Elevation of Privilege - Windows Win32k (CVE-2021-1732) - Urgent [839] Description: Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1698.1. Elevation of Privilege - Windows Win32k (CVE-2021-1732) - Urgent [839] Description: Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1698.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 1.0 | 18 | Exploitation in the wild is mentioned at Vulners (AttackerKB object), AttackerKB |
| Public Exploit Exists | 1.0 | 17 | Public exploit is found at Vulners (Win32k ConsoleControl Offset Confusion) |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.9 | 14 | Windows kernel-mode driver |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
qualys: Microsoft released updates to fix a local privilege escalation vulnerability in Win32K (CVE-2021-1732). This vulnerability is reportedly exploited in the wild and should be prioritized for patching.
tenable: CVE-2021-1732 is an EoP vulnerability due to the Windows kernel-mode driver improperly handling objects in memory. EoP vulnerabilities are often used post-compromise, since they require an attacker to first gain a foothold in a vulnerable system. Successful exploitation would elevate the privileges of an attacker, potentially allowing them to create new accounts, install programs, and view, modify or delete data. According to Microsoft, this vulnerability has been exploited in the wild. Kevin Beaumont, a security researcher at Microsoft, noted in a tweet that he worked on a threat analytics report about the vulnerability for Microsoft 365 customers.
tenable: I worked on a threat analytics report for Microsoft 365 customers on CVE-2021-1732, a zero day local elevation of privilege vulnerability in Win32k (patch out now). https://t.co/BHx92CVoUC
tenable: I worked on a threat analytics report for Microsoft 365 customers on CVE-2021-1732, a zero day local elevation of privilege vulnerability in Win32k (patch out now). https://t.co/BHx92CVoUC — Kevin Beaumont (@GossiTheDog) February 9, 2021
rapid7: One zero-day was announced: CVE-2021-1732 is a privilege elevation vulnerability affecting the Win32k component of Windows 10 and Windows Server 2019, reported to be exploited in the wild. Four vulnerabilities have been previously disclosed: CVE-2021-1727, a privilege elevation vulnerability in Windows Installer, affecting all supported versions of Windows; CVE-2021-24098, which is a denial of service (DoS) affecting Windows 10 and Server 2019; CVE-2021-24106, an information disclosure vulnerability affecting DirectX in Windows 10 and Server 2019; and CVE-2021-26701, an RCE in .NET Core.
zdi: CVE-2021-1732 - CVE-2021-1732 - Windows Win32k Elevation of Privilege Vulnerability. This local privilege escalation would allow a logged-on user to execute code of their choosing at higher privileges. Bugs of this nature are typically paired with another bug that allows code execution a the logged-on user level. For example, this could be paired with an Adobe Reader exploit. An attacker would entice a user to open a specially crafted PDF, which would result in code execution through the Reader bug then escalation through this bug. This is also a common tactic for malware.
2. 
Spoofing - Microsoft Exchange Server (CVE-2021-24085) - Critical [754] Description: Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-1730.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 1.0 | 18 | Exploitation in the wild is mentioned at Vulners (AttackerKB object), AttackerKB |
| Public Exploit Exists | 1.0 | 17 | Public exploit is found at Vulners (Microsoft Exchange Server msExchEcpCanary CSRF / Privilege Escalation) |
| Criticality of Vulnerability Type | 0.4 | 15 | Spoofing |
| Vulnerable Product is Common | 0.7 | 14 | Microsoft Exchange Server |
| CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on NVD data |
3. Elevation of Privilege - Windows Win32k (CVE-2021-1698) - Critical [609] Description: Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1732.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 1.0 | 18 | Exploitation in the wild is mentioned at Vulners (AttackerKB object) |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.9 | 14 | Windows kernel-mode driver |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
4. Spoofing - Microsoft Exchange Server (CVE-2021-1730) - High [524] Description: Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-24085.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 1.0 | 18 | Exploitation in the wild is mentioned at Vulners (AttackerKB object) |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Spoofing |
| Vulnerable Product is Common | 0.7 | 14 | Microsoft Exchange Server |
| CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.4. Based on NVD data |
5. 
