Styczniowy Patch Tuesday Microsoftu

Microsoft 12 stycznia 2021 roku wydał nowy pakiet aktualizacji bezpieczeństwa w ramach comiesięcznego Patch Tuesday. Wydano łącznie 83 poprawek bezpieczeństwa, w tym 10 oznaczonych jako krytyczne.

Istotne podatności:

CVE-2021-1647 – wykorzystywana luka w Windows Defender w wersjach wcześniejszych niż 1.1.17600 umożliwiająca zdalne wykonanie kodu.

CVE-2021-1658 – luka w Windows RPC Runtime, wykorzystanie podatności umożliwia zdalne wykonanie kody, nie wymaga interakcji użytkownika, wymaga niewielkich uprawnień i nie jest złożonym atakiem.

Pełna lista poprawek:

Description
CVE	Disclosed	Exploited	Exploitability (old versions)	current version	Severity	CVSS Base (AVG)	CVSS Temporal (AVG)
ASP.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2021-1723	No	No	Less Likely	Less Likely	Important	7.5	6.5
Active Template Library Elevation of Privilege Vulnerability
CVE-2021-1649	No	No	Less Likely	Less Likely	Important	7.8	6.8
Azure Active Directory Pod Identity Spoofing Vulnerability
CVE-2021-1677	No	No	Less Likely	Less Likely	Important	5.5	4.8
Bot Framework SDK Information Disclosure Vulnerability
CVE-2021-1725	No	No	Less Likely	Less Likely	Important	5.5	4.8
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
CVE-2021-1651	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-1680	No	No	Less Likely	Less Likely	Important	7.8	6.8
GDI+ Remote Code Execution Vulnerability
CVE-2021-1665	No	No	Less Likely	Less Likely	Critical	7.8	6.8
HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2021-1644	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-1643	No	No	Less Likely	Less Likely	Critical	7.8	7.0
Hyper-V Denial of Service Vulnerability
CVE-2021-1691	No	No	Less Likely	Less Likely	Important	7.7	6.7
CVE-2021-1692	No	No	Less Likely	Less Likely	Important	7.7	6.7
Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability
CVE-2021-1668	No	No	Less Likely	Less Likely	Critical	7.8	6.8
Microsoft Defender Remote Code Execution Vulnerability
CVE-2021-1647	No	Yes	Detected	Detected	Critical	7.8	7.0
Microsoft Edge (HTML-based) Memory Corruption Vulnerability
CVE-2021-1705	No	No	Less Likely	Less Likely	Critical	4.2	3.8
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-1713	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-1714	No	No	Less Likely	Less Likely	Important	7.8	6.8
Microsoft Office Remote Code Execution Vulnerability
CVE-2021-1711	No	No	Less Likely	Less Likely	Important	7.8	6.8
Microsoft SQL Elevation of Privilege Vulnerability
CVE-2021-1636	No	No	Less Likely	Less Likely	Important	8.8	7.7
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2021-1712	No	No	Less Likely	Less Likely	Important	8.0	7.0
CVE-2021-1719	No	No	Less Likely	Less Likely	Important	8.0	7.0
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-1707	No	No	More Likely	More Likely	Important	8.8	7.7
Microsoft SharePoint Server Tampering Vulnerability
CVE-2021-1718	No	No	Less Likely	Less Likely	Important	8.0	7.0
Microsoft SharePoint Spoofing Vulnerability
CVE-2021-1641	No	No	Less Likely	Less Likely	Important	4.6	4.0
CVE-2021-1717	No	No	Less Likely	Less Likely	Important	4.6	4.0
Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVE-2021-1710	No	No	Less Likely	Less Likely	Important	7.8	6.8
Microsoft Word Remote Code Execution Vulnerability
CVE-2021-1715	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-1716	No	No	Less Likely	Less Likely	Important	7.8	6.8
Microsoft splwow64 Elevation of Privilege Vulnerability
CVE-2021-1648	Yes	No	Less Likely	Less Likely	Important	7.8	7.0
NTLM Security Feature Bypass Vulnerability
CVE-2021-1678	No	No	Less Likely	Less Likely	Important	4.3	3.8
Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-1658	No	No	Less Likely	Less Likely	Critical	8.8	7.7
CVE-2021-1660	No	No	Less Likely	Less Likely	Critical	8.8	7.7
CVE-2021-1664	No	No	Less Likely	Less Likely	Important	8.8	7.7
CVE-2021-1666	No	No	Less Likely	Less Likely	Critical	8.8	7.7
CVE-2021-1667	No	No	Less Likely	Less Likely	Critical	8.8	7.7
CVE-2021-1671	No	No	Less Likely	Less Likely	Important	8.8	7.7
CVE-2021-1673	No	No	Less Likely	Less Likely	Critical	8.8	7.7
CVE-2021-1700	No	No	Less Likely	Less Likely	Important	8.8	7.7
CVE-2021-1701	No	No	Less Likely	Less Likely	Important	8.8	7.7
TPM Device Driver Information Disclosure Vulnerability
CVE-2021-1656	No	No	Less Likely	Less Likely	Important	5.5	4.8
Visual Studio Remote Code Execution Vulnerability
