Microsoft 12 stycznia 2021 roku wydał nowy pakiet aktualizacji bezpieczeństwa w ramach comiesięcznego Patch Tuesday. Wydano łącznie 83 poprawek bezpieczeństwa, w tym 10 oznaczonych jako krytyczne.
Istotne podatności:
CVE-2021-1647 – wykorzystywana luka w Windows Defender w wersjach wcześniejszych niż 1.1.17600 umożliwiająca zdalne wykonanie kodu.
CVE-2021-1658 – luka w Windows RPC Runtime, wykorzystanie podatności umożliwia zdalne wykonanie kody, nie wymaga interakcji użytkownika, wymaga niewielkich uprawnień i nie jest złożonym atakiem.
Pełna lista poprawek:
Description | |||||||
---|---|---|---|---|---|---|---|
CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
ASP.NET Core and Visual Studio Denial of Service Vulnerability | |||||||
CVE-2021-1723 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
Active Template Library Elevation of Privilege Vulnerability | |||||||
CVE-2021-1649 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Azure Active Directory Pod Identity Spoofing Vulnerability | |||||||
CVE-2021-1677 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Bot Framework SDK Information Disclosure Vulnerability | |||||||
CVE-2021-1725 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | |||||||
CVE-2021-1651 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2021-1680 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
GDI+ Remote Code Execution Vulnerability | |||||||
CVE-2021-1665 | No | No | Less Likely | Less Likely | Critical | 7.8 | 6.8 |
HEVC Video Extensions Remote Code Execution Vulnerability | |||||||
CVE-2021-1644 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2021-1643 | No | No | Less Likely | Less Likely | Critical | 7.8 | 7.0 |
Hyper-V Denial of Service Vulnerability | |||||||
CVE-2021-1691 | No | No | Less Likely | Less Likely | Important | 7.7 | 6.7 |
CVE-2021-1692 | No | No | Less Likely | Less Likely | Important | 7.7 | 6.7 |
Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability | |||||||
CVE-2021-1668 | No | No | Less Likely | Less Likely | Critical | 7.8 | 6.8 |
Microsoft Defender Remote Code Execution Vulnerability | |||||||
CVE-2021-1647 | No | Yes | Detected | Detected | Critical | 7.8 | 7.0 |
Microsoft Edge (HTML-based) Memory Corruption Vulnerability | |||||||
CVE-2021-1705 | No | No | Less Likely | Less Likely | Critical | 4.2 | 3.8 |
Microsoft Excel Remote Code Execution Vulnerability | |||||||
CVE-2021-1713 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2021-1714 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Microsoft Office Remote Code Execution Vulnerability | |||||||
CVE-2021-1711 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Microsoft SQL Elevation of Privilege Vulnerability | |||||||
CVE-2021-1636 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
Microsoft SharePoint Elevation of Privilege Vulnerability | |||||||
CVE-2021-1712 | No | No | Less Likely | Less Likely | Important | 8.0 | 7.0 |
CVE-2021-1719 | No | No | Less Likely | Less Likely | Important | 8.0 | 7.0 |
Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||||
CVE-2021-1707 | No | No | More Likely | More Likely | Important | 8.8 | 7.7 |
Microsoft SharePoint Server Tampering Vulnerability | |||||||
CVE-2021-1718 | No | No | Less Likely | Less Likely | Important | 8.0 | 7.0 |
Microsoft SharePoint Spoofing Vulnerability | |||||||
CVE-2021-1641 | No | No | Less Likely | Less Likely | Important | 4.6 | 4.0 |
CVE-2021-1717 | No | No | Less Likely | Less Likely | Important | 4.6 | 4.0 |
Microsoft Windows Media Foundation Remote Code Execution Vulnerability | |||||||
CVE-2021-1710 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Microsoft Word Remote Code Execution Vulnerability | |||||||
CVE-2021-1715 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2021-1716 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Microsoft splwow64 Elevation of Privilege Vulnerability | |||||||
CVE-2021-1648 | Yes | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
NTLM Security Feature Bypass Vulnerability | |||||||
CVE-2021-1678 | No | No | Less Likely | Less Likely | Important | 4.3 | 3.8 |
Remote Procedure Call Runtime Remote Code Execution Vulnerability | |||||||
CVE-2021-1658 | No | No | Less Likely | Less Likely | Critical | 8.8 | 7.7 |
CVE-2021-1660 | No | No | Less Likely | Less Likely | Critical | 8.8 | 7.7 |
CVE-2021-1664 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
CVE-2021-1666 | No | No | Less Likely | Less Likely | Critical | 8.8 | 7.7 |
CVE-2021-1667 | No | No | Less Likely | Less Likely | Critical | 8.8 | 7.7 |
CVE-2021-1671 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
CVE-2021-1673 | No | No | Less Likely | Less Likely | Critical | 8.8 | 7.7 |
CVE-2021-1700 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
CVE-2021-1701 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
TPM Device Driver Information Disclosure Vulnerability | |||||||
