Report Name: Microsoft Patch Tuesday, April 2021Generated: 2021-07-08 00:44:57
| Product Name | Prevalence | U | C | H | M | L | Comment |
|---|---|---|---|---|---|---|---|
| Windows SMB | 1 | 2 | Windows SMB | ||||
| Remote Procedure Call Runtime | 0.9 | 27 | Remote Procedure Call Runtime | ||||
| Windows DNS Server | 0.9 | 2 | Windows DNS Server | ||||
| Windows Kernel | 0.9 | 2 | 2 | Windows Kernel | |||
| Windows TCP/IP | 0.9 | 1 | Windows component | ||||
| Windows TCP/IP Driver | 0.9 | 2 | A kernel mode driver | ||||
| Diagnostics Hub Standard Collector | 0.8 | 3 | Diagnostics Hub Standard Collector | ||||
| Windows AppX Deployment Server | 0.8 | 1 | Windows component | ||||
| Windows Application Compatibility Cache | 0.8 | 1 | Windows component | ||||
| Windows Codecs Library | 0.8 | 1 | Windows Codecs Library | ||||
| Windows Console Driver | 0.8 | 2 | Windows Console Driver | ||||
| Windows Early Launch Antimalware Driver | 0.8 | 2 | Windows component | ||||
| Windows Event Tracing | 0.8 | 2 | Windows Event Tracing | ||||
| Windows GDI+ | 0.8 | 3 | 1 | Windows component | |||
| Windows Installer | 0.8 | 4 | Windows Installer | ||||
| Windows Media Photo Codec | 0.8 | 1 | Windows component | ||||
| Windows Media Video Decoder | 0.8 | 2 | Windows component | ||||
| Windows NTFS | 0.8 | 2 | The default file system of the Windows NT family | ||||
| Windows Network File System | 0.8 | 1 | Windows Network File System | ||||
| Windows Overlay Filter | 0.8 | 1 | Windows component | ||||
| Windows Portmapping | 0.8 | 1 | Windows component | ||||
| Windows Resource Manager PSM Service Extension | 0.8 | 1 | Windows component | ||||
| Windows Secure Kernel Mode | 0.8 | 1 | Windows component | ||||
| Windows Services and Controller App | 0.8 | 1 | Windows component | ||||
| Windows Speech Runtime | 0.8 | 3 | Windows component | ||||
| Windows WLAN AutoConfig Service | 0.8 | 1 | Windows сomponent | ||||
| Microsoft Exchange Server | 0.7 | 1 | 3 | Microsoft Exchange Server | |||
| Microsoft SharePoint | 0.7 | 1 | Microsoft SharePoint | ||||
| RPC Endpoint Mapper Service | 0.7 | 1 | RPC Endpoint Mapper Service | ||||
| Raw Image Extension | 0.7 | 2 | Raw Image Extension | ||||
| VP9 Video Extensions | 0.7 | 1 | VP9 is an open and royalty-free video coding format developed by Google | ||||
| Microsoft Excel | 0.6 | 2 | 1 | MS Office product | |||
| Microsoft Internet Messaging API | 0.6 | 1 | Microsoft Internet Messaging API | ||||
| Microsoft Office | 0.6 | 1 | Microsoft Office | ||||
| Microsoft Outlook | 0.6 | 1 | MS Office product | ||||
| Microsoft Word | 0.6 | 1 | MS Office product | ||||
| Windows Hyper-V | 0.6 | 4 | Hardware virtualization component of the client editions of Windows NT | ||||
| Azure | 0.4 | 1 | 4 | Azure | |||
| Visual Studio Code | 0.3 | 5 | Integrated development environment | ||||
| Visual Studio Installer | 0.3 | 1 | Integrated development environment | ||||
| Remote Development Extension for Visual Studio Code | 0.2 | 1 | Extension for Visual Studio Code IDE | ||||
| Visual Studio Code GitHub Pull Requests and Issues Extension | 0.2 | 1 | Extension for Visual Studio Code IDE | ||||
| Visual Studio Code Kubernetes Tools | 0.2 | 1 | Extension for Visual Studio Code IDE | ||||
| Visual Studio Code Maven for Java Extension | 0.2 | 1 | Extension for Visual Studio Code IDE |
| Vulnerability Type | Criticality | U | C | H | M | L | Comment |
|---|---|---|---|---|---|---|---|
| Remote Code Execution | 1.0 | 1 | 44 | 10 | Remote Code Execution | ||
| Security Feature Bypass | 0.9 | 5 | Security Feature Bypass | ||||
| Denial of Service | 0.7 | 2 | 7 | Denial of Service | |||
| Memory Corruption | 0.6 | 1 | Memory Corruption | ||||
| Elevation of Privilege | 0.5 | 2 | 17 | Elevation of Privilege | |||
| Information Disclosure | 0.4 | 17 | Information Disclosure | ||||
| Spoofing | 0.4 | 1 | 1 | Spoofing |
1. 
