Microsoft 14 września 2021 roku wydał nowy pakiet aktualizacji bezpieczeństwa w ramach comiesięcznego Patch Tuesday. Wydano łącznie 86 poprawek bezpieczeństwa, w tym 3 oznaczone jako krytyczne.

Istotne podatności:

  • CVE-2021-40444 – luka 0day umożliwiająca zdalne wykonanie kodu dotycząca MSHTML.
  • CVE-2021-38647 – zdalne wykonanie kodu w Microsoft Open Management Infrastructure.
  • CVE-2021-36965 – zdalne wykonanie kodu w Windows WLAN AutoConfig Service.

Description

CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG)

CVSS Temporal (AVG)

Azure Sphere Information Disclosure Vulnerability

CVE-2021-36956 No No Less Likely Less Likely Important 4.4

4.0

BitLocker Security Feature Bypass Vulnerability

CVE-2021-38632 No No Less Likely Less Likely Important 5.7

5.0

Chromium: CVE-2021-30606 Use after free in Blink

CVE-2021-30606

No No

Chromium: CVE-2021-30607 Use after free in Permissions

CVE-2021-30607

No No

Chromium: CVE-2021-30608 Use after free in Web Share

CVE-2021-30608

No No

Chromium: CVE-2021-30609 Use after free in Sign-In

CVE-2021-30609

No No

Chromium: CVE-2021-30610 Use after free in Extensions API

CVE-2021-30610

No No

Chromium: CVE-2021-30611 Use after free in WebRTC

CVE-2021-30611

No No

Chromium: CVE-2021-30612 Use after free in WebRTC

CVE-2021-30612

No No

Chromium: CVE-2021-30613 Use after free in Base internals

CVE-2021-30613

No No

Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip

CVE-2021-30614

No No

Chromium: CVE-2021-30615 Cross-origin data leak in Navigation

CVE-2021-30615

No No

Chromium: CVE-2021-30616 Use after free in Media

CVE-2021-30616

No No

Chromium: CVE-2021-30617 Policy bypass in Blink

CVE-2021-30617

No No

Chromium: CVE-2021-30618 Inappropriate implementation in DevTools

CVE-2021-30618

No No

Chromium: CVE-2021-30619 UI Spoofing in Autofill

CVE-2021-30619

No No

Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink

CVE-2021-30620

No No

Chromium: CVE-2021-30621 UI Spoofing in Autofill

CVE-2021-30621

No No

Chromium: CVE-2021-30622 Use after free in WebApp Installs

CVE-2021-30622

No No

Chromium: CVE-2021-30623 Use after free in Bookmarks

CVE-2021-30623

No No

Chromium: CVE-2021-30624 Use after free in Autofill

CVE-2021-30624

No No

Chromium: CVE-2021-30632 Out of bounds write in V8

CVE-2021-30632

No No

HEVC Video Extensions Remote Code Execution Vulnerability

CVE-2021-38661

No No Less Likely Less Likely Important 7.8 6.8

Microsoft Accessibility Insights for Android Information Disclosure Vulnerability

CVE-2021-40448

No No Less Likely Less Likely Important 6.3 5.5

Microsoft Dynamics Business Central Cross-site Scripting Vulnerability

CVE-2021-40440

No No Less Likely Less Likely Important 5.4 4.9

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2021-26436

No No Less Likely Less Likely Important 6.1 5.3
CVE-2021-36930 No No Less Likely Less Likely Important 5.3

4.6

Microsoft Edge (Chromium-based) Tampering Vulnerability

CVE-2021-38669 No No Less Likely Less Likely Important 6.4

5.6

Microsoft Edge for Android Information Disclosure Vulnerability

CVE-2021-26439 No No Moderate 4.6

4.0

Microsoft Edge for Android Spoofing Vulnerability

CVE-2021-38641 No No Less Likely Less Likely Important 6.1

5.3

Microsoft Edge for iOS Spoofing Vulnerability

CVE-2021-38642 No No Less Likely Less Likely Important 6.1

5.3

Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-38655 No No Less Likely Less Likely Important 7.8

6.8

Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability

CVE-2021-38644 No No Less Likely Less Likely Important 7.8

6.8

Microsoft MSHTML Remote Code Execution Vulnerability

CVE-2021-40444 Yes Yes Detected Detected Important 8.8

7.9

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability

CVE-2021-38646 No No Less Likely Less Likely Important 7.8

6.8

Microsoft Office Graphics Component Information Disclosure Vulnerability

CVE-2021-38657 No No Less Likely Less Likely Important 6.1

5.3

Microsoft Office Graphics Remote Code Execution Vulnerability

CVE-2021-38658 No No Less Likely Less Likely Important 7.8

6.8

CVE-2021-38660

No No Less Likely Less Likely Important 7.8 6.8

Microsoft Office Remote Code Execution Vulnerability

CVE-2021-38659

No No Less Likely Less Likely Important 7.8 6.8

Microsoft Office Spoofing Vulnerability

CVE-2021-38650

No No Less Likely Less Likely Important 7.6 6.6

Microsoft Office Visio Remote Code Execution Vulnerability

CVE-2021-38653

No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-38654 No No Less Likely Less Likely Important 7.8