CVE-2021-1656 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Visual Studio Remote Code Execution Vulnerability | |||||||
CVE-2020-26870 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
Windows (modem.sys) Information Disclosure Vulnerability | |||||||
CVE-2021-1699 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | |||||||
CVE-2021-1642 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2021-1685 | No | No | Less Likely | Less Likely | Important | 7.3 | 6.4 |
Windows Bluetooth Security Feature Bypass Vulnerability | |||||||
CVE-2021-1683 | No | No | Less Likely | Less Likely | Important | 5.0 | 4.4 |
CVE-2021-1684 | No | No | Less Likely | Less Likely | Important | 5.0 | 4.4 |
CVE-2021-1638 | No | No | Less Likely | Less Likely | Important | 7.7 | 6.7 |
Windows CSC Service Elevation of Privilege Vulnerability | |||||||
CVE-2021-1652 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2021-1653 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2021-1654 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2021-1655 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2021-1659 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2021-1688 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2021-1693 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows CryptoAPI Denial of Service Vulnerability | |||||||
CVE-2021-1679 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
Windows DNS Query Information Disclosure Vulnerability | |||||||
CVE-2021-1637 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Windows Docker Information Disclosure Vulnerability | |||||||
CVE-2021-1645 | No | No | Less Likely | Less Likely | Important | 5.0 | 4.4 |
Windows Event Logging Service Elevation of Privilege Vulnerability | |||||||
CVE-2021-1703 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows Event Tracing Elevation of Privilege Vulnerability | |||||||
CVE-2021-1662 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows Fax Compose Form Remote Code Execution Vulnerability | |||||||
CVE-2021-1657 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows GDI+ Information Disclosure Vulnerability | |||||||
CVE-2021-1708 | No | No | Less Likely | Less Likely | Important | 5.7 | 5.0 |
Windows Graphics Component Information Disclosure Vulnerability | |||||||
CVE-2021-1696 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Windows Hyper-V Elevation of Privilege Vulnerability | |||||||
CVE-2021-1704 | No | No | Less Likely | Less Likely | Important | 7.3 | 6.4 |
Windows InstallService Elevation of Privilege Vulnerability | |||||||
CVE-2021-1697 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows Installer Elevation of Privilege Vulnerability | |||||||
CVE-2021-1661 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows Kernel Elevation of Privilege Vulnerability | |||||||
CVE-2021-1682 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
Windows LUAFV Elevation of Privilege Vulnerability | |||||||
CVE-2021-1706 | No | No | Less Likely | Less Likely | Important | 7.3 | 6.4 |
Windows Multipoint Management Elevation of Privilege Vulnerability | |||||||
CVE-2021-1689 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability | |||||||
CVE-2021-1676 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Windows Print Spooler Elevation of Privilege Vulnerability | |||||||
CVE-2021-1695 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows Projected File System FS Filter Driver Information Disclosure Vulnerability | |||||||
CVE-2021-1663 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
CVE-2021-1670 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
CVE-2021-1672 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability | |||||||
CVE-2021-1674 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
Windows Remote Desktop Security Feature Bypass Vulnerability | |||||||
CVE-2021-1669 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability | |||||||
CVE-2021-1702 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows Runtime C++ Template Library Elevation of Privilege Vulnerability | |||||||
CVE-2021-1650 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows Update Stack Elevation of Privilege Vulnerability | |||||||
CVE-2021-1694 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
Windows WLAN Service Elevation of Privilege Vulnerability | |||||||
CVE-2021-1646 | No | No | Less Likely | Less Likely | Important | 6.6 | 5.8 |
Windows WalletService Elevation of Privilege Vulnerability | |||||||
CVE-2021-1681 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2021-1686 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2021-1687 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2021-1690 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows Win32k Elevation of Privilege Vulnerability | |||||||
CVE-2021-1709 | No | No | More Likely | More Likely | Important | 7.0 | 6.1 |