Remote Code Execution - Windows TCP/IP (CVE-2021-24074) - High [494] Description: Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24094.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.9 | 14 | Windows TCP/IP |
| CVSS Base Score | 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 9.8. Based on NVD data |
qualys: Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074 and CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086). While there is no evidence that these vulnerabilities are exploited in wild, these vulnerabilities should be prioritized given their impact.
tenable: CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086 are a set of three vulnerabilities in Microsoft’s TCP/IP implementation for Windows.
tenable: CVE-2021-24074 CVE-2021-24094 CVE-2021-24086https://t.co/WJLhzqwRVp
rapid7: Microsoft also disclosed a set of three serious vulnerabilities affecting the TCP/IP networking stack in all supported versions of Windows. Two of these (CVE-2021-24074 and CVE-2021-24094) carry a base CVSSv3 score of 9.8 and could allow Remote Code Execution (RCE). CVE-2021-24094 is specific to IPv6 link-local addresses, meaning it isn’t exploitable over the public internet. CVE-2021-24074, however, does not have this limitation. The third, CVE-2021-24086, is a DoS vulnerability that could allow an attacker to trigger a “blue screen of death” on any Windows system that is directly exposed to the internet, using only a small amount of network traffic. The RCE exploits are probably not a threat in the short term, due to the complexity of the vulnerabilities, but DoS attacks are expected to be seen much more quickly. Windows systems should be patched as soon as possible to protect against these.
zdi: CVE-2021-24074 - Windows TCP/IP Remote Code Execution Vulnerability. There are two TCP/IP bugs in this month’s release, but I chose to highlight this vulnerability over CVE-2021-24094 since this bug affects IPv4 while the other impacts IPv6. Both bugs could allow remote, unauthenticated code execution on affected systems. For CVE-2021-24074, the vulnerability resides in IPv4 source routing, which should be disabled by default. You can also block source routing at firewalls or other perimeter devices. The IPv6 bug involves packet fragmentation where a large number of fragments could lead to code execution.
6. Remote Code Execution - Windows DNS Server (CVE-2021-24078) - High [494] Description: Windows DNS Server Remote Code Execution Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.9 | 14 | Windows DNS Server |
| CVSS Base Score | 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 9.8. Based on NVD data |
qualys: Microsoft released patches to fix a remote code execution vulnerability in Windows DNS Server (CVE-2021-24078). This vulnerability has a CVSSv3 base score of 9.8 and should be prioritized for patching.
tenable: CVE-2021-24078 is an RCE flaw within Windows server installations when configured as a DNS server. Affecting Windows Server versions from 2008 to 2019, including server core installations, this severe flaw is considered “more likely” to be exploited and received a CVSSv3 score of 9.8. This bug is exploitable by a remote attacker with no requirements for user interaction or a privileged account. As the vulnerability affects DNS servers, it is possible this flaw could be wormable and spread within a network.
zdi: CVE-2021-24078 - Windows DNS Server Remote Code Execution Vulnerability. This patch fixes a bug in the Windows DNS Server that could allow remote code execution on affected systems. Fortunately, if your system is not configured to be a DNS server, it is not impacted by this bug. However, for those systems that are configured as DNS servers, this bug allows code execution in a privileged service from a remote, unauthenticated attacker. This is potentially wormable, although only between DNS servers. Prioritize this update if you depend on Microsoft DNS servers.
7. Remote Code Execution - Windows TCP/IP (CVE-2021-24094) - High [494] Description: Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24074.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.9 | 14 | Windows TCP/IP |
| CVSS Base Score | 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 9.8. Based on NVD data |
qualys: Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074 and CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086). While there is no evidence that these vulnerabilities are exploited in wild, these vulnerabilities should be prioritized given their impact.
tenable: CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086 are a set of three vulnerabilities in Microsoft’s TCP/IP implementation for Windows.
tenable: CVE-2021-24074 CVE-2021-24094 CVE-2021-24086https://t.co/WJLhzqwRVp
rapid7: Microsoft also disclosed a set of three serious vulnerabilities affecting the TCP/IP networking stack in all supported versions of Windows. Two of these (CVE-2021-24074 and CVE-2021-24094) carry a base CVSSv3 score of 9.8 and could allow Remote Code Execution (RCE). CVE-2021-24094 is specific to IPv6 link-local addresses, meaning it isn’t exploitable over the public internet. CVE-2021-24074, however, does not have this limitation. The third, CVE-2021-24086, is a DoS vulnerability that could allow an attacker to trigger a “blue screen of death” on any Windows system that is directly exposed to the internet, using only a small amount of network traffic. The RCE exploits are probably not a threat in the short term, due to the complexity of the vulnerabilities, but DoS attacks are expected to be seen much more quickly. Windows systems should be patched as soon as possible to protect against these.