Remote Code Execution - Microsoft Exchange Server (CVE-2021-28480) - Critical [713]
Description: Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28481, CVE-2021-28482, CVE-2021-28483.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 1.0 | 18 | Exploitation in the wild is mentioned at AttackerKB | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | Microsoft Exchange Server | |
| 1.0 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 9.8. Based on Microsoft data |
qualys: Microsoft released patches to fix critical RCE vulnerabilities in MS Exchange Server: CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483. CVE-2021-28480 and CVE-2021-28481 have a critical severity score of 9.8 out of 10 and could be exploited without authentication.
tenable: CVE-2021-28480 and CVE-2021-28481 are pre-authentication vulnerabilities in Microsoft Exchange Server. A pre-authentication vulnerability means that an attacker does not need to authenticate to the vulnerable Exchange Server in order to exploit the vulnerability. All the attacker needs to do is perform reconnaissance against their intended targets and then send specially crafted requests to the vulnerable Exchange Server.
tenable: CVE-2021-28482 and CVE-2021-28483 are post-authentication vulnerabilities in Microsoft Exchange Server. Unlike CVE-2021-28480 and CVE-2021-28481, these are only exploitable once an attacker has authenticated to a vulnerable Exchange Server. However, these flaws could be chained together with a pre-authentication Exchange Server vulnerability to bypass that requirement. Last month, attackers leveraged ProxyLogon in combination with post-authentication vulnerabilities in order to implant webshells on compromised Exchange Servers and maintain persistence.
tenable: In their acknowledgements, Microsoft credited the NSA with the discovery of all four vulnerabilities, though the two pre-authentication vulnerabilities (CVE-2021-28480, CVE-2021-28481) were also credited to the Microsoft Security Team.
zdi: CVE-2021-28480/28481 – Microsoft Exchange Server Remote Code Execution Vulnerability. Both of these CVEs are listed at a 9.8 CVSS and have identical write-ups, so they both get listed here. Both code execution bugs are unauthenticated and require no user interaction. Since the attack vector is listed as “Network,” it is likely these bugs are wormable – at least between Exchange servers. The CVSS score for these two bugs is actually higher than the Exchange bugs exploited earlier this year. These bugs were credited to the National Security Agency. Considering the source, and considering these bugs also receive Microsoft’s highest Exploit Index rating, assume they will eventually be exploited. Update your systems as soon as possible.
2. 
Elevation of Privilege - Windows Kernel (CVE-2021-28310) - Critical [622]
Description: Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-27072.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 1.0 | 18 | Exploitation in the wild is mentioned at Vulners (AttackerKB object), AttackerKB, Microsoft | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows Kernel | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
qualys: CVE-2021-28310: Win32k Elevation of Privilege Vulnerability
qualys: Microsoft released patches addressing another 0-day vulnerability (CVE-2021-28310). CVE-2021-28310 is an out-of-bounds (OOB) write vulnerability in dwmcore.dll, which is part of Desktop Window Manager (dwm.exe). There is a public exploit available which is being used in the wild. BITTER APT group is suspected of exploiting this CVE in the wild. This CVE has a temporal score of 7.2 from the vendor and should be prioritized for patching.
rapid7: CVEs: CVE-2021-28310, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483. Windows RPC Runtime
rapid7: CVEs: CVE-2021-27091, CVE-2021-28310, CVE-2021-28312, CVE-2021-28437, CVE-2021-28458, CVE-2021-28324, CVE-2021-28442. Summary Tables
zdi: CVE-2021-28310 - Win32k Elevation of Privilege Vulnerability. This is the only vulnerability listed as being actively exploited being patched in April. The bug allows an attacker to escalate privileges by running a specially crafted program on a target system. This does mean that they will either need to log on to a system or trick a legitimate user into running the code on their behalf. Considering who is listed as discovering this bug, it is probably being used in malware. Bugs of this nature are typically combined with other bugs, such as a browser bug or PDF exploit, to take over a system.
3. Elevation of Privilege - Windows Kernel (CVE-2021-27072) - Critical [609]
Description: Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28310.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 1.0 | 18 | Exploitation in the wild is mentioned at Vulners (AttackerKB object) | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows Kernel | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data |
4. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-28327) - High [494]
Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Remote Procedure Call Runtime | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
5. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-28329) - High [494]
Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Remote Procedure Call Runtime | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
rapid7: CVEs: CVE-2021-28329 to CVE-2021-28339 (please see the list below for a complete list). Publicly Disclosed and Exploited
zdi: CVE-2021-28329 et al. – Remote Procedure Call Runtime Remote Code Execution Vulnerability. There are 27 bugs in this month’s release with this title, and all have identical descriptions and CVSS scores. However, 12 are rated Critical while 15 are rated Important in severity. In RPC vulnerabilities seen in the past, an attacker would need to send a specially crafted RPC request to an affected system. Successful exploitation results in executing code in the context of another user. Perhaps the users involved in the Important-rated bugs have lower privileges than their Critical-rated counterparts, but that is not clear from the description. Either way, the researcher who reported these bugs certainly found quite the attack surface.
6. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-28330) - High [494]
Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Remote Procedure Call Runtime | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
7. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-28331) - High [494]
Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Remote Procedure Call Runtime | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
8. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-28332) - High [494]
Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Remote Procedure Call Runtime | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
9. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-28333) - High [494]
Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Remote Procedure Call Runtime | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
10. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-28334) - High [494]
Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Remote Procedure Call Runtime | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
11. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-28335) - High [494]
Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Remote Procedure Call Runtime | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
12. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-28336) - High [494]
Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Remote Procedure Call Runtime | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
13. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-28337) - High [494]
Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Remote Procedure Call Runtime | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
14. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-28338) - High [494]
Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Remote Procedure Call Runtime | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
15. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-28339) - High [494]
Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Remote Procedure Call Runtime | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
rapid7: CVEs: CVE-2021-28329 to CVE-2021-28339 (please see the list below for a complete list). Publicly Disclosed and Exploited
16. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-28340) - High [494]
Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Remote Procedure Call Runtime | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
17. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-28341) - High [494]
Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Remote Procedure Call Runtime | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
18. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-28342) - High [494]
Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Remote Procedure Call Runtime | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
19. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-28343) - High [494]
Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Remote Procedure Call Runtime | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
20. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-28344) - High [494]
Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Remote Procedure Call Runtime | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
21. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-28345) - High [494]
Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Remote Procedure Call Runtime | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
22. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-28346) - High [494]
Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Remote Procedure Call Runtime | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
23. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-28352) - High [494]
Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Remote Procedure Call Runtime | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
24. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-28353) - High [494]
Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Remote Procedure Call Runtime | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
25. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-28354) - High [494]
Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Remote Procedure Call Runtime | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
26. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-28355) - High [494]
Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Remote Procedure Call Runtime | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
27. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-28356) - High [494]
Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Remote Procedure Call Runtime | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
28. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-28357) - High [494]
Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28358, CVE-2021-28434.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Remote Procedure Call Runtime | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
29. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-28358) - High [494]
Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28434.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Remote Procedure Call Runtime | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
30. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-28434) - High [494]
Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Remote Procedure Call Runtime | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
31. Remote Code Execution - Microsoft Exchange Server (CVE-2021-28481) - High [470]
Description: Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28482, CVE-2021-28483.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | Microsoft Exchange Server | |
| 1.0 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 9.8. Based on Microsoft data |
qualys: Microsoft released patches to fix critical RCE vulnerabilities in MS Exchange Server: CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483. CVE-2021-28480 and CVE-2021-28481 have a critical severity score of 9.8 out of 10 and could be exploited without authentication.
tenable: CVE-2021-28480 and CVE-2021-28481 are pre-authentication vulnerabilities in Microsoft Exchange Server. A pre-authentication vulnerability means that an attacker does not need to authenticate to the vulnerable Exchange Server in order to exploit the vulnerability. All the attacker needs to do is perform reconnaissance against their intended targets and then send specially crafted requests to the vulnerable Exchange Server.
tenable: CVE-2021-28482 and CVE-2021-28483 are post-authentication vulnerabilities in Microsoft Exchange Server. Unlike CVE-2021-28480 and CVE-2021-28481, these are only exploitable once an attacker has authenticated to a vulnerable Exchange Server. However, these flaws could be chained together with a pre-authentication Exchange Server vulnerability to bypass that requirement. Last month, attackers leveraged ProxyLogon in combination with post-authentication vulnerabilities in order to implant webshells on compromised Exchange Servers and maintain persistence.
tenable: In their acknowledgements, Microsoft credited the NSA with the discovery of all four vulnerabilities, though the two pre-authentication vulnerabilities (CVE-2021-28480, CVE-2021-28481) were also credited to the Microsoft Security Team.
rapid7: CVEs: CVE-2021-28310, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483. Windows RPC Runtime
32. 
Spoofing - Azure (CVE-2021-28459) - High [467]
Description: Azure DevOps Server Spoofing Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 1.0 | 17 | Public exploit is found at Vulners (Microsoft Azure DevOps Server 2020.0.1 Cross Site Scripting) | |
| 0.4 | 15 | Spoofing | |
| 0.4 | 14 | Azure | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.1. Based on Microsoft data |
33. Remote Code Execution - Windows Media Video Decoder (CVE-2021-27095) - High [462]
Description: Windows Media Video Decoder Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28315.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
34. Remote Code Execution - Windows Media Video Decoder (CVE-2021-28315) - High [462]
Description: Windows Media Video Decoder Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-27095.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
35. Remote Code Execution - Windows GDI+ (CVE-2021-28348) - High [462]
Description: Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28349, CVE-2021-28350.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
36. Remote Code Execution - Windows GDI+ (CVE-2021-28349) - High [462]
Description: Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28348, CVE-2021-28350.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
37. Remote Code Execution - Windows GDI+ (CVE-2021-28350) - High [462]
Description: Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28348, CVE-2021-28349.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
38. Remote Code Execution - Windows Network File System (CVE-2021-28445) - High [462]
Description: Windows Network File System Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows Network File System | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.1. Based on Microsoft data |
39. Remote Code Execution - Microsoft Exchange Server (CVE-2021-28482) - High [456]
Description: Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28481, CVE-2021-28483.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | Microsoft Exchange Server | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
qualys: Microsoft released patches to fix critical RCE vulnerabilities in MS Exchange Server: CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483. CVE-2021-28480 and CVE-2021-28481 have a critical severity score of 9.8 out of 10 and could be exploited without authentication.
