Wrześniowy Patch Tuesday Microsoftu

Microsoft 14 września 2021 roku wydał nowy pakiet aktualizacji bezpieczeństwa w ramach comiesięcznego Patch Tuesday. Wydano łącznie 86 poprawek bezpieczeństwa, w tym 3 oznaczone jako krytyczne.

Istotne podatności:

CVE-2021-40444 – luka 0day umożliwiająca zdalne wykonanie kodu dotycząca MSHTML.
CVE-2021-38647 – zdalne wykonanie kodu w Microsoft Open Management Infrastructure.
CVE-2021-36965 – zdalne wykonanie kodu w Windows WLAN AutoConfig Service.

Description
CVE	Disclosed	Exploited	Exploitability (old versions)	current version	Severity	CVSS Base (AVG)	CVSS Temporal (AVG)
Azure Sphere Information Disclosure Vulnerability
CVE-2021-36956	No	No	Less Likely	Less Likely	Important	4.4	4.0
BitLocker Security Feature Bypass Vulnerability
CVE-2021-38632	No	No	Less Likely	Less Likely	Important	5.7	5.0
Chromium: CVE-2021-30606 Use after free in Blink
CVE-2021-30606	No	No	–	–	–
Chromium: CVE-2021-30607 Use after free in Permissions
CVE-2021-30607	No	No	–	–	–
Chromium: CVE-2021-30608 Use after free in Web Share
CVE-2021-30608	No	No	–	–	–
Chromium: CVE-2021-30609 Use after free in Sign-In
CVE-2021-30609	No	No	–	–	–
Chromium: CVE-2021-30610 Use after free in Extensions API
CVE-2021-30610	No	No	–	–	–
Chromium: CVE-2021-30611 Use after free in WebRTC
CVE-2021-30611	No	No	–	–	–
Chromium: CVE-2021-30612 Use after free in WebRTC
CVE-2021-30612	No	No	–	–	–
Chromium: CVE-2021-30613 Use after free in Base internals
CVE-2021-30613	No	No	–	–	–
Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip
CVE-2021-30614	No	No	–	–	–
Chromium: CVE-2021-30615 Cross-origin data leak in Navigation
CVE-2021-30615	No	No	–	–	–
Chromium: CVE-2021-30616 Use after free in Media
CVE-2021-30616	No	No	–	–	–
Chromium: CVE-2021-30617 Policy bypass in Blink
CVE-2021-30617	No	No	–	–	–
Chromium: CVE-2021-30618 Inappropriate implementation in DevTools
CVE-2021-30618	No	No	–	–	–
Chromium: CVE-2021-30619 UI Spoofing in Autofill
CVE-2021-30619	No	No	–	–	–
Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink
CVE-2021-30620	No	No	–	–	–
Chromium: CVE-2021-30621 UI Spoofing in Autofill
CVE-2021-30621	No	No	–	–	–
Chromium: CVE-2021-30622 Use after free in WebApp Installs
CVE-2021-30622	No	No	–	–	–
Chromium: CVE-2021-30623 Use after free in Bookmarks
CVE-2021-30623	No	No	–	–	–
Chromium: CVE-2021-30624 Use after free in Autofill
CVE-2021-30624	No	No	–	–	–
Chromium: CVE-2021-30632 Out of bounds write in V8
CVE-2021-30632	No	No	–	–	–
HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2021-38661	No	No	Less Likely	Less Likely	Important	7.8	6.8
Microsoft Accessibility Insights for Android Information Disclosure Vulnerability
CVE-2021-40448	No	No	Less Likely	Less Likely	Important	6.3	5.5
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
CVE-2021-40440	No	No	Less Likely	Less Likely	Important	5.4	4.9
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2021-26436	No	No	Less Likely	Less Likely	Important	6.1	5.3
CVE-2021-36930	No	No	Less Likely	Less Likely	Important	5.3	4.6
Microsoft Edge (Chromium-based) Tampering Vulnerability
CVE-2021-38669	No	No	Less Likely	Less Likely	Important	6.4	5.6
Microsoft Edge for Android Information Disclosure Vulnerability
CVE-2021-26439	No	No	–	–	Moderate	4.6	4.0
Microsoft Edge for Android Spoofing Vulnerability
CVE-2021-38641	No	No	Less Likely	Less Likely	Important	6.1	5.3
Microsoft Edge for iOS Spoofing Vulnerability
CVE-2021-38642	No	No	Less Likely	Less Likely	Important	6.1	5.3
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-38655	No	No	Less Likely	Less Likely	Important	7.8	6.8
Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability
CVE-2021-38644	No	No	Less Likely	Less Likely	Important	7.8	6.8
Microsoft MSHTML Remote Code Execution Vulnerability
CVE-2021-40444	Yes	Yes	Detected	Detected	Important	8.8	7.9
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
CVE-2021-38646	No	No	Less Likely	Less Likely	Important	7.8	6.8
Microsoft Office Graphics Component Information Disclosure Vulnerability
CVE-2021-38657	No	No	Less Likely	Less Likely	Important	6.1	5.3
Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2021-38658	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-38660	No	No	Less Likely	Less Likely	Important	7.8	6.8
Microsoft Office Remote Code Execution Vulnerability
CVE-2021-38659	No	No	Less Likely	Less Likely	Important	7.8	6.8
Microsoft Office Spoofing Vulnerability
CVE-2021-38650	No	No	Less Likely	Less Likely	Important	7.6	6.6
Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2021-38653	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-38654	No	No	Less Likely	Less Likely	Important	7.8	6.8
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2021-38651	No	No	Less Likely	Less Likely	Important	7.6	6.6
CVE-2021-38652	No	No	Less Likely	Less Likely	Important	7.6	6.6
Microsoft Windows Update Client Elevation of Privilege Vulnerability
CVE-2021-38634	No	No	Less Likely	Less Likely	Important	7.1	6.2
Microsoft Word Remote Code Execution Vulnerability
CVE-2021-38656	No	No	Less Likely	Less Likely	Important	7.8	6.8
Open Management Infrastructure Elevation of Privilege Vulnerability
CVE-2021-38645	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-38648	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-38649	No	No	Less Likely	Less Likely	Important	7.0	6.1
Open Management Infrastructure Remote Code Execution Vulnerability
CVE-2021-38647	No	No	Less Likely	Less Likely	Critical	9.8	8.5
Visual Studio Code Spoofing Vulnerability
CVE-2021-26437	No	No	Less Likely	Less Likely	Important	5.5	4.8
Visual Studio Elevation of Privilege Vulnerability
CVE-2021-26434	No	No	Less Likely	Less Likely	Important	7.8	6.8
Visual Studio Remote Code Execution Vulnerability
CVE-2021-36952	No	No	Less Likely	Less Likely	Important	7.8	6.8
Win32k Elevation of Privilege Vulnerability
CVE-2021-36975	No	No	More Likely	More Likely	Important	7.8	6.8
CVE-2021-38639	No	No	More Likely	More Likely	Important	7.8	6.8
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2021-38628	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-38638	No	No	Less Likely	Less Likely	Important	7.8	6.8
Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability
CVE-2021-38629	No	No	Less Likely	Less Likely	Important	6.5	5.7
Windows Authenticode Spoofing Vulnerability
CVE-2021-36959	No	No	Less Likely	Less Likely	Important	5.5	4.8
Windows Bind Filter Driver Elevation of Privilege Vulnerability
CVE-2021-36954	No	No	Less Likely	Less Likely	Important	8.8	7.7
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2021-36955	No	No	More Likely	More Likely	Important	7.8	7.2
CVE-2021-36963	No	No	More Likely	More Likely	Important	7.8	6.8
CVE-2021-38633	No	No	More Likely	More Likely	Important	7.8	6.8
Windows DNS Elevation of Privilege Vulnerability
CVE-2021-36968	Yes	No	Less Likely	Less Likely	Important	7.8	6.8
Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-36964	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-38630	No	No	Less Likely	Less Likely	Important	7.8	6.8
Windows Installer Denial of Service Vulnerability
CVE-2021-36961	No	No	Less Likely	Less Likely	Important	5.5	4.8
Windows Installer Information Disclosure Vulnerability
CVE-2021-36962	No	No	Less Likely	Less Likely	Important	5.5	4.8
Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-38625	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-38626	No	No	Less Likely	Less Likely	Important	7.8	6.8
Windows Key Storage Provider Security Feature Bypass Vulnerability
CVE-2021-38624	No	No	Less Likely	Less Likely	Important	6.5	5.7
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2021-38667	No	No	Less Likely	Less Likely	Important	7.8	7.2
CVE-2021-38671	No	No	More Likely	More Likely	Important	7.8	7.2
CVE-2021-40447	No	No	Less Likely	Less Likely	Important	7.8	7.2
Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
CVE-2021-36969	No	No	Less Likely	Less Likely	Important	5.5	4.8
CVE-2021-38635	No	No	Less Likely	Less Likely	Important	5.5	4.8
CVE-2021-38636	No	No	Less Likely	Less Likely	Important	5.5	4.8
Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability
CVE-2021-36973	No	No	Less Likely	Less Likely	Important	7.8	6.8
Windows SMB Elevation of Privilege Vulnerability
CVE-2021-36974	No	No	Less Likely	Less Likely	Important	7.8	6.8
Windows SMB Information Disclosure Vulnerability
CVE-2021-36960	No	No	Less Likely	Less Likely	Important	7.5	6.5
CVE-2021-36972	No	No	Less Likely	Less Likely	Important	5.5	4.8
Windows Scripting Engine Memory Corruption Vulnerability
CVE-2021-26435	No	No	Less Likely	Less Likely	Critical	8.1	7.1
Windows Storage Information Disclosure Vulnerability
CVE-2021-38637	No	No	Less Likely	Less Likely	Important	5.5	4.8
Windows Subsystem for Linux Elevation of Privilege Vulnerability
CVE-2021-36966	No	No	Less Likely	Less Likely	Important	7.8	6.8
Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability
CVE-2021-36967	No	No	Less Likely	Less Likely	Important	8.0	7.0
Windows WLAN AutoConfig Service Remote Code Execution Vulnerability
CVE-2021-36965	No	No	Less Likely	Less Likely	Critical	8.8	7.7

Wrześniowy Patch Tuesday Microsoftu

Tagi

Kategorie