zdi: CVE-2021-24074 - Windows TCP/IP Remote Code Execution Vulnerability. There are two TCP/IP bugs in this month’s release, but I chose to highlight this vulnerability over CVE-2021-24094 since this bug affects IPv4 while the other impacts IPv6. Both bugs could allow remote, unauthenticated code execution on affected systems. For CVE-2021-24074, the vulnerability resides in IPv4 source routing, which should be disabled by default. You can also block source routing at firewalls or other perimeter devices. The IPv6 bug involves packet fragmentation where a large number of fragments could lead to code execution.
zdi: There are a handful of notable Denial-of-Service (DoS) bugs patched this month, and the fix for TCP/IP leads the way. Similar to CVE-2021-24094, this bug also involves IPv6 fragmentation, although there’s no patch to code execution here. Disallowing IPv6 UDP fragmentation at the perimeter could have some side effects but implementing the workaround to drop out-of-order packets seems more reasonable. Still, this should be tested before updating production systems. The DoS bugs impacting .NET Core and the Windows Console Driver are listed as publicly known, but Microsoft provides no further details. There’s a patch for a DoS vulnerability in Skype for Business and Lync. If you’re still using either of those messaging tools, definitely look to patch soon.
8. Remote Code Execution - Windows Fax Service (CVE-2021-1722) - High [475] Description: Windows Fax Service Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24077.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.8 | 14 | Windows Fax Service |
| CVSS Base Score | 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 9.8. Based on NVD data |
9. Remote Code Execution - Windows Fax Service (CVE-2021-24077) - High [475] Description: Windows Fax Service Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1722.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.8 | 14 | Windows Fax Service |
| CVSS Base Score | 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 9.8. Based on NVD data |
qualys: Microsoft released patches to fix a remote code execution vulnerability in Windows Fax Service (CVE-2021-24077). This vulnerability has a CVSSv3 base score of 9.8 and should be prioritized for patching.
10. Remote Code Execution - .NET Core (CVE-2021-24112) - High [475] Description: .NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26701.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.8 | 14 | .NET Core |
| CVSS Base Score | 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 9.8. Based on NVD data |
11. Remote Code Execution - .NET Core (CVE-2021-26701) - High [475] Description: .NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24112.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.8 | 14 | .NET Core |
| CVSS Base Score | 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 9.8. Based on NVD data |
rapid7: One zero-day was announced: CVE-2021-1732 is a privilege elevation vulnerability affecting the Win32k component of Windows 10 and Windows Server 2019, reported to be exploited in the wild. Four vulnerabilities have been previously disclosed: CVE-2021-1727, a privilege elevation vulnerability in Windows Installer, affecting all supported versions of Windows; CVE-2021-24098, which is a denial of service (DoS) affecting Windows 10 and Server 2019; CVE-2021-24106, an information disclosure vulnerability affecting DirectX in Windows 10 and Server 2019; and CVE-2021-26701, an RCE in .NET Core.
zdi: CVE-2021-26701 - .NET Core and Visual Studio Remote Code Execution Vulnerability. This is the only Critical-rated bug to be listed as publicly known, and without more information from Microsoft, that’s about all we know about it. Based on the CVSS, this could all remote, unauthenticated attackers to execute arbitrary code on an affected system. Regardless, if you rely on the .NET Framework or .NET Core, make sure you test and deploy this one quickly.
12. Remote Code Execution - Microsoft Windows (CVE-2021-24081) - High [467] Description: Microsoft Windows Codecs Library Remote Code Execution Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.9 | 14 | Windows Kernel |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
13. Remote Code Execution - Windows Camera Codec Pack (CVE-2021-24091) - High [462] Description: Windows Camera Codec Pack Remote Code Execution Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.8 | 14 | Windows Camera Codec Pack |
| CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
14. Remote Code Execution - Windows Graphics Component (CVE-2021-24093) - High [462] Description: Windows Graphics Component Remote Code Execution Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.8 | 14 | Windows Graphics Component |
| CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
15. 
