Report Name: Microsoft Patch Tuesday, December 2021
Generated: 2021-12-16 00:36:06

Vulristics Vulnerability Scores
Basic Vulnerability Scores
Products

Product NamePrevalenceUCHMLComment
Microsoft Message Queuing0.92Microsoft Message Queuing or MSMQ is a message queue implementation developed by Microsoft and deployed in its Windows Server operating systems since Windows NT 4 and Windows 95
SymCrypt0.91SymCrypt is the core cryptographic function library currently used by Windows
Windows AppX Installer0.91Windows AppX Installer is a utility for side-loading Windows 10 apps, available on the App Store
Windows Encrypting File System0.911Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption
Windows Kernel0.95Windows Kernel
Windows TCP/IP Driver0.91A kernel mode driver
ASP.NET Core0.81An open-source, server-side web-application framework designed for web development
DirectX Graphics Kernel0.81DirectX Graphics Kernel
Microsoft BizTalk ESB Toolkit0.81The Microsoft BizTalk ESB Toolkit uses BizTalk Server to support a loosely coupled messaging architectur
Microsoft Defender0.81Anti-malware component of Microsoft Windows
Microsoft Defender for IoT0.881Microsoft Defender for IoT provides comprehensive threat detection for IoT/OT environments
Microsoft Edge0.841Web browser
Microsoft Local Security Authority Server0.81Local Security Authority Subsystem Service (LSASS) is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system
Microsoft PowerShell0.81PowerShell or Microsoft PowerShell (formerly Windows PowerShell) is a task automation and configuration management program from Microsoft, consisting of a command-line shell and the associated scripting language
Storage Spaces Controller0.82Storage Spaces Controller
Visual Basic for Applications0.81Visual Basic for Applications is a computer programming language developed and owned by Microsoft
Windows Common Log File System Driver0.83Windows component
Windows Event Tracing0.81Windows Event Tracing
Windows Fax Service0.81Windows Fax Service
Windows Installer0.81Windows Installer
Windows Media0.81Windows component
Windows NTFS0.84The default file system of the Windows NT family
Windows Print Spooler0.81Windows component
Windows Recovery Environment Agent0.81Windows component
Windows Remote Access Connection Manager0.81Windows component
Windows Remote Desktop Client0.81Remote Desktop Protocol Client
iSNS Server0.81An iSNS server uses the Internet Storage Name Service protocol to maintain information about active iSCSI devices on the network, including their IP addresses, iSCSI node names, and portal groups
HEVC Video Extensions0.73HEVC Video Extensions
Microsoft Jet Red Database Engine and Access Connectivity Engine0.71Microsoft Jet Red Database Engine and Access Connectivity Engine
Microsoft SharePoint0.722Microsoft SharePoint
VP9 Video Extensions0.71VP9 is an open and royalty-free video coding format developed by Google
Web Media Extensions0.71Web Media Extensions
Windows Mobile Device Management0.71Windows Mobile Device Management
Microsoft Excel0.61MS Office product
Microsoft Office0.611Microsoft Office
Microsoft Office Graphics0.61Microsoft Office Graphics
Windows Hyper-V0.61Hardware virtualization component of the client editions of Windows NT
Bot Framework SDK0.41Bot Framework SDK
Microsoft 4K Wireless Display Adapter0.31Microsoft device that can display wirelessly to a 4K TV or monitor over Miracast
Visual Studio Code0.321Integrated development environment


Vulnerability Types

Vulnerability TypeCriticalityUCHMLComment
Remote Code Execution1.0224Remote Code Execution
Denial of Service0.712Denial of Service
Memory Corruption0.64Memory Corruption
Elevation of Privilege0.521Elevation of Privilege
Information Disclosure0.410Information Disclosure
Spoofing0.4151Spoofing
Unknown Vulnerability Type01Unknown Vulnerability Type


Vulnerabilities

Urgent (0)

Critical (0)

High (24)

1. Spoofing - Windows AppX Installer (CVE-2021-43890) - High [589]

Description: Windows AppX Installer Spoofing Vulnerability. We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader. An attacker could craft a malicious attachment to be used in phishing campaigns. The attacker would then have to convince the user to open the specially crafted attachment. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Please see the Security Updates table for the link to the updated app. Alternatively you can download and install the Installer using the links provded in the FAQ section. Please see the Mitigations and Workaround sections for important information about steps you can take to protect your system from this vulnerability.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned at Microsoft
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.914Windows AppX Installer is a utility for side-loading Windows 10 apps, available on the App Store
CVSS Base Score0.710Vulnerability Severity Rating based on CVSS Base Score is 7.1. Based on Microsoft data

qualys: CVE-2021-43890 | Windows AppX Installer Spoofing Vulnerability. This vulnerability CVSS 7.1 is a Zero-Day known to be an actively exploited spoofing vulnerability in the AppX installer that affects Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader.

tenable: CVE-2021-43890 is a spoofing vulnerability in the Windows AppX Installer, which is used to install AppX apps on Windows 10 systems. According to reports, this vulnerability has been exploited in the wild. It has been linked to attacks associated with the Emotet/TrickBot/Bazaloader family. To exploit this vulnerability, an attacker would need to convince a user to open a malicious attachment, which would likely be conducted through a phishing attack. Once exploited, the vulnerability would grant an attacker elevated privileges, particularly when the victim’s account has administrative privileges on the system. If patching isn’t an option, Microsoft has provided some workarounds to protect against the exploitation of this vulnerability.

rapid7: This month’s Patch Tuesday comes in the middle of a global effort to mitigate Apache Log4j CVE-2021-44228. In today’s security release, Microsoft issued fixes for 83 vulnerabilities across an array of products — including a fix for Windows Defender for IoT, which is vulnerable to CVE-2021-44228 amongst seven other remote code execution (RCE) vulnerabilities (the cloud service is not affected). Six CVEs in the bulletin have been publicly disclosed; the only vulnerability noted as being exploited in the wild in this month’s release is CVE-2021-43890, a Windows AppX Installer spoofing bug that may aid in social engineering attacks and has evidently been used in Emotet malware campaigns.

zdi: CVE-2021-43890 - Windows AppX Installer Spoofing Vulnerability. Emotet is like that holiday guest that just won’t take a hint and leave. This patch fixes a bug in the AppX installer that affects Windows. Microsoft states they have seen the bug used in malware in the Emotet/Trickbot/Bazaloader family. An attacker would need to craft a malicious attachment to be used in phishing campaigns. The attacker would then have to convince the user to open the specially crafted attachment. It seems and code execution would occur at the logged-on user level, so attackers would likely combine this with another bug to take control of a system. This malware family has been going for some time now. It seems like it will be around for a bit longer.

2. Remote Code Execution - iSNS Server (CVE-2021-43215) - High [489]

Description: iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814An iSNS server uses the Internet Storage Name Service protocol to maintain information about active iSCSI devices on the network, including their IP addresses, iSCSI node names, and portal groups
CVSS Base Score1.010Vulnerability Severity Rating based on CVSS Base Score is 9.8. Based on Microsoft data

qualys: CVE-2021-43215 | iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution. This is a Remote Code Execution (RCE) vulnerability targeting the Internet Storage Name Service (iSNS) protocol. iSNS is used for interaction between iSNS servers and iSNS clients. An attacker could send a specially crafted request to the Internet Storage Name Service (iSNS) server, which could result in remote code execution. At CVSS 9.8, this critical vulnerability should be prioritized and patched quickly.

tenable: CVE-2021-43215 is a memory corruption vulnerability in the Internet Storage Name Service (iSNS) protocol. The iSNS protocol is used to facilitate communication between iSNS servers and clients. A remote, unauthenticated attacker could exploit this vulnerability by sending a specially crafted request to a vulnerable iSNS server. Successful exploitation would give an attacker remote code execution on the iSNS server. The vulnerability was assigned a CVSSv3 score of 9.8 out of 10 and is rated “Exploitation More Likely” according to Microsoft’s Exploitability Index. Fortunately, iSNS is not installed on Windows systems by default.

zdi: CVE-2021-43215 – iSNS Server Remote Code Execution Vulnerability. This patch fixes a bug in the Internet Storage Name Service (iSNS) server that could allow remote code execution if an attacker sends a specially crafted request to an affected server. If you aren’t familiar with it, iSNS is a protocol that enables automated discovery and management of iSCSI devices on a TCP/IP storage network. In other words, if you’re running a SAN in your enterprise, you either have an iSNS server or you configure each of the logical interfaces individually. This bug is one of three CVSS 9.8 bugs fixed this month. If you have a SAN, prioritize testing and deploying this patch.

3. Remote Code Execution - Windows Encrypting File System (CVE-2021-43217) - High [481]

Description: Windows Encrypting File System (EFS) Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 8.1. Based on Microsoft data

qualys: CVE-2021-43217 | Windows Encrypting File System (EFS) Remote Code Execution Vulnerability. This is a Remote Code Execution (RCE) vulnerability targeting Encrypting File System (EFS) where an attacker could cause a buffer overflow write leading to unauthenticated non-sandboxed code execution, and with a CVSS score of 8.1, its important to patch quickly.

qualys: For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see KB5009763: EFS security hardening changes in CVE-2021-43217.

4. Remote Code Execution - Microsoft Defender for IoT (CVE-2021-41365) - High [475]

Description: Microsoft Defender for IoT Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Microsoft Defender for IoT provides comprehensive threat detection for IoT/OT environments
CVSS Base Score0.910Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data

5. Remote Code Execution - Microsoft Defender for IoT (CVE-2021-42311) - High [475]

Description: Microsoft Defender for IoT Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Microsoft Defender for IoT provides comprehensive threat detection for IoT/OT environments
CVSS Base Score0.910Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data

6. Remote Code Execution - Microsoft Defender for IoT (CVE-2021-42313) - High [475]

Description: Microsoft Defender for IoT Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Microsoft Defender for IoT provides comprehensive threat detection for IoT/OT environments
CVSS Base Score0.910Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data

7. Remote Code Execution - Microsoft Defender for IoT (CVE-2021-42314) - High [475]

Description: Microsoft Defender for IoT Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Microsoft Defender for IoT provides comprehensive threat detection for IoT/OT environments
CVSS Base Score0.910Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data

8. Remote Code Execution - Microsoft Defender for IoT (CVE-2021-42315) - High [475]

Description: Microsoft Defender for IoT Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Microsoft Defender for IoT provides comprehensive threat detection for IoT/OT environments
CVSS Base Score0.910Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data

9. Remote Code Execution - Microsoft Defender for IoT (CVE-2021-43882) - High [475]

Description: Microsoft Defender for IoT Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Microsoft Defender for IoT provides comprehensive threat detection for IoT/OT environments
CVSS Base Score0.910Vulnerability Severity Rating based on CVSS Base Score is 9.0. Based on Microsoft data

10. Remote Code Execution - Microsoft Defender for IoT (CVE-2021-42310) - High [462]

Description: Microsoft Defender for IoT Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Microsoft Defender for IoT provides comprehensive threat detection for IoT/OT environments
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 8.1. Based on Microsoft data

11. Remote Code Execution - Windows Event Tracing (CVE-2021-43232) - High [462]

Description: Windows Event Tracing Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Windows Event Tracing
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

12. Remote Code Execution - Windows Remote Desktop Client (CVE-2021-43233) - High [462]

Description: Remote Desktop Client Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Remote Desktop Protocol Client
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data

qualys: CVE-2021-43233 | Remote Desktop Client Remote Code Execution Vulnerability. This is a critical Remote Code Execution (RCE) vulnerability included in the monthly rollup for Windows, with a CVSS score of 7.5, this too tops the list of vulnerabilities needing to be patched quickly.

tenable: CVE-2021-43233 is a RCE in the Remote Desktop Client that received a CVSSv3 score of 7.5. Given past attacks against Remote Desktop Protocol (RDP), it is no surprise that Microsoft rated this “Exploitation More Likely.” Exploiting this flaw would require a vulnerable target to connect to a malicious RDP server. Successful exploitation would allow an attacker to execute arbitrary code on the machine of the connected client.

13. Remote Code Execution - Windows Fax Service (CVE-2021-43234) - High [462]

Description: Windows Fax Service Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Windows Fax Service
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

14. Remote Code Execution - Microsoft SharePoint (CVE-2021-42309) - High [456]

Description: Microsoft SharePoint Server Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714Microsoft SharePoint
CVSS Base Score0.910Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data

zdi: CVE-2021-42309 – Microsoft SharePoint Server Remote Code Execution Vulnerability. This patch fixes a bug reported through the ZDI program. The vulnerability allows a user to elevate and execute code in the context of the service account. An attacker would need “Manage Lists” permissions on a SharePoint site, but by default, any authorized user can create their own new site where they have full permissions. This bug allows an attacker to bypass the restriction against running arbitrary server-side web controls. This is similar to the previously patched CVE-2021-28474. However, in this case, the unsafe control is “smuggled” in a property of an allowed control.

15. Remote Code Execution - Microsoft Office (CVE-2021-43905) - High [451]

Description: Microsoft Office app Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Microsoft Office
CVSS Base Score1.010Vulnerability Severity Rating based on CVSS Base Score is 9.6. Based on Microsoft data

qualys: CVE-2021-43905 | Microsoft Office app Remote Code Execution Vulnerability. This is an unauthenticated Remote Code Execution (RCE) vulnerability in the Microsoft Office app, important to patch quickly, as it has a high CVSS score of 9.6.

tenable: CVE-2021-43905 is a RCE vulnerability in the Microsoft Office app. It was assigned a CVSSv3 score of 9.6 and is rated “Exploitation More Likely.” To exploit this vulnerability, an attacker would have to create a malicious Microsoft Office document and convince a user through social engineering to open the document. Microsoft says that the Preview Pane is not an attack vector, which means exploitation requires opening the document, not merely previewing it. Because this vulnerability exists in the Microsoft Office app, the patch for this flaw will be distributed through the Microsoft Store as part of an automatic update.

16. Remote Code Execution - Microsoft Defender for IoT (CVE-2021-43889) - High [448]

Description: Microsoft Defender for IoT Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Microsoft Defender for IoT provides comprehensive threat detection for IoT/OT environments
CVSS Base Score0.710Vulnerability Severity Rating based on CVSS Base Score is 7.2. Based on Microsoft data

17. Remote Code Execution - HEVC Video Extensions (CVE-2021-40452) - High [443]

Description: HEVC Video Extensions Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714HEVC Video Extensions
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

18. Remote Code Execution - HEVC Video Extensions (CVE-2021-40453) - High [443]

Description: HEVC Video Extensions Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714HEVC Video Extensions
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

19. Remote Code Execution - HEVC Video Extensions (CVE-2021-41360) - High [443]

Description: HEVC Video Extensions Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714HEVC Video Extensions
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

20. Remote Code Execution - Web Media Extensions (CVE-2021-43214) - High [443]

Description: Web Media Extensions Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714Web Media Extensions
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

21. Remote Code Execution - Microsoft SharePoint (CVE-2021-42294) - High [429]

Description: Microsoft SharePoint Server Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714Microsoft SharePoint
CVSS Base Score0.710Vulnerability Severity Rating based on CVSS Base Score is 7.2. Based on Microsoft data

22. Remote Code Execution - Microsoft Excel (CVE-2021-43256) - High [424]

Description: Microsoft Excel Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614MS Office product
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

23. Remote Code Execution - Microsoft Office Graphics (CVE-2021-43875) - High [424]

Description: Microsoft Office Graphics Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Microsoft Office Graphics
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

24. Denial of Service - SymCrypt (CVE-2021-43228) - High [420]

Description: SymCrypt Denial of Service Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914SymCrypt is the core cryptographic function library currently used by Windows
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data

Medium (46)

25. Remote Code Execution - Microsoft 4K Wireless Display Adapter (CVE-2021-43899) - Medium [394]

Description: Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.314Microsoft device that can display wirelessly to a 4K TV or monitor over Miracast
CVSS Base Score1.010Vulnerability Severity Rating based on CVSS Base Score is 9.8. Based on Microsoft data

zdi: CVE-2021-43899 – Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability. This update fixes a vulnerability that could allow an unauthenticated attacker to execute their code on an affected device. The attacker would need to be on the same network as the Microsoft 4K Display Adapter. If they are, they could send specially crafted packets to the affected device. Patching this won’t be an easy chore. To be protected, users need to install the Microsoft Wireless Display Adapter application from the Microsoft Store onto a system connected to the Microsoft 4K Wireless Display Adapter. Only then can the use the “Update & Security” section of the app to download the latest firmware to mitigate this bug. This is the second CVSS 9.8 bug being patched this month.

26. Remote Code Execution - Visual Studio Code (CVE-2021-43907) - Medium [394]

Description: Visual Studio Code WSL Extension Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.314Integrated development environment
CVSS Base Score1.010Vulnerability Severity Rating based on CVSS Base Score is 9.8. Based on Microsoft data

zdi: CVE-2021-43907 – Visual Studio Code WSL Extension Remote Code Execution Vulnerability. This is the final CVSS 9.8 vulnerability being patched this month. The impacted component lets users use the Windows Subsystem for Linux (WSL) as a full-time development environment from Visual Studio Code. It allows you to develop in a Linux-based environment, use Linux-specific toolchains and utilities, and run and debug Linux-based applications all from within Windows. That sort of cross-platform functionality is used by many in the DevOps community. This patch fixes a remote code execution bug in the extension, but Microsoft doesn’t specify exactly how that code execution could occur. They do list it as unauthenticated and requires no user interaction, so if you use this extension, get this update tested and deployed quickly.

27. Denial of Service - DirectX Graphics Kernel (CVE-2021-43219) - Medium [387]

Description: DirectX Graphics Kernel File Denial of Service Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814DirectX Graphics Kernel
CVSS Base Score0.710Vulnerability Severity Rating based on CVSS Base Score is 7.4. Based on Microsoft data

28. Remote Code Execution - Bot Framework SDK (CVE-2021-43225) - Medium [386]

Description: Bot Framework SDK Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414Bot Framework SDK
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data

29. Elevation of Privilege - Windows Kernel (CVE-2021-43237) - Medium [379]

Description: Windows Setup Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

30. Elevation of Privilege - Windows Kernel (CVE-2021-43238) - Medium [379]

Description: Windows Remote Access Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

31. Elevation of Privilege - Windows Kernel (CVE-2021-43245) - Medium [379]

Description: Windows Digital TV Tuner Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

32. Elevation of Privilege - Windows TCP/IP Driver (CVE-2021-43247) - Medium [379]

Description: Windows TCP/IP Driver Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.914A kernel mode driver
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

33. Elevation of Privilege - Windows Kernel (CVE-2021-43248) - Medium [379]

Description: Windows Digital Media Receiver Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

34. Elevation of Privilege - Windows Encrypting File System (CVE-2021-43893) - Medium [379]

Description: Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.914Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data

35. Remote Code Execution - Visual Studio Code (CVE-2021-43891) - Medium [367]

Description: Visual Studio Code Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.314Integrated development environment
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

36. Elevation of Privilege - Windows Media (CVE-2021-40441) - Medium [360]

Description: Windows Media Center Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

37. Elevation of Privilege - Windows Print Spooler (CVE-2021-41333) - Medium [360]

Description: Windows Print Spooler Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

qualys: CVE-2021-41333 | Windows Print Spooler Elevation of Privilege Vulnerability. This Windows Print Spooler Elevation of Privilege vulnerability has been made public and has low attack complexity, along with a CVSS score of 7.8, which necessitates patching quickly.

tenable: CVE-2021-41333 is an EoP vulnerability in Windows Print Spooler that received a CVSSv3 rating of 7.8 and was marked “Exploitation More Likely.” Discovery of this vulnerability is credited to Abdelhamid Naceri with Trend Micro Zero Day Initiative, who is credited with two other vulnerabilities patched this month, and James Forshaw of Google Project Zero. This is just the latest in a series of vulnerabilities disclosed in Windows Print Spooler this year. Given the mass exploitation of prior Print Spooler vulnerabilities, users should apply these patches as soon as possible.