CVE-2020-26870	No	No	Less Likely	Less Likely	Important	7.0	6.1
Windows (modem.sys) Information Disclosure Vulnerability
CVE-2021-1699	No	No	Less Likely	Less Likely	Important	5.5	4.8
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
CVE-2021-1642	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-1685	No	No	Less Likely	Less Likely	Important	7.3	6.4
Windows Bluetooth Security Feature Bypass Vulnerability
CVE-2021-1683	No	No	Less Likely	Less Likely	Important	5.0	4.4
CVE-2021-1684	No	No	Less Likely	Less Likely	Important	5.0	4.4
CVE-2021-1638	No	No	Less Likely	Less Likely	Important	7.7	6.7
Windows CSC Service Elevation of Privilege Vulnerability
CVE-2021-1652	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-1653	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-1654	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-1655	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-1659	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-1688	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-1693	No	No	Less Likely	Less Likely	Important	7.8	6.8
Windows CryptoAPI Denial of Service Vulnerability
CVE-2021-1679	No	No	Less Likely	Less Likely	Important	6.5	5.7
Windows DNS Query Information Disclosure Vulnerability
CVE-2021-1637	No	No	Less Likely	Less Likely	Important	5.5	4.8
Windows Docker Information Disclosure Vulnerability
CVE-2021-1645	No	No	Less Likely	Less Likely	Important	5.0	4.4
Windows Event Logging Service Elevation of Privilege Vulnerability
CVE-2021-1703	No	No	Less Likely	Less Likely	Important	7.8	6.8
Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-1662	No	No	Less Likely	Less Likely	Important	7.8	6.8
Windows Fax Compose Form Remote Code Execution Vulnerability
CVE-2021-1657	No	No	Less Likely	Less Likely	Important	7.8	6.8
Windows GDI+ Information Disclosure Vulnerability
CVE-2021-1708	No	No	Less Likely	Less Likely	Important	5.7	5.0
Windows Graphics Component Information Disclosure Vulnerability
CVE-2021-1696	No	No	Less Likely	Less Likely	Important	5.5	4.8
Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2021-1704	No	No	Less Likely	Less Likely	Important	7.3	6.4
Windows InstallService Elevation of Privilege Vulnerability
CVE-2021-1697	No	No	Less Likely	Less Likely	Important	7.8	6.8
Windows Installer Elevation of Privilege Vulnerability
CVE-2021-1661	No	No	Less Likely	Less Likely	Important	7.8	6.8
Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-1682	No	No	Less Likely	Less Likely	Important	7.0	6.1
Windows LUAFV Elevation of Privilege Vulnerability
CVE-2021-1706	No	No	Less Likely	Less Likely	Important	7.3	6.4
Windows Multipoint Management Elevation of Privilege Vulnerability
CVE-2021-1689	No	No	Less Likely	Less Likely	Important	7.8	6.8
Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability
CVE-2021-1676	No	No	Less Likely	Less Likely	Important	5.5	4.8
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2021-1695	No	No	Less Likely	Less Likely	Important	7.8	6.8
Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
CVE-2021-1663	No	No	Less Likely	Less Likely	Important	5.5	4.8
CVE-2021-1670	No	No	Less Likely	Less Likely	Important	5.5	4.8
CVE-2021-1672	No	No	Less Likely	Less Likely	Important	5.5	4.8
Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability
CVE-2021-1674	No	No	Less Likely	Less Likely	Important	8.8	7.7
Windows Remote Desktop Security Feature Bypass Vulnerability
CVE-2021-1669	No	No	Less Likely	Less Likely	Important	8.8	7.7
Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability
CVE-2021-1702	No	No	Less Likely	Less Likely	Important	7.8	6.8
Windows Runtime C++ Template Library Elevation of Privilege Vulnerability
CVE-2021-1650	No	No	Less Likely	Less Likely	Important	7.8	6.8
Windows Update Stack Elevation of Privilege Vulnerability
CVE-2021-1694	No	No	Less Likely	Less Likely	Important	7.5	6.5
Windows WLAN Service Elevation of Privilege Vulnerability
CVE-2021-1646	No	No	Less Likely	Less Likely	Important	6.6	5.8
Windows WalletService Elevation of Privilege Vulnerability
CVE-2021-1681	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-1686	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-1687	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-1690	No	No	Less Likely	Less Likely	Important	7.8	6.8
Windows Win32k Elevation of Privilege Vulnerability
CVE-2021-1709	No	No	More Likely	More Likely	Important	7.0	6.1

Styczniowy Patch Tuesday Microsoftu

Tagi

Kategorie