Security Feature Bypass - Microsoft Windows (CVE-2020-17162) - High [460] Description: Microsoft Windows Security Feature Bypass Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.9 | 15 | Security Feature Bypass |
| Vulnerable Product is Common | 0.9 | 14 | Windows Kernel |
| CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
16. Remote Code Execution - Windows Address Book (CVE-2021-24083) - High [448] Description: Windows Address Book Remote Code Execution Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.8 | 14 | Windows Address Book |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
17. Remote Code Execution - Windows Local Spooler (CVE-2021-24088) - High [443] Description: Windows Local Spooler Remote Code Execution Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.7 | 14 | Windows Local Spooler |
| CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
18. Remote Code Execution - Package Managers Configurations (CVE-2021-24105) - High [429] Description: Package Managers Configurations Remote Code Execution Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.7 | 14 | Package Managers Configurations |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
19. Security Feature Bypass - Microsoft.PowerShell.Utility Module WDAC (CVE-2021-24082) - High [414] Description: Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.9 | 15 | Security Feature Bypass |
| Vulnerable Product is Common | 0.8 | 14 | Microsoft.PowerShell.Utility Module WDAC |
| CVSS Base Score | 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on NVD data |
20. Remote Code Execution - Microsoft Excel (CVE-2021-24067) - High [410] Description: Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24068, CVE-2021-24069, CVE-2021-24070.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.6 | 14 | MS Office product |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
21. Remote Code Execution - Microsoft Excel (CVE-2021-24068) - High [410] Description: Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24067, CVE-2021-24069, CVE-2021-24070.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.6 | 14 | MS Office product |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
22. Remote Code Execution - Microsoft Excel (CVE-2021-24069) - High [410] Description: Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24067, CVE-2021-24068, CVE-2021-24070.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.6 | 14 | MS Office product |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
23. Remote Code Execution - Microsoft Excel (CVE-2021-24070) - High [410] Description: Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24067, CVE-2021-24068, CVE-2021-24069.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.6 | 14 | MS Office product |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
24. 
Denial of Service - Windows TCP/IP (CVE-2021-24086) - High [406] Description: Windows TCP/IP Denial of Service Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
| Vulnerable Product is Common | 0.9 | 14 | Windows TCP/IP |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on NVD data |
qualys: Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074 and CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086). While there is no evidence that these vulnerabilities are exploited in wild, these vulnerabilities should be prioritized given their impact.
tenable: CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086 are a set of three vulnerabilities in Microsoft’s TCP/IP implementation for Windows.
tenable: CVE-2021-24074 CVE-2021-24094 CVE-2021-24086https://t.co/WJLhzqwRVp
rapid7: Microsoft also disclosed a set of three serious vulnerabilities affecting the TCP/IP networking stack in all supported versions of Windows. Two of these (CVE-2021-24074 and CVE-2021-24094) carry a base CVSSv3 score of 9.8 and could allow Remote Code Execution (RCE). CVE-2021-24094 is specific to IPv6 link-local addresses, meaning it isn’t exploitable over the public internet. CVE-2021-24074, however, does not have this limitation. The third, CVE-2021-24086, is a DoS vulnerability that could allow an attacker to trigger a “blue screen of death” on any Windows system that is directly exposed to the internet, using only a small amount of network traffic. The RCE exploits are probably not a threat in the short term, due to the complexity of the vulnerabilities, but DoS attacks are expected to be seen much more quickly. Windows systems should be patched as soon as possible to protect against these.
25. Remote Code Execution - Microsoft SharePoint (CVE-2021-24066) - High [405] Description: Microsoft SharePoint Remote Code Execution Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.5 | 14 | Microsoft SharePoint |
| CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
26. Remote Code Execution - Microsoft SharePoint (CVE-2021-24072) - High [405] Description: Microsoft SharePoint Server Remote Code Execution Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.5 | 14 | Microsoft SharePoint |
| CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
27. Denial of Service - Skype for Business and Lync (CVE-2021-24099) - Medium [393] Description: Skype for Business and Lync Denial of Service Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
| Vulnerable Product is Common | 0.9 | 14 | Skype for Business and Lync |
| CVSS Base Score | 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on NVD data |
28. Remote Code Execution - Visual Studio (CVE-2021-1639) - Medium [391] Description: Visual Studio Code Remote Code Execution Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.5 | 14 | Visual Studio |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
29. Remote Code Execution - Visual Studio (CVE-2021-26700) - Medium [391] Description: Visual Studio Code npm-script Extension Remote Code Execution Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.5 | 14 | Visual Studio |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
30. Security Feature Bypass - PFX Encryption (CVE-2021-1731) - Medium [382] Description: PFX Encryption Security Feature Bypass Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.9 | 15 | Security Feature Bypass |
| Vulnerable Product is Common | 0.7 | 14 | PFX Encryption |
| CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on NVD data |
31. Denial of Service - .NET Core (CVE-2021-1721) - Medium [374] Description: .NET Core and Visual Studio Denial of Service Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
| Vulnerable Product is Common | 0.8 | 14 | .NET Core |
| CVSS Base Score | 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on NVD data |
32. Denial of Service - Windows Network File System (CVE-2021-24075) - Medium [374] Description: Windows Network File System Denial of Service Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
| Vulnerable Product is Common | 0.8 | 14 | Windows Network File System |
| CVSS Base Score | 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.8. Based on NVD data |
33. Denial of Service - Windows Trust Verification API (CVE-2021-24080) - Medium [374] Description: Windows Trust Verification API Denial of Service Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
| Vulnerable Product is Common | 0.8 | 14 | Windows Trust Verification API |
| CVSS Base Score | 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on NVD data |
34. Elevation of Privilege - Windows Kernel (CVE-2021-24096) - Medium [366] Description: Windows Kernel Elevation of Privilege Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.9 | 14 | Windows Kernel |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
35. Denial of Service - Windows Console Driver (CVE-2021-24098) - Medium [360] Description: Windows Console Driver Denial of Service Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
| Vulnerable Product is Common | 0.8 | 14 | Windows Console Driver |
| CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on NVD data |
rapid7: One zero-day was announced: CVE-2021-1732 is a privilege elevation vulnerability affecting the Win32k component of Windows 10 and Windows Server 2019, reported to be exploited in the wild. Four vulnerabilities have been previously disclosed: CVE-2021-1727, a privilege elevation vulnerability in Windows Installer, affecting all supported versions of Windows; CVE-2021-24098, which is a denial of service (DoS) affecting Windows 10 and Server 2019; CVE-2021-24106, an information disclosure vulnerability affecting DirectX in Windows 10 and Server 2019; and CVE-2021-26701, an RCE in .NET Core.
