 | No | No | Less Likely | Less Likely | Important | 5.4 |
4.7 |
Active Directory Security Feature Bypass Vulnerability |
|||||||
CVE-2021-41337 | No | No | Less Likely | Less Likely | Important | 4.9 |
4.3 |
Chromium: CVE-2021-37974 Use after free in Safe Browsing |
|||||||
CVE-2021-37974 | No | No | – | – | – |
|
|
Chromium: CVE-2021-37975 Use after free in V8 |
|||||||
CVE-2021-37975 | No | No | – | – |
– |
||
Chromium: CVE-2021-37976 Information leak in core |
|||||||
CVE-2021-37976 | No | No | – | – |
– |
||
Chromium: CVE-2021-37977 Use after free in Garbage Collection |
|||||||
CVE-2021-37977 | No | No | – | – | – |
|
|
Chromium: CVE-2021-37978 Heap buffer overflow in Blink |
|||||||
CVE-2021-37978 | No | No | – | – | – |
|
|
Chromium: CVE-2021-37979 Heap buffer overflow in WebRTC |
|||||||
CVE-2021-37979 | No | No | – | – | – |
|
|
Chromium: CVE-2021-37980 Inappropriate implementation in Sandbox |
|||||||
CVE-2021-37980 | No | No | – | – | – |
|
|
Console Window Host Security Feature Bypass Vulnerability |
|||||||
CVE-2021-41346 | No | No | Less Likely | Less Likely | Important | 5.3 |
4.6 |
DirectX Graphics Kernel Elevation of Privilege Vulnerability |
|||||||
CVE-2021-40470 | No | No | More Likely | More Likely | Important | 7.8 |
6.8 |
Intune Management Extension Security Feature Bypass Vulnerability |
|||||||
CVE-2021-41363 | No | No | Less Likely | Less Likely | Important | 4.2 |
3.8 |
Microsoft DWM Core Library Elevation of Privilege Vulnerability |
|||||||
CVE-2021-41339 | No | No | Less Likely | Less Likely | Important | 4.7 |
4.2 |
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
|||||||
CVE-2021-41354 | No | No | – | – | Important | 4.1 |
3.8 |
Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability |
|||||||
CVE-2021-41353 | No | No | – | – | Important | 5.4 |
4.7 |
Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability |
|||||||
CVE-2021-40457 | No | No | Less Likely | Less Likely | Important | 7.4 |
6.9 |
Microsoft Excel Information Disclosure Vulnerability |
|||||||
CVE-2021-40472 | No | No | Less Likely | Less Likely | Important | 5.5 |
4.8 |
Microsoft Excel Remote Code Execution Vulnerability |
|||||||
CVE-2021-40471 | No | No | Less Likely | Less Likely | Important | 7.8 |
6.8 |
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
CVE-2021-40474 | No | No | Less Likely | Less Likely | Important | 7.8 |
6.8 |
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
CVE-2021-40485 | No | No | Less Likely | Less Likely | Important | 7.8 |
6.8 |
Microsoft Exchange Server Denial of Service Vulnerability |
|||||||
CVE-2021-34453 | No | No | Less Likely | Less Likely | Important | 7.5 |
6.5 |
Microsoft Exchange Server Elevation of Privilege Vulnerability |
|||||||
CVE-2021-41348 | No | No | Less Likely | Less Likely | Important | 8.0 |
7.0 |
Microsoft Exchange Server Remote Code Execution Vulnerability |
|||||||
CVE-2021-26427 | No | No | Less Likely | Less Likely | Important | 9.0 |
7.8 |
Microsoft Exchange Server Spoofing Vulnerability |
|||||||
CVE-2021-41350 | No | No | Less Likely | Less Likely | Important | 6.5 |
5.7 |
Microsoft Office Visio Remote Code Execution Vulnerability |
|||||||
CVE-2021-40480 | No | No | Less Likely | Less Likely | Important | 7.8 |
6.8 |
No | No | Less Likely | Less Likely | Important | 7.1 | 6.2 | |
Microsoft SharePoint Server Information Disclosure Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 5.3 | 4.8 | |
Microsoft SharePoint Server Remote Code Execution Vulnerability |
|||||||
No | No | More Likely | More Likely | Important | 8.1 | 7.1 | |
CVE-2021-40487 | No | No | More Likely | More Likely | Important | 8.1 |
7.1 |
Microsoft SharePoint Server Spoofing Vulnerability |
|||||||
CVE-2021-40483 | No | No | Less Likely | Less Likely | Low | 7.6 |
6.6 |
No | No | Less Likely | Less Likely | Important | 7.6 | 6.6 | |
Microsoft Windows Media Foundation Remote Code Execution Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
Microsoft Word Remote Code Execution Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Critical | 7.8 | 6.8 | |
OpenSSL: CVE-2020-1971 EDIPARTYNAME NULL pointer de-reference |
|||||||
No | No | Less Likely | Less Likely | Important | |||
OpenSSL: CVE-2021-3449 NULL pointer deref in signature_algorithms processing |