tenable: CVE-2021-28482 and CVE-2021-28483 are post-authentication vulnerabilities in Microsoft Exchange Server. Unlike CVE-2021-28480 and CVE-2021-28481, these are only exploitable once an attacker has authenticated to a vulnerable Exchange Server. However, these flaws could be chained together with a pre-authentication Exchange Server vulnerability to bypass that requirement. Last month, attackers leveraged ProxyLogon in combination with post-authentication vulnerabilities in order to implant webshells on compromised Exchange Servers and maintain persistence.
rapid7: CVEs: CVE-2021-28310, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483. Windows RPC Runtime
40. Remote Code Execution - Microsoft Exchange Server (CVE-2021-28483) - High [456]
Description: Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28481, CVE-2021-28482.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | Microsoft Exchange Server | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 9.0. Based on Microsoft data |
qualys: Microsoft released patches to fix critical RCE vulnerabilities in MS Exchange Server: CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483. CVE-2021-28480 and CVE-2021-28481 have a critical severity score of 9.8 out of 10 and could be exploited without authentication.
tenable: CVE-2021-28482 and CVE-2021-28483 are post-authentication vulnerabilities in Microsoft Exchange Server. Unlike CVE-2021-28480 and CVE-2021-28481, these are only exploitable once an attacker has authenticated to a vulnerable Exchange Server. However, these flaws could be chained together with a pre-authentication Exchange Server vulnerability to bypass that requirement. Last month, attackers leveraged ProxyLogon in combination with post-authentication vulnerabilities in order to implant webshells on compromised Exchange Servers and maintain persistence.
rapid7: CVEs: CVE-2021-28310, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483. Windows RPC Runtime
41. Remote Code Execution - VP9 Video Extensions (CVE-2021-28464) - High [443]
Description: VP9 Video Extensions Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | VP9 is an open and royalty-free video coding format developed by Google | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
42. Remote Code Execution - Raw Image Extension (CVE-2021-28466) - High [443]
Description: Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28468.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | Raw Image Extension | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
43. Remote Code Execution - Raw Image Extension (CVE-2021-28468) - High [443]
Description: Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28466.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | Raw Image Extension | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
44. Remote Code Execution - Microsoft Internet Messaging API (CVE-2021-27089) - High [424]
Description: Microsoft Internet Messaging API Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Microsoft Internet Messaging API | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
45. Remote Code Execution - Microsoft Office (CVE-2021-28449) - High [424]
Description: Microsoft Office Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Microsoft Office | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
46. Remote Code Execution - Microsoft Excel (CVE-2021-28451) - High [424]
Description: Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28454.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
47. Remote Code Execution - Microsoft Word (CVE-2021-28453) - High [424]
Description: Microsoft Word Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
48. Remote Code Execution - Microsoft Excel (CVE-2021-28454) - High [424]
Description: Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28451.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
49. 
Denial of Service - Windows TCP/IP Driver (CVE-2021-28319) - High [420]
Description: Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-28439.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.7 | 15 | Denial of Service | |
| 0.9 | 14 | A kernel mode driver | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data |
50. Denial of Service - Windows TCP/IP Driver (CVE-2021-28439) - High [420]
Description: Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-28319.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.7 | 15 | Denial of Service | |
| 0.9 | 14 | A kernel mode driver | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data |
51. 
Security Feature Bypass - Windows Early Launch Antimalware Driver (CVE-2021-27094) - Medium [387]
Description: Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-28447.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Windows component | |
| 0.4 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.4. Based on Microsoft data |
52. Denial of Service - Windows Application Compatibility Cache (CVE-2021-28311) - Medium [387]
Description: Windows Application Compatibility Cache Denial of Service Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data |
53. Security Feature Bypass - Windows WLAN AutoConfig Service (CVE-2021-28316) - Medium [387]
Description: Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Windows сomponent | |
| 0.4 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.2. Based on Microsoft data |
54. Security Feature Bypass - Windows Early Launch Antimalware Driver (CVE-2021-28447) - Medium [387]
Description: Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-27094.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Windows component | |
| 0.4 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.4. Based on Microsoft data |
55. Remote Code Execution - Azure (CVE-2021-28460) - Medium [386]
Description: Azure Sphere Unsigned Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.4 | 14 | Azure | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.1. Based on Microsoft data |
56. 