36. Elevation of Privilege - Windows Installer (CVE-2021-1727) - Medium [347] Description: Windows Installer Elevation of Privilege Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.8 | 14 | Windows Installer |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
tenable: CVE-2021-1727 is an EoP vulnerability found in the Windows Installer. According to the Microsoft advisory, this bug has been publicly disclosed and exploitation is considered “more likely.” In order to exploit this vulnerability, a local attacker would need a low-privileged user account, making this a likely candidate for inclusion as part of malicious software. Patches are available for Windows Server, Windows Server Core installations and non-server variants of all currently supported versions of Windows.
rapid7: One zero-day was announced: CVE-2021-1732 is a privilege elevation vulnerability affecting the Win32k component of Windows 10 and Windows Server 2019, reported to be exploited in the wild. Four vulnerabilities have been previously disclosed: CVE-2021-1727, a privilege elevation vulnerability in Windows Installer, affecting all supported versions of Windows; CVE-2021-24098, which is a denial of service (DoS) affecting Windows 10 and Server 2019; CVE-2021-24106, an information disclosure vulnerability affecting DirectX in Windows 10 and Server 2019; and CVE-2021-26701, an RCE in .NET Core.
37. Elevation of Privilege - Sysinternals PsExec (CVE-2021-1733) - Medium [347] Description: Sysinternals PsExec Elevation of Privilege Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.8 | 14 | 0.9 |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
tenable: CVE-2021-1733 is an EoP vulnerability in PsExec, a Windows Sysinternals application used for remotely executing processes on systems within a network. The vulnerability was found and reported to Microsoft by David Wells, staff research engineer on Tenable’s Zero Day Research team. Wells wrote about the flaw on the Tenable Tech Blog and notes that “the local privilege escalation vulnerability could allow a non-admin process to escalate to SYSTEM if PsExec is executed locally or remotely on the target machine.” A proof-of-concept for the flaw has been added to the Tenable Github repository.
38. Elevation of Privilege - Microsoft Defender (CVE-2021-24092) - Medium [347] Description: Microsoft Defender Elevation of Privilege Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.8 | 14 | Microsoft Defender |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
39. Elevation of Privilege - Windows Event Tracing (CVE-2021-24102) - Medium [347] Description: Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-24103.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.8 | 14 | Windows Event Tracing |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
40. Elevation of Privilege - Windows Event Tracing (CVE-2021-24103) - Medium [347] Description: Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-24102.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.8 | 14 | Windows Event Tracing |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
41. Elevation of Privilege - Windows PKU2U (CVE-2021-25195) - Medium [347] Description: Windows PKU2U Elevation of Privilege Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.8 | 14 | Windows PKU2U |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
42. Spoofing - Skype for Business and Lync (CVE-2021-24073) - Medium [345] Description: Skype for Business and Lync Spoofing Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Spoofing |
| Vulnerable Product is Common | 0.9 | 14 | Skype for Business and Lync |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.1. Based on NVD data |
43. Elevation of Privilege - System Center Operations Manager (CVE-2021-1728) - Medium [341] Description: System Center Operations Manager Elevation of Privilege Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.7 | 14 | System Center Operations Manager |
| CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
44. 
Information Disclosure - Windows Remote Procedure Call (CVE-2021-1734) - Medium [327] Description: Windows Remote Procedure Call Information Disclosure Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.8 | 14 | Windows Remote Procedure Call |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on NVD data |
45. Information Disclosure - Microsoft Windows (CVE-2021-24076) - Medium [318] Description: Microsoft Windows VMSwitch Information Disclosure Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.9 | 14 | Windows Kernel |
| CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on NVD data |
46. Information Disclosure - Windows Backup Engine (CVE-2021-24079) - Medium [300] Description: Windows Backup Engine Information Disclosure Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.8 | 14 | Windows Backup Engine |
| CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on NVD data |
47. Information Disclosure - Windows DirectX (CVE-2021-24106) - Medium [300] Description: Windows DirectX Information Disclosure Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.8 | 14 | Windows DirectX |
| CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on NVD data |
rapid7: One zero-day was announced: CVE-2021-1732 is a privilege elevation vulnerability affecting the Win32k component of Windows 10 and Windows Server 2019, reported to be exploited in the wild. Four vulnerabilities have been previously disclosed: CVE-2021-1727, a privilege elevation vulnerability in Windows Installer, affecting all supported versions of Windows; CVE-2021-24098, which is a denial of service (DoS) affecting Windows 10 and Server 2019; CVE-2021-24106, an information disclosure vulnerability affecting DirectX in Windows 10 and Server 2019; and CVE-2021-26701, an RCE in .NET Core.
48. Spoofing - Microsoft SharePoint (CVE-2021-1726) - Medium [283] Description: Microsoft SharePoint Spoofing Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Spoofing |
| Vulnerable Product is Common | 0.5 | 14 | Microsoft SharePoint |
| CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.0. Based on NVD data |
49. Information Disclosure - Windows Mobile Device Management (CVE-2021-24084) - Medium [281] Description: Windows Mobile Device Management Information Disclosure Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.7 | 14 | Windows Mobile Device Management |
| CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on NVD data |
50. Information Disclosure - Teams (CVE-2021-24114) - Medium [262] Description: Microsoft Teams iOS Information Disclosure Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.6 | 14 | MS Office product |
| CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.7. Based on NVD data |
51. Information Disclosure - Microsoft SharePoint (CVE-2021-24071) - Medium [256] Description: Microsoft SharePoint Information Disclosure Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.5 | 14 | Microsoft SharePoint |
| CVSS Base Score | 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on NVD data |
52. Elevation of Privilege - Azure (CVE-2021-24087) - Medium [252] Description: Azure IoT CLI extension Elevation of Privilege Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.3 | 14 | Azure |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
53. Elevation of Privilege - Azure (CVE-2021-24109) - Medium [239] Description: Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.3 | 14 | Azure |
| CVSS Base Score | 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.8. Based on NVD data |
54. Denial of Service - Unknown Product (CVE-2021-24111) - Medium [236] Description: .NET Framework Denial of Service Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
| Vulnerable Product is Common | 0 | 14 | Unclassified product |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on NVD data |
55. Information Disclosure - Microsoft Dataverse (CVE-2021-24101) - Medium [200] Description: Microsoft Dataverse Information Disclosure Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.2 | 14 | Microsoft Dataverse |
| CVSS Base Score | 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on NVD data |
56. 
Cross Site Scripting - Microsoft Dynamics Business Central (CVE-2021-1724) - Low [191] Description: Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Cross Site Scripting |
| Vulnerable Product is Common | 0.3 | 14 | Microsoft Dynamics Business Central |
| CVSS Base Score | 0.4 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.8. Based on NVD data |
57. Information Disclosure - Microsoft Edge for Android (CVE-2021-24100) - Low [154] Description: Microsoft Edge for Android Information Disclosure Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.1 | 14 | Web browser |
| CVSS Base Score | 0.4 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.4. Based on NVD data |
Elevation of Privilege (2)qualys: Microsoft released updates to fix a local privilege escalation vulnerability in Win32K (CVE-2021-1732). This vulnerability is reportedly exploited in the wild and should be prioritized for patching.
tenable: CVE-2021-1732 is an EoP vulnerability due to the Windows kernel-mode driver improperly handling objects in memory. EoP vulnerabilities are often used post-compromise, since they require an attacker to first gain a foothold in a vulnerable system. Successful exploitation would elevate the privileges of an attacker, potentially allowing them to create new accounts, install programs, and view, modify or delete data. According to Microsoft, this vulnerability has been exploited in the wild. Kevin Beaumont, a security researcher at Microsoft, noted in a tweet that he worked on a threat analytics report about the vulnerability for Microsoft 365 customers.
