Microsoft 12 stycznia 2021 roku wydał nowy pakiet aktualizacji bezpieczeństwa w ramach comiesięcznego Patch Tuesday. Wydano łącznie 83 poprawek bezpieczeństwa, w tym 10 oznaczonych jako krytyczne.

Istotne podatności:

CVE-2021-1647 – wykorzystywana luka w Windows Defender w wersjach wcześniejszych niż 1.1.17600 umożliwiająca zdalne wykonanie kodu.

CVE-2021-1658 – luka w Windows RPC Runtime, wykorzystanie podatności umożliwia zdalne wykonanie kody, nie wymaga interakcji użytkownika, wymaga niewielkich uprawnień i nie jest złożonym atakiem.

Pełna lista poprawek:

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
ASP.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2021-1723 No No Less Likely Less Likely Important 7.5 6.5
Active Template Library Elevation of Privilege Vulnerability
CVE-2021-1649 No No Less Likely Less Likely Important 7.8 6.8
Azure Active Directory Pod Identity Spoofing Vulnerability
CVE-2021-1677 No No Less Likely Less Likely Important 5.5 4.8
Bot Framework SDK Information Disclosure Vulnerability
CVE-2021-1725 No No Less Likely Less Likely Important 5.5 4.8
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
CVE-2021-1651 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1680 No No Less Likely Less Likely Important 7.8 6.8
GDI+ Remote Code Execution Vulnerability
CVE-2021-1665 No No Less Likely Less Likely Critical 7.8 6.8
HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2021-1644 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1643 No No Less Likely Less Likely Critical 7.8 7.0
Hyper-V Denial of Service Vulnerability
CVE-2021-1691 No No Less Likely Less Likely Important 7.7 6.7
CVE-2021-1692 No No Less Likely Less Likely Important 7.7 6.7
Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability
CVE-2021-1668 No No Less Likely Less Likely Critical 7.8 6.8
Microsoft Defender Remote Code Execution Vulnerability
CVE-2021-1647 No Yes Detected Detected Critical 7.8 7.0
Microsoft Edge (HTML-based) Memory Corruption Vulnerability
CVE-2021-1705 No No Less Likely Less Likely Critical 4.2 3.8
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-1713 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1714 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Office Remote Code Execution Vulnerability
CVE-2021-1711 No No Less Likely Less Likely Important 7.8 6.8
Microsoft SQL Elevation of Privilege Vulnerability
CVE-2021-1636 No No Less Likely Less Likely Important 8.8 7.7
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2021-1712 No No Less Likely Less Likely Important 8.0 7.0
CVE-2021-1719 No No Less Likely Less Likely Important 8.0 7.0
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-1707 No No More Likely More Likely Important 8.8 7.7
Microsoft SharePoint Server Tampering Vulnerability
CVE-2021-1718 No No Less Likely Less Likely Important 8.0 7.0
Microsoft SharePoint Spoofing Vulnerability
CVE-2021-1641 No No Less Likely Less Likely Important 4.6 4.0
CVE-2021-1717 No No Less Likely Less Likely Important 4.6 4.0
Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVE-2021-1710 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Word Remote Code Execution Vulnerability
CVE-2021-1715 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1716 No No Less Likely Less Likely Important 7.8 6.8
Microsoft splwow64 Elevation of Privilege Vulnerability
CVE-2021-1648 Yes No Less Likely Less Likely Important 7.8 7.0
NTLM Security Feature Bypass Vulnerability
CVE-2021-1678 No No Less Likely Less Likely Important 4.3 3.8
Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-1658 No No Less Likely Less Likely Critical 8.8 7.7
CVE-2021-1660 No No Less Likely Less Likely Critical 8.8 7.7
CVE-2021-1664 No No Less Likely Less Likely Important 8.8 7.7
CVE-2021-1666 No No Less Likely Less Likely Critical 8.8 7.7
CVE-2021-1667 No No Less Likely Less Likely Critical 8.8 7.7
CVE-2021-1671 No No Less Likely Less Likely Important 8.8 7.7
CVE-2021-1673 No No Less Likely Less Likely Critical 8.8 7.7
CVE-2021-1700 No No Less Likely Less Likely Important 8.8 7.7
CVE-2021-1701 No No Less Likely Less Likely Important 8.8 7.7
TPM Device Driver Information Disclosure Vulnerability
CVE-2021-1656 No No Less Likely Less Likely Important 5.5 4.8
Visual Studio Remote Code Execution Vulnerability