|||||||
No | No | Less Likely | Less Likely | Important | |||
OpenSSL: CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT |
|||||||
No | No | Unlikely | Unlikely | Important | |||
Rich Text Edit Control Information Disclosure Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 5.5 | 5.1 | |
SCOM Information Disclosure Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 | |
Storage Spaces Controller Elevation of Privilege Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
CVE-2021-40488 | No | No | Less Likely | Less Likely | Important | 7.8 |
6.8 |
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
CVE-2021-26441 | No | No | Less Likely | Less Likely | Important | 7.8 |
6.8 |
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
Win32k Elevation of Privilege Vulnerability |
|||||||
No | Yes | Detected | Detected | Important | 7.8 | 7.2 | |
CVE-2021-40450 | No | No | More Likely | More Likely | Important | 7.8 |
6.8 |
No | No | More Likely | More Likely | Important | 7.8 | 7.2 | |
Windows AD FS Security Feature Bypass Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 5.3 | 4.6 | |
Windows AppContainer Elevation Of Privilege Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.5 | 6.7 | |
Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability |
|||||||
Yes | No | Less Likely | Less Likely | Important | 5.5 | 5.0 | |
Windows AppX Deployment Service Elevation of Privilege Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
Windows Bind Filter Driver Information Disclosure Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 | |
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 | |
Windows Common Log File System Driver Elevation of Privilege Vulnerability |
|||||||
No | No | More Likely | More Likely | Important | 7.8 | 6.8 | |
CVE-2021-40466 | No | No | More Likely | More Likely | Important | 7.8 |
6.8 |
No | No | More Likely | More Likely | Important | 7.8 | 6.8 | |
Windows DNS Server Remote Code Execution Vulnerability |
|||||||
Yes | No | Less Likely | Less Likely | Important | 7.2 | 6.5 | |
Windows Desktop Bridge Elevation of Privilege Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 | |
Windows Event Tracing Elevation of Privilege Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
Windows Fast FAT File System Driver Information Disclosure Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 | |
CVE-2021-41343 | No | No | Less Likely | Less Likely | Important | 5.5 |
4.8 |
Windows Graphics Component Remote Code Execution Vulnerability |
|||||||
CVE-2021-41340 | No | No | Less Likely | Less Likely | Important | 7.8 |
6.8 |
Windows HTTP.sys Elevation of Privilege Vulnerability |
|||||||
CVE-2021-26442 | No | No | Less Likely | Less Likely | Important | 7.0 |
6.1 |
Windows Hyper-V Remote Code Execution Vulnerability |
|||||||
CVE-2021-38672 | No | No | Less Likely | Less Likely | Critical | 8.0 |
7.0 |
No | No | Less Likely | Less Likely | Critical | 8.0 | 7.0 | |
Windows Installer Spoofing Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 | |
Windows Kernel Elevation of Privilege Vulnerability |
|||||||
Yes | No | Less Likely | Less Likely | Important | 7.8 | 7.0 | |
Windows Kernel Information Disclosure Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 | |
Windows MSHTML Platform Remote Code Execution Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 6.8 | 6.1 | |
Windows Media Audio Decoder Remote Code Execution Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
Windows NAT Denial of Service Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.7 | 6.7 | |
Windows Nearby Sharing Elevation of Privilege Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 8.0 | 7.0 | |
Windows Print Spooler Information Disclosure Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 | |
Windows Print Spooler Spoofing Vulnerability |
|||||||
No | No | More Likely | More Likely | Important | 8.8 | 8.2 | |
Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 | |
Windows TCP/IP Denial of Service Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 | |
Windows Text Shaping Remote Code Execution Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
Windows exFAT File System Information Disclosure Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 5.5 |
4.8 |