tenable: I worked on a threat analytics report for Microsoft 365 customers on CVE-2021-1732, a zero day local elevation of privilege vulnerability in Win32k (patch out now). https://t.co/BHx92CVoUC
tenable: I worked on a threat analytics report for Microsoft 365 customers on CVE-2021-1732, a zero day local elevation of privilege vulnerability in Win32k (patch out now). https://t.co/BHx92CVoUC — Kevin Beaumont (@GossiTheDog) February 9, 2021
rapid7: One zero-day was announced: CVE-2021-1732 is a privilege elevation vulnerability affecting the Win32k component of Windows 10 and Windows Server 2019, reported to be exploited in the wild. Four vulnerabilities have been previously disclosed: CVE-2021-1727, a privilege elevation vulnerability in Windows Installer, affecting all supported versions of Windows; CVE-2021-24098, which is a denial of service (DoS) affecting Windows 10 and Server 2019; CVE-2021-24106, an information disclosure vulnerability affecting DirectX in Windows 10 and Server 2019; and CVE-2021-26701, an RCE in .NET Core.
zdi: CVE-2021-1732 - CVE-2021-1732 - Windows Win32k Elevation of Privilege Vulnerability. This local privilege escalation would allow a logged-on user to execute code of their choosing at higher privileges. Bugs of this nature are typically paired with another bug that allows code execution a the logged-on user level. For example, this could be paired with an Adobe Reader exploit. An attacker would entice a user to open a specially crafted PDF, which would result in code execution through the Reader bug then escalation through this bug. This is also a common tactic for malware.
Spoofing (2)Remote Code Execution (21)qualys: Microsoft released patches to fix a remote code execution vulnerability in Windows DNS Server (CVE-2021-24078). This vulnerability has a CVSSv3 base score of 9.8 and should be prioritized for patching.
tenable: CVE-2021-24078 is an RCE flaw within Windows server installations when configured as a DNS server. Affecting Windows Server versions from 2008 to 2019, including server core installations, this severe flaw is considered “more likely” to be exploited and received a CVSSv3 score of 9.8. This bug is exploitable by a remote attacker with no requirements for user interaction or a privileged account. As the vulnerability affects DNS servers, it is possible this flaw could be wormable and spread within a network.
zdi: CVE-2021-24078 - Windows DNS Server Remote Code Execution Vulnerability. This patch fixes a bug in the Windows DNS Server that could allow remote code execution on affected systems. Fortunately, if your system is not configured to be a DNS server, it is not impacted by this bug. However, for those systems that are configured as DNS servers, this bug allows code execution in a privileged service from a remote, unauthenticated attacker. This is potentially wormable, although only between DNS servers. Prioritize this update if you depend on Microsoft DNS servers.
qualys: Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074 and CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086). While there is no evidence that these vulnerabilities are exploited in wild, these vulnerabilities should be prioritized given their impact.
tenable: CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086 are a set of three vulnerabilities in Microsoft’s TCP/IP implementation for Windows.
tenable: CVE-2021-24074 CVE-2021-24094 CVE-2021-24086https://t.co/WJLhzqwRVp
rapid7: Microsoft also disclosed a set of three serious vulnerabilities affecting the TCP/IP networking stack in all supported versions of Windows. Two of these (CVE-2021-24074 and CVE-2021-24094) carry a base CVSSv3 score of 9.8 and could allow Remote Code Execution (RCE). CVE-2021-24094 is specific to IPv6 link-local addresses, meaning it isn’t exploitable over the public internet. CVE-2021-24074, however, does not have this limitation. The third, CVE-2021-24086, is a DoS vulnerability that could allow an attacker to trigger a “blue screen of death” on any Windows system that is directly exposed to the internet, using only a small amount of network traffic. The RCE exploits are probably not a threat in the short term, due to the complexity of the vulnerabilities, but DoS attacks are expected to be seen much more quickly. Windows systems should be patched as soon as possible to protect against these.
zdi: CVE-2021-24074 - Windows TCP/IP Remote Code Execution Vulnerability. There are two TCP/IP bugs in this month’s release, but I chose to highlight this vulnerability over CVE-2021-24094 since this bug affects IPv4 while the other impacts IPv6. Both bugs could allow remote, unauthenticated code execution on affected systems. For CVE-2021-24074, the vulnerability resides in IPv4 source routing, which should be disabled by default. You can also block source routing at firewalls or other perimeter devices. The IPv6 bug involves packet fragmentation where a large number of fragments could lead to code execution.
zdi: There are a handful of notable Denial-of-Service (DoS) bugs patched this month, and the fix for TCP/IP leads the way. Similar to CVE-2021-24094, this bug also involves IPv6 fragmentation, although there’s no patch to code execution here. Disallowing IPv6 UDP fragmentation at the perimeter could have some side effects but implementing the workaround to drop out-of-order packets seems more reasonable. Still, this should be tested before updating production systems. The DoS bugs impacting .NET Core and the Windows Console Driver are listed as publicly known, but Microsoft provides no further details. There’s a patch for a DoS vulnerability in Skype for Business and Lync. If you’re still using either of those messaging tools, definitely look to patch soon.
rapid7: One zero-day was announced: CVE-2021-1732 is a privilege elevation vulnerability affecting the Win32k component of Windows 10 and Windows Server 2019, reported to be exploited in the wild. Four vulnerabilities have been previously disclosed: CVE-2021-1727, a privilege elevation vulnerability in Windows Installer, affecting all supported versions of Windows; CVE-2021-24098, which is a denial of service (DoS) affecting Windows 10 and Server 2019; CVE-2021-24106, an information disclosure vulnerability affecting DirectX in Windows 10 and Server 2019; and CVE-2021-26701, an RCE in .NET Core.
zdi: CVE-2021-26701 - .NET Core and Visual Studio Remote Code Execution Vulnerability. This is the only Critical-rated bug to be listed as publicly known, and without more information from Microsoft, that’s about all we know about it. Based on the CVSS, this could all remote, unauthenticated attackers to execute arbitrary code on an affected system. Regardless, if you rely on the .NET Framework or .NET Core, make sure you test and deploy this one quickly.
qualys: Microsoft released patches to fix a remote code execution vulnerability in Windows Fax Service (CVE-2021-24077). This vulnerability has a CVSSv3 base score of 9.8 and should be prioritized for patching.
Security Feature Bypass (3)Denial of Service (7)qualys: Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074 and CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086). While there is no evidence that these vulnerabilities are exploited in wild, these vulnerabilities should be prioritized given their impact.
tenable: CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086 are a set of three vulnerabilities in Microsoft’s TCP/IP implementation for Windows.
tenable: CVE-2021-24074 CVE-2021-24094 CVE-2021-24086https://t.co/WJLhzqwRVp
rapid7: Microsoft also disclosed a set of three serious vulnerabilities affecting the TCP/IP networking stack in all supported versions of Windows. Two of these (CVE-2021-24074 and CVE-2021-24094) carry a base CVSSv3 score of 9.8 and could allow Remote Code Execution (RCE). CVE-2021-24094 is specific to IPv6 link-local addresses, meaning it isn’t exploitable over the public internet. CVE-2021-24074, however, does not have this limitation. The third, CVE-2021-24086, is a DoS vulnerability that could allow an attacker to trigger a “blue screen of death” on any Windows system that is directly exposed to the internet, using only a small amount of network traffic. The RCE exploits are probably not a threat in the short term, due to the complexity of the vulnerabilities, but DoS attacks are expected to be seen much more quickly. Windows systems should be patched as soon as possible to protect against these.
rapid7: One zero-day was announced: CVE-2021-1732 is a privilege elevation vulnerability affecting the Win32k component of Windows 10 and Windows Server 2019, reported to be exploited in the wild. Four vulnerabilities have been previously disclosed: CVE-2021-1727, a privilege elevation vulnerability in Windows Installer, affecting all supported versions of Windows; CVE-2021-24098, which is a denial of service (DoS) affecting Windows 10 and Server 2019; CVE-2021-24106, an information disclosure vulnerability affecting DirectX in Windows 10 and Server 2019; and CVE-2021-26701, an RCE in .NET Core.
Elevation of Privilege (10)tenable: CVE-2021-1733 is an EoP vulnerability in PsExec, a Windows Sysinternals application used for remotely executing processes on systems within a network. The vulnerability was found and reported to Microsoft by David Wells, staff research engineer on Tenable’s Zero Day Research team. Wells wrote about the flaw on the Tenable Tech Blog and notes that “the local privilege escalation vulnerability could allow a non-admin process to escalate to SYSTEM if PsExec is executed locally or remotely on the target machine.” A proof-of-concept for the flaw has been added to the Tenable Github repository.
tenable: CVE-2021-1727 is an EoP vulnerability found in the Windows Installer. According to the Microsoft advisory, this bug has been publicly disclosed and exploitation is considered “more likely.” In order to exploit this vulnerability, a local attacker would need a low-privileged user account, making this a