CVE-2020-26870 No No Less Likely Less Likely Important 7.0 6.1
Windows (modem.sys) Information Disclosure Vulnerability
CVE-2021-1699 No No Less Likely Less Likely Important 5.5 4.8
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
CVE-2021-1642 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1685 No No Less Likely Less Likely Important 7.3 6.4
Windows Bluetooth Security Feature Bypass Vulnerability
CVE-2021-1683 No No Less Likely Less Likely Important 5.0 4.4
CVE-2021-1684 No No Less Likely Less Likely Important 5.0 4.4
CVE-2021-1638 No No Less Likely Less Likely Important 7.7 6.7
Windows CSC Service Elevation of Privilege Vulnerability
CVE-2021-1652 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1653 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1654 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1655 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1659 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1688 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1693 No No Less Likely Less Likely Important 7.8 6.8
Windows CryptoAPI Denial of Service Vulnerability
CVE-2021-1679 No No Less Likely Less Likely Important 6.5 5.7
Windows DNS Query Information Disclosure Vulnerability
CVE-2021-1637 No No Less Likely Less Likely Important 5.5 4.8
Windows Docker Information Disclosure Vulnerability
CVE-2021-1645 No No Less Likely Less Likely Important 5.0 4.4
Windows Event Logging Service Elevation of Privilege Vulnerability
CVE-2021-1703 No No Less Likely Less Likely Important 7.8 6.8
Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-1662 No No Less Likely Less Likely Important 7.8 6.8
Windows Fax Compose Form Remote Code Execution Vulnerability
CVE-2021-1657 No No Less Likely Less Likely Important 7.8 6.8
Windows GDI+ Information Disclosure Vulnerability
CVE-2021-1708 No No Less Likely Less Likely Important 5.7 5.0
Windows Graphics Component Information Disclosure Vulnerability
CVE-2021-1696 No No Less Likely Less Likely Important 5.5 4.8
Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2021-1704 No No Less Likely Less Likely Important 7.3 6.4
Windows InstallService Elevation of Privilege Vulnerability
CVE-2021-1697 No No Less Likely Less Likely Important 7.8 6.8
Windows Installer Elevation of Privilege Vulnerability
CVE-2021-1661 No No Less Likely Less Likely Important 7.8 6.8
Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-1682 No No Less Likely Less Likely Important 7.0 6.1
Windows LUAFV Elevation of Privilege Vulnerability
CVE-2021-1706 No No Less Likely Less Likely Important 7.3 6.4
Windows Multipoint Management Elevation of Privilege Vulnerability
CVE-2021-1689 No No Less Likely Less Likely Important 7.8 6.8
Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability
CVE-2021-1676 No No Less Likely Less Likely Important 5.5 4.8
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2021-1695 No No Less Likely Less Likely Important 7.8 6.8
Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
CVE-2021-1663 No No Less Likely Less Likely Important 5.5 4.8
CVE-2021-1670 No No Less Likely Less Likely Important 5.5 4.8
CVE-2021-1672 No No Less Likely Less Likely Important 5.5 4.8
Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability
CVE-2021-1674 No No Less Likely Less Likely Important 8.8 7.7
Windows Remote Desktop Security Feature Bypass Vulnerability
CVE-2021-1669 No No Less Likely Less Likely Important 8.8 7.7
Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability
CVE-2021-1702 No No Less Likely Less Likely Important 7.8 6.8
Windows Runtime C++ Template Library Elevation of Privilege Vulnerability
CVE-2021-1650 No No Less Likely Less Likely Important 7.8 6.8
Windows Update Stack Elevation of Privilege Vulnerability
CVE-2021-1694 No No Less Likely Less Likely Important 7.5 6.5
Windows WLAN Service Elevation of Privilege Vulnerability
CVE-2021-1646 No No Less Likely Less Likely Important 6.6 5.8
Windows WalletService Elevation of Privilege Vulnerability
CVE-2021-1681 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1686 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1687 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1690 No No Less Likely Less Likely Important 7.8 6.8
Windows Win32k Elevation of Privilege Vulnerability
CVE-2021-1709 No No More Likely More Likely Important 7.0 6.1