Information Disclosure - Windows SMB (CVE-2021-28324) - Medium [378]
Description: Windows SMB Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28325.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 1 | 14 | Windows SMB | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data |
rapid7: CVEs: CVE-2021-27091, CVE-2021-28310, CVE-2021-28312, CVE-2021-28437, CVE-2021-28458, CVE-2021-28324, CVE-2021-28442. Summary Tables
57. Security Feature Bypass - Windows Hyper-V (CVE-2021-28444) - Medium [377]
Description: Windows Hyper-V Security Feature Bypass Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.6 | 14 | Hardware virtualization component of the client editions of Windows NT | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.7. Based on Microsoft data |
zdi: CVE-2021-28444 – Windows Hyper-V Security Feature Bypass Vulnerability. This security feature bypass allows an attacker to potentially bypass Router Guard configurations on Hyper-V. Router Guard is designed to prevent guest OSes from offering router services on the network. Many don’t realize Windows can be set up as a router, and on physical or virtual systems, be configured to re-route packets to a rouge location (e.g. Man-in-the-Middle) or simply black hole the traffic. If you’re running Hyper-V, even accidental misconfigurations could cause disruptions, so definitely don’t ignore this patch.
58. Denial of Service - Windows AppX Deployment Server (CVE-2021-28326) - Medium [374]
Description: Windows AppX Deployment Server Denial of Service Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
59. Denial of Service - Windows Console Driver (CVE-2021-28438) - Medium [374]
Description: Windows Console Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-28443.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows Console Driver | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
60. Denial of Service - Windows Console Driver (CVE-2021-28443) - Medium [374]
Description: Windows Console Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-28438.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows Console Driver | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
61. Remote Code Execution - Visual Studio Code (CVE-2021-28457) - Medium [367]
Description: Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28469, CVE-2021-28473, CVE-2021-28475, CVE-2021-28477.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.3 | 14 | Integrated development environment | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
62. Remote Code Execution - Visual Studio Code (CVE-2021-28469) - Medium [367]
Description: Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28457, CVE-2021-28473, CVE-2021-28475, CVE-2021-28477.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.3 | 14 | Integrated development environment | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
63. Remote Code Execution - Visual Studio Code (CVE-2021-28473) - Medium [367]
Description: Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28457, CVE-2021-28469, CVE-2021-28475, CVE-2021-28477.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.3 | 14 | Integrated development environment | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
64. Remote Code Execution - Visual Studio Code (CVE-2021-28475) - Medium [367]
Description: Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28457, CVE-2021-28469, CVE-2021-28473, CVE-2021-28477.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.3 | 14 | Integrated development environment | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
65. Information Disclosure - Windows SMB (CVE-2021-28325) - Medium [364]
Description: Windows SMB Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28324.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 1 | 14 | Windows SMB | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data |
66. Denial of Service - Windows Hyper-V (CVE-2021-26416) - Medium [363]
Description: Windows Hyper-V Denial of Service Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.7 | 15 | Denial of Service | |
| 0.6 | 14 | Hardware virtualization component of the client editions of Windows NT | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.7. Based on Microsoft data |
67. Elevation of Privilege - Windows Installer (CVE-2021-26415) - Medium [360]
Description: Windows Installer Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28440.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows Installer | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
68. Elevation of Privilege - Windows Services and Controller App (CVE-2021-27086) - Medium [360]
Description: Windows Services and Controller App Elevation of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
69. Elevation of Privilege - Windows Event Tracing (CVE-2021-27088) - Medium [360]
Description: Windows Event Tracing Elevation of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows Event Tracing | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
70. Elevation of Privilege - Windows Secure Kernel Mode (CVE-2021-27090) - Medium [360]
Description: Windows Secure Kernel Mode Elevation of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
71. Elevation of Privilege - Windows NTFS (CVE-2021-27096) - Medium [360]
Description: NTFS Elevation of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | The default file system of the Windows NT family | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
72. Elevation of Privilege - Diagnostics Hub Standard Collector (CVE-2021-28313) - Medium [360]
Description: Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28321, CVE-2021-28322.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Diagnostics Hub Standard Collector | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
73. Elevation of Privilege - Windows Resource Manager PSM Service Extension (CVE-2021-28320) - Medium [360]
Description: Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
74. Elevation of Privilege - Diagnostics Hub Standard Collector (CVE-2021-28321) - Medium [360]