6.8

Microsoft SharePoint Server Spoofing Vulnerability

CVE-2021-38651 No No Less Likely Less Likely Important 7.6

6.6

CVE-2021-38652

No No Less Likely Less Likely Important 7.6 6.6

Microsoft Windows Update Client Elevation of Privilege Vulnerability

CVE-2021-38634

No No Less Likely Less Likely Important 7.1 6.2

Microsoft Word Remote Code Execution Vulnerability

CVE-2021-38656

No No Less Likely Less Likely Important 7.8 6.8

Open Management Infrastructure Elevation of Privilege Vulnerability

CVE-2021-38645

No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-38648 No No Less Likely Less Likely Important 7.8

6.8

CVE-2021-38649 No No Less Likely Less Likely Important 7.0 6.1

Open Management Infrastructure Remote Code Execution Vulnerability

CVE-2021-38647 No No Less Likely Less Likely Critical 9.8

8.5

Visual Studio Code Spoofing Vulnerability

CVE-2021-26437 No No Less Likely Less Likely Important 5.5

4.8

Visual Studio Elevation of Privilege Vulnerability

CVE-2021-26434 No No Less Likely Less Likely Important 7.8

6.8

Visual Studio Remote Code Execution Vulnerability

CVE-2021-36952 No No Less Likely Less Likely Important 7.8

6.8

Win32k Elevation of Privilege Vulnerability

CVE-2021-36975 No No More Likely More Likely Important 7.8

6.8

CVE-2021-38639

No No More Likely More Likely Important 7.8 6.8

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CVE-2021-38628

No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-38638 No No Less Likely Less Likely Important 7.8

6.8

Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability

CVE-2021-38629 No No Less Likely Less Likely Important 6.5

5.7

Windows Authenticode Spoofing Vulnerability

CVE-2021-36959 No No Less Likely Less Likely Important 5.5

4.8

Windows Bind Filter Driver Elevation of Privilege Vulnerability

CVE-2021-36954 No No Less Likely Less Likely Important 8.8

7.7

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2021-36955 No No More Likely More Likely Important 7.8

7.2

CVE-2021-36963

No No More Likely More Likely Important 7.8 6.8
CVE-2021-38633 No No More Likely More Likely Important 7.8

6.8

Windows DNS Elevation of Privilege Vulnerability

CVE-2021-36968 Yes No Less Likely Less Likely Important 7.8

6.8

Windows Event Tracing Elevation of Privilege Vulnerability

CVE-2021-36964 No No Less Likely Less Likely Important 7.8

6.8

CVE-2021-38630

No No Less Likely Less Likely Important 7.8 6.8

Windows Installer Denial of Service Vulnerability

CVE-2021-36961

No No Less Likely Less Likely Important 5.5 4.8

Windows Installer Information Disclosure Vulnerability

CVE-2021-36962

No No Less Likely Less Likely Important 5.5 4.8

Windows Kernel Elevation of Privilege Vulnerability

CVE-2021-38625

No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-38626 No No Less Likely Less Likely Important 7.8

6.8

Windows Key Storage Provider Security Feature Bypass Vulnerability

CVE-2021-38624 No No Less Likely Less Likely Important 6.5

5.7

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2021-38667 No No Less Likely Less Likely Important 7.8

7.2

CVE-2021-38671

No No More Likely More Likely Important 7.8 7.2
CVE-2021-40447 No No Less Likely Less Likely Important 7.8

7.2

Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability

CVE-2021-36969 No No Less Likely Less Likely Important 5.5

4.8

CVE-2021-38635

No No Less Likely Less Likely Important 5.5 4.8
CVE-2021-38636 No No Less Likely Less Likely Important 5.5

4.8

Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability

CVE-2021-36973 No No Less Likely Less Likely Important 7.8

6.8

Windows SMB Elevation of Privilege Vulnerability

CVE-2021-36974 No No Less Likely Less Likely Important 7.8

6.8

Windows SMB Information Disclosure Vulnerability

CVE-2021-36960 No No Less Likely Less Likely Important 7.5

6.5

CVE-2021-36972

No No Less Likely Less Likely Important 5.5 4.8

Windows Scripting Engine Memory Corruption Vulnerability

CVE-2021-26435

No No Less Likely Less Likely Critical 8.1 7.1

Windows Storage Information Disclosure Vulnerability

CVE-2021-38637

No No Less Likely Less Likely Important 5.5 4.8

Windows Subsystem for Linux Elevation of Privilege Vulnerability

CVE-2021-36966

No No Less Likely Less Likely Important 7.8 6.8

Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability

CVE-2021-36967

No No Less Likely Less Likely Important 8.0 7.0

Windows WLAN AutoConfig Service Remote Code Execution Vulnerability

CVE-2021-36965

No No Less Likely Less Likely Critical 8.8

7.7