38. Elevation of Privilege - Microsoft Defender (CVE-2021-42312) - Medium [360]

Description: Microsoft Defender for IOT Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.814Anti-malware component of Microsoft Windows
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

39. Elevation of Privilege - Windows Common Log File System Driver (CVE-2021-43207) - Medium [360]

Description: Windows Common Log File System Driver Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

40. Elevation of Privilege - Windows Remote Access Connection Manager (CVE-2021-43223) - Medium [360]

Description: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

41. Elevation of Privilege - Windows Common Log File System Driver (CVE-2021-43226) - Medium [360]

Description: Windows Common Log File System Driver Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

42. Elevation of Privilege - Windows NTFS (CVE-2021-43229) - Medium [360]

Description: Windows NTFS Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.814The default file system of the Windows NT family
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

43. Elevation of Privilege - Windows NTFS (CVE-2021-43230) - Medium [360]

Description: Windows NTFS Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.814The default file system of the Windows NT family
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

44. Elevation of Privilege - Windows NTFS (CVE-2021-43231) - Medium [360]

Description: Windows NTFS Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.814The default file system of the Windows NT family
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

45. Elevation of Privilege - Windows NTFS (CVE-2021-43240) - Medium [360]

Description: NTFS Set Short Name Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.814The default file system of the Windows NT family
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

tenable: CVE-2021-43240 is an EoP vulnerability in the New Technology File System (NTFS) set short name function. It received a CVSSv3 score of 7.8 and was rated “Exploitation Less Likely.” Despite being listed as publicly disclosed, discovery of this vulnerability was not credited to anyone. Earlier this year, another EoP flaw in the NFTS, CVE-2021-31956 was exploited as a zero day.

46. Elevation of Privilege - ASP.NET Core (CVE-2021-43877) - Medium [360]

Description: ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.814An open-source, server-side web-application framework designed for web development
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

47. Elevation of Privilege - Windows Installer (CVE-2021-43883) - Medium [360]

Description: Windows Installer Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.814Windows Installer
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

tenable: CVE-2021-43883 is an EoP vulnerability in Windows Installer. It appears this may address a patch bypass for CVE-2021-41379, publicly disclosed by Abdelhamid Naceri in November. At that time, Naceri also disclosed a separate zero day that does not appear to have been patched. However, Naceri is not credited with CVE-2021-43883, despite being credited with three other CVEs in this month’s release. CVE-2021-43883 received a CVSSv3 score of 7.8 and was marked “Exploitation More Likely,” indicating it is more severe than the original vulnerability. To exploit this vulnerability, an attacker would need to convince the target to open a specially crafted installer in order to gain elevated privileges.

rapid7: Interestingly, this round of fixes also includes CVE-2021-43883, a Windows Installer privilege escalation bug whose advisory is sparse despite the fact that it appears to affect all supported versions of Windows. While there’s no indication in the advisory that the two vulnerabilities are related, CVE-2021-43883 looks an awful lot like the fix for a zero-day vulnerability that made a splash in the security community last month after proof-of-concept exploit code was released and in-the-wild attacks began. The zero-day vulnerability, which researchers hypothesized was a patch bypass for CVE-2021-41379, allowed low-privileged attackers to overwrite protected files and escalate to SYSTEM. Rapid7’s vulnerability research team did a full root cause analysis of the bug as attacks ramped up in November.

rapid7: As usual, RCE flaws figure prominently in the “Critical”-rated CVEs this month. In addition to Windows Defender for IoT, critical RCE bugs were fixed this month in Microsoft Office, Microsoft Devices, Internet Storage Name Service (iSNS), and the WSL extension for Visual Studio Code. Given the outsized risk presented by most vulnerable implementations of Log4Shell, administrators should prioritize patches for any products affected by CVE-2021-44228. Past that, put critical server-side and OS RCE patches at the top of your list, and we’d advise sneaking in the fix for CVE-2021-43883 despite its lower severity rating.

48. Information Disclosure - Microsoft Message Queuing (CVE-2021-43222) - Medium [359]

Description: Microsoft Message Queuing Information Disclosure Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.415Information Disclosure
Vulnerable Product is Common0.914Microsoft Message Queuing or MSMQ is a message queue implementation developed by Microsoft and deployed in its Windows Server operating systems since Windows NT 4 and Windows 95
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data

49. Information Disclosure - Microsoft Message Queuing (CVE-2021-43236) - Medium [359]

Description: Microsoft Message Queuing Information Disclosure Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.415Information Disclosure
Vulnerable Product is Common0.914Microsoft Message Queuing or MSMQ is a message queue implementation developed by Microsoft and deployed in its Windows Server operating systems since Windows NT 4 and Windows 95
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data

50. Elevation of Privilege - Windows Recovery Environment Agent (CVE-2021-43239) - Medium [347]

Description: Windows Recovery Environment Agent Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.710Vulnerability Severity Rating based on CVSS Base Score is 7.1. Based on Microsoft data

51. Information Disclosure - Windows Kernel (CVE-2021-43244) - Medium [345]

Description: Windows Kernel Information Disclosure Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.415Information Disclosure
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.710Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data

52. Information Disclosure - Microsoft Defender for IoT (CVE-2021-43888) - Medium [340]

Description: Microsoft Defender for IoT Information Disclosure Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.415Information Disclosure
Vulnerable Product is Common0.814Microsoft Defender for IoT provides comprehensive threat detection for IoT/OT environments
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data

53. Denial of Service - Windows Hyper-V (CVE-2021-43246) - Medium [336]

Description: Windows Hyper-V Denial of Service Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Hardware virtualization component of the client editions of Windows NT
CVSS Base Score0.610Vulnerability Severity Rating based on CVSS Base Score is 5.6. Based on Microsoft data

54. Elevation of Privilege - Microsoft Jet Red Database Engine and Access Connectivity Engine (CVE-2021-42293) - Medium [328]

Description: Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.714Microsoft Jet Red Database Engine and Access Connectivity Engine
CVSS Base Score0.710Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data

55. Information Disclosure - Microsoft Local Security Authority Server (CVE-2021-43216) - Medium [327]

Description: Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.415Information Disclosure
Vulnerable Product is Common0.814Local Security Authority Subsystem Service (LSASS) is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system
CVSS Base Score0.710Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data

56. Spoofing - Microsoft BizTalk ESB Toolkit (CVE-2021-43892) - Medium [327]

Description: Microsoft BizTalk ESB Toolkit Spoofing Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.814The Microsoft BizTalk ESB Toolkit uses BizTalk Server to support a loosely coupled messaging architectur
CVSS Base Score0.710Vulnerability Severity Rating based on CVSS Base Score is 7.4. Based on Microsoft data

57. Spoofing - Microsoft SharePoint (CVE-2021-42320) - Medium [321]

Description: Microsoft SharePoint Server Spoofing Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.714Microsoft SharePoint
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 8.0. Based on Microsoft data

58. Spoofing - Microsoft SharePoint (CVE-2021-43242) - Medium [321]

Description: Microsoft SharePoint Server Spoofing Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.714Microsoft SharePoint
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.6. Based on Microsoft data

59. Elevation of Privilege - Windows Mobile Device Management (CVE-2021-43880) - Medium [314]

Description: Windows Mobile Device Management Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.714Windows Mobile Device Management
CVSS Base Score0.610Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data

60. Information Disclosure - Visual Basic for Applications (CVE-2021-42295) - Medium [313]

Description: Visual Basic for Applications Information Disclosure Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.415Information Disclosure
Vulnerable Product is Common0.814Visual Basic for Applications is a computer programming language developed and owned by Microsoft
CVSS Base Score0.610Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data

61. Information Disclosure - Windows Common Log File System Driver (CVE-2021-43224) - Medium [313]

Description: Windows Common Log File System Driver Information Disclosure Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.415Information Disclosure
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.610Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data

62. Information Disclosure - Storage Spaces Controller (CVE-2021-43227) - Medium [313]

Description: Storage Spaces Controller Information Disclosure Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.415Information Disclosure
Vulnerable Product is Common0.814Storage Spaces Controller
CVSS Base Score0.610Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data

63. Information Disclosure - Storage Spaces Controller (CVE-2021-43235) - Medium [313]

Description: Storage Spaces Controller Information Disclosure Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.415Information Disclosure
Vulnerable Product is Common0.814Storage Spaces Controller
CVSS Base Score0.610Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data

64. Spoofing - Microsoft PowerShell (CVE-2021-43896) - Medium [313]

Description: Microsoft PowerShell Spoofing Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.814PowerShell or Microsoft PowerShell (formerly Windows PowerShell) is a task automation and configuration management program from Microsoft, consisting of a command-line shell and the associated scripting language
CVSS Base Score0.610Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data

65. Information Disclosure - VP9 Video Extensions (CVE-2021-43243) - Medium [294]

Description: VP9 Video Extensions Information Disclosure Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.415Information Disclosure
Vulnerable Product is Common0.714VP9 is an open and royalty-free video coding format developed by Google
CVSS Base Score0.610Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data

66. Spoofing - Microsoft Office (CVE-2021-43255) - Medium [275]

Description: Microsoft Office Trust Center Spoofing Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.614Microsoft Office
CVSS Base Score0.610Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data

67. Memory Corruption - Microsoft Edge (CVE-2021-4099) - Medium [272]

Description: Chromium: CVE-2021-4099 Use after free in Swiftshader. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.615Memory Corruption
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

68. Memory Corruption - Microsoft Edge (CVE-2021-4100) - Medium [272]

Description: Chromium: CVE-2021-4100 Object lifecycle issue in ANGLE. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.615Memory Corruption
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

69. Memory Corruption - Microsoft Edge (CVE-2021-4101) - Medium [272]

Description: Chromium: CVE-2021-4101 Heap buffer overflow in Swiftshader. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.615Memory Corruption
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

70. Memory Corruption - Microsoft Edge (CVE-2021-4102) - Medium [272]

Description: Chromium: CVE-2021-4102 Use after free in V8. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware of reports that an exploit for CVE-2021-4102 exists in the wild.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.615Memory Corruption
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

zdi: Google is another vendor that doesn’t follow the patch Tuesday release cycle but still managed to release a significant update yesterday. The Chrome Stable channel has been updated to 96.0.4664.110, and the patch includes five security fixes. One of these bugs, CVE-2021-4102, a use-after-free bug in V8, is listed as having exploits in the wild. Three other High severity and one Critical severity bugs are also addressed. Tis the season to be shopping online. Make sure your browser is up to date as you do so. These bugs are not included in the Edge (Chromium-based) updates discussed below. If you’re interested in other V8 bugs, check out this series of blogs recently published by ZDI vulnerability researcher Hossein Lotfi.

Low (2)

71. Spoofing - Visual Studio Code (CVE-2021-43908) - Low [191]

Description: Visual Studio Code Spoofing Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.314Integrated development environment
CVSS Base Score0.410Vulnerability Severity Rating based on CVSS Base Score is 4.3. Based on Microsoft data

72. Unknown Vulnerability Type - Microsoft Edge (CVE-2021-4098) - Low [151]

Description: {'ms_cve_data_all': 'Chromium: CVE-2021-4098 Insufficient data validation in Mojo. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. ', 'nvd_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

Exploitation in the wild detected (1)

Spoofing (1)

Public exploit exists, but exploitation in the wild is NOT detected (0)

Other Vulnerabilities (71)

Remote Code Execution (26)

Denial of Service (3)

Elevation of Privilege (21)

Information Disclosure (10)

Spoofing (6)

Memory Corruption (4)

Unknown Vulnerability Type (1)