Description: Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28313, CVE-2021-28322.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Diagnostics Hub Standard Collector | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
75. Elevation of Privilege - Diagnostics Hub Standard Collector (CVE-2021-28322) - Medium [360]
Description: Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28313, CVE-2021-28321.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Diagnostics Hub Standard Collector | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
76. Elevation of Privilege - Windows Speech Runtime (CVE-2021-28347) - Medium [360]
Description: Windows Speech Runtime Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28351, CVE-2021-28436.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
77. Elevation of Privilege - Windows Speech Runtime (CVE-2021-28351) - Medium [360]
Description: Windows Speech Runtime Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28347, CVE-2021-28436.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
78. Elevation of Privilege - Windows Speech Runtime (CVE-2021-28436) - Medium [360]
Description: Windows Speech Runtime Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28347, CVE-2021-28351.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
79. Remote Code Execution - Visual Studio Code (CVE-2021-28477) - Medium [354]
Description: Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28457, CVE-2021-28469, CVE-2021-28473, CVE-2021-28475.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.3 | 14 | Integrated development environment | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data |
80. Security Feature Bypass - Azure (CVE-2021-27092) - Medium [352]
Description: Azure AD Web Sign-in Security Feature Bypass Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.4 | 14 | Azure | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.8. Based on Microsoft data |
81. Remote Code Execution - Visual Studio Code Kubernetes Tools (CVE-2021-28448) - Medium [348]
Description: Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.2 | 14 | Extension for Visual Studio Code IDE | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
82. Remote Code Execution - Visual Studio Code GitHub Pull Requests and Issues Extension (CVE-2021-28470) - Medium [348]
Description: Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.2 | 14 | Extension for Visual Studio Code IDE | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
83. Remote Code Execution - Remote Development Extension for Visual Studio Code (CVE-2021-28471) - Medium [348]
Description: Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.2 | 14 | Extension for Visual Studio Code IDE | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
84. Remote Code Execution - Visual Studio Code Maven for Java Extension (CVE-2021-28472) - Medium [348]
Description: Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.2 | 14 | Extension for Visual Studio Code IDE | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
85. Elevation of Privilege - Windows Installer (CVE-2021-28440) - Medium [347]
Description: Windows Installer Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26415.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows Installer | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data |
86. Information Disclosure - Windows DNS Server (CVE-2021-28323) - Medium [345]
Description: Windows DNS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28328.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.9 | 14 | Windows DNS Server | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data |
87. Information Disclosure - Windows DNS Server (CVE-2021-28328) - Medium [345]
Description: Windows DNS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28323.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.9 | 14 | Windows DNS Server | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data |
88. Information Disclosure - Windows TCP/IP (CVE-2021-28442) - Medium [345]
Description: Windows TCP/IP Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.9 | 14 | Windows component | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data |
rapid7: CVEs: CVE-2021-27091, CVE-2021-28310, CVE-2021-28312, CVE-2021-28437, CVE-2021-28458, CVE-2021-28324, CVE-2021-28442. Summary Tables
89. Elevation of Privilege - RPC Endpoint Mapper Service (CVE-2021-27091) - Medium [341]
Description: RPC Endpoint Mapper Service Elevation of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.7 | 14 | RPC Endpoint Mapper Service | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
rapid7: CVEs: CVE-2021-27091, CVE-2021-28310, CVE-2021-28312, CVE-2021-28437, CVE-2021-28458, CVE-2021-28324, CVE-2021-28442. Summary Tables
90. Denial of Service - Microsoft SharePoint (CVE-2021-28450) - Medium [341]
Description: Microsoft SharePoint Denial of Service Update
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.7 | 15 | Denial of Service | |
| 0.7 | 14 | Microsoft SharePoint | |
| 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.0. Based on Microsoft data |
91. Denial of Service - Windows NTFS (CVE-2021-28312) - Medium [333]
Description: Windows NTFS Denial of Service Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | The default file system of the Windows NT family | |
| 0.3 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 3.3. Based on Microsoft data |
rapid7: CVEs: CVE-2021-27091, CVE-2021-28310, CVE-2021-28312, CVE-2021-28437, CVE-2021-28458, CVE-2021-28324, CVE-2021-28442. Summary Tables
92. Information Disclosure - Windows Kernel (CVE-2021-27093) - Medium [332]
Description: Windows Kernel Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28309.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.9 | 14 | Windows Kernel | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
93. Information Disclosure - Windows Kernel (CVE-2021-28309) - Medium [332]
Description: Windows Kernel Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-27093.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.9 | 14 | Windows Kernel | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
94. 
Memory Corruption - Microsoft Outlook (CVE-2021-28452) - Medium [329]
Description: Microsoft Outlook Memory Corruption Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.6 | 15 | Memory Corruption | |
| 0.6 | 14 | MS Office product | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.1. Based on Microsoft data |
95. Information Disclosure - Windows Portmapping (CVE-2021-28446) - Medium [327]
Description: Windows Portmapping Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.1. Based on Microsoft data |
96. Elevation of Privilege - Windows Hyper-V (CVE-2021-28314) - Medium [322]
Description: Windows Hyper-V Elevation of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.6 | 14 | Hardware virtualization component of the client editions of Windows NT | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
97. Spoofing - Windows Installer (CVE-2021-26413) - Medium [313]
Description: Windows Installer Spoofing Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Windows Installer | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.2. Based on Microsoft data |
98. Information Disclosure - Windows Overlay Filter (CVE-2021-26417) - Medium [313]
Description: Windows Overlay Filter Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
99. Information Disclosure - Windows Media Photo Codec (CVE-2021-27079) - Medium [313]
Description: Windows Media Photo Codec Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.7. Based on Microsoft data |
100. Information Disclosure - Windows Codecs Library (CVE-2021-28317) - Medium [313]
Description: Microsoft Windows Codecs Library Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows Codecs Library | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
101. Information Disclosure - Windows GDI+ (CVE-2021-28318) - Medium [313]
Description: Windows GDI+ Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
102. Information Disclosure - Windows Event Tracing (CVE-2021-28435) - Medium [313]
Description: Windows Event Tracing Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows Event Tracing | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
103. Information Disclosure - Windows Installer (CVE-2021-28437) - Medium [313]
Description: Windows Installer Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows Installer | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
rapid7: CVEs: CVE-2021-27091, CVE-2021-28310, CVE-2021-28312, CVE-2021-28437, CVE-2021-28458, CVE-2021-28324, CVE-2021-28442. Summary Tables
104. Information Disclosure - Windows Hyper-V (CVE-2021-28441) - Medium [289]
Description: Windows Hyper-V Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.6 | 14 | Hardware virtualization component of the client editions of Windows NT | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data |
105. Elevation of Privilege - Azure (CVE-2021-28458) - Medium [285]
Description: Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.4 | 14 | Azure | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
rapid7: CVEs: CVE-2021-27091, CVE-2021-28310, CVE-2021-28312, CVE-2021-28437, CVE-2021-28458, CVE-2021-28324, CVE-2021-28442. Summary Tables
106. Information Disclosure - Microsoft Excel (CVE-2021-28456) - Medium [275]
Description: Microsoft Excel Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.6 | 14 | MS Office product | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
107. Elevation of Privilege - Visual Studio Installer (CVE-2021-27064) - Medium [266]
Description: Visual Studio Installer Elevation of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.3 | 14 | Integrated development environment | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
108. Information Disclosure - Azure (CVE-2021-27067) - Medium [251]
Description: Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.4 | 14 | Azure | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data |
Remote Code Execution (1)qualys: Microsoft released patches to fix critical RCE vulnerabilities in MS Exchange Server: CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483. CVE-2021-28480 and CVE-2021-28481 have a critical severity score of 9.8 out of 10 and could be exploited without authentication.
tenable: CVE-2021-28480 and CVE-2021-28481 are pre-authentication vulnerabilities in Microsoft Exchange Server. A pre-authentication vulnerability means that an attacker does not need to authenticate to the vulnerable Exchange Server in order to exploit the vulnerability. All the attacker needs to do is perform reconnaissance against their intended targets and then send specially crafted requests to the vulnerable Exchange Server.
tenable: CVE-2021-28482 and CVE-2021-28483 are post-authentication vulnerabilities in Microsoft Exchange Server. Unlike CVE-2021-28480 and CVE-2021-28481, these are only exploitable once an attacker has authenticated to a vulnerable Exchange Server. However, these flaws could be chained together with a pre-authentication Exchange Server vulnerability to bypass that requirement. Last month, attackers leveraged ProxyLogon in combination with post-authentication vulnerabilities in order to implant webshells on compromised Exchange Servers and maintain persistence.
tenable: In their acknowledgements, Microsoft credited the NSA with the discovery of all four vulnerabilities, though the two pre-authentication vulnerabilities (CVE-2021-28480, CVE-2021-28481) were also credited to the Microsoft Security Team.
zdi: CVE-2021-28480/28481 – Microsoft Exchange Server Remote Code Execution Vulnerability. Both of these CVEs are listed at a 9.8 CVSS and have identical write-ups, so they both get listed here. Both code execution bugs are unauthenticated and require no user interaction. Since the attack vector is listed as “Network,” it is likely these bugs are wormable – at least between Exchange servers. The CVSS score for these two bugs is actually higher than the Exchange bugs exploited earlier this year. These bugs were credited to the National Security Agency. Considering the source, and considering these bugs also receive Microsoft’s highest Exploit Index rating, assume they will eventually be exploited. Update your systems as soon as possible.
Elevation of Privilege (2)qualys: CVE-2021-28310: Win32k Elevation of Privilege Vulnerability
qualys: Microsoft released patches addressing another 0-day vulnerability (CVE-2021-28310). CVE-2021-28310 is an out-of-bounds (OOB) write vulnerability in dwmcore.dll, which is part of Desktop Window Manager (dwm.exe). There is a public exploit available which is being used in the wild. BITTER APT group is suspected of exploiting this CVE in the wild. This CVE has a temporal score of 7.2 from the vendor and should be prioritized for patching.
rapid7: CVEs: CVE-2021-28310, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483. Windows RPC Runtime
rapid7: CVEs: CVE-2021-27091, CVE-2021-28310, CVE-2021-28312, CVE-2021-28437, CVE-2021-28458, CVE-2021-28324, CVE-2021-28442. Summary Tables
zdi: CVE-2021-28310 - Win32k Elevation of Privilege Vulnerability. This is the only vulnerability listed as being actively exploited being patched in April. The bug allows an attacker to escalate privileges by running a specially crafted program on a target system. This does mean that they will either need to log on to a system or trick a legitimate user into running the code on their behalf. Considering who is listed as discovering this bug, it is probably being used in malware. Bugs of this nature are typically combined with other bugs, such as a browser bug or PDF exploit, to take over a system.
Spoofing (1)Remote Code Execution (54)rapid7: CVEs: CVE-2021-28329 to CVE-2021-28339 (please see the list below for a complete list). Publicly Disclosed and Exploited
zdi: CVE-2021-28329 et al. – Remote Procedure Call Runtime Remote Code Execution Vulnerability. There are 27 bugs in this month’s release with this title, and all have identical descriptions and CVSS scores. However, 12 are rated Critical while 15 are rated Important in severity. In RPC vulnerabilities seen in the past, an attacker would need to send a specially crafted RPC request to an affected system. Successful exploitation results in executing code in the context of another user. Perhaps the users involved in the Important-rated bugs have lower privileges than their Critical-rated counterparts, but that is not clear from the description. Either way, the researcher who reported these bugs certainly found quite the attack surface.
qualys: Microsoft released patches to fix critical RCE vulnerabilities in MS Exchange Server: CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483. CVE-2021-28480 and CVE-2021-28481 have a critical severity score of 9.8 out of 10 and could be exploited without authentication.
tenable: CVE-2021-28480 and CVE-2021-28481 are pre-authentication vulnerabilities in Microsoft Exchange Server. A pre-authentication vulnerability means that an attacker does not need to authenticate to the vulnerable Exchange Server in order to exploit the vulnerability. All the attacker needs to do is perform reconnaissance against their intended targets and then send specially crafted requests to the vulnerable Exchange Server.
tenable: CVE-2021-28482 and CVE-2021-28483 are post-authentication vulnerabilities in Microsoft Exchange Server. Unlike CVE-2021-28480 and CVE-2021-28481, these are only exploitable once an attacker has authenticated to a vulnerable Exchange Server. However, these flaws could be chained together with a pre-authentication Exchange Server vulnerability to bypass that requirement. Last month, attackers leveraged ProxyLogon in combination with post-authentication vulnerabilities in order to implant webshells on compromised Exchange Servers and maintain persistence.
tenable: In their acknowledgements, Microsoft credited the NSA with the discovery of all four vulnerabilities, though the two pre-authentication vulnerabilities (CVE-2021-28480, CVE-2021-28481) were also credited to the Microsoft Security Team.
rapid7: CVEs: CVE-2021-28310, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483. Windows RPC Runtime
Denial of Service (9)rapid7: CVEs: CVE-2021-27091, CVE-2021-28310, CVE-2021-28312, CVE-2021-28437, CVE-2021-28458, CVE-2021-28324, CVE-2021-28442. Summary Tables
Security Feature Bypass (5)zdi: CVE-2021-28444 – Windows Hyper-V Security Feature Bypass Vulnerability. This security feature bypass allows an attacker to potentially bypass Router Guard configurations on Hyper-V. Router Guard is designed to prevent guest OSes from offering router services on the network. Many don’t realize Windows can be set up as a router, and on physical or virtual systems, be configured to re-route packets to a rouge location (e.g. Man-in-the-Middle) or simply black hole the traffic. If you’re running Hyper-V, even accidental misconfigurations could cause disruptions, so definitely don’t ignore this patch.
Information Disclosure (17)rapid7: CVEs: CVE-2021-27091, CVE-2021-28310, CVE-2021-28312, CVE-2021-28437, CVE-2021-28458, CVE-2021-28324, CVE-2021-28442. Summary Tables
rapid7: CVEs: CVE-2021-27091, CVE-2021-28310, CVE-2021-28312, CVE-2021-28437, CVE-2021-28458, CVE-2021-28324, CVE-2021-28442. Summary Tables
rapid7: CVEs: CVE-2021-27091, CVE-2021-28310, CVE-2021-28312, CVE-2021-28437, CVE-2021-28458, CVE-2021-28324, CVE-2021-28442. Summary Tables
Elevation of Privilege (17)rapid7: CVEs: CVE-2021-27091, CVE-2021-28310, CVE-2021-28312, CVE-2021-28437, CVE-2021-28458, CVE-2021-28324, CVE-2021-28442. Summary Tables
rapid7: CVEs: CVE-2021-27091, CVE-2021-28310, CVE-2021-28312, CVE-2021-28437, CVE-2021-28458, CVE-2021-28324, CVE-2021-28442. Summary Tables
Memory Corruption (1)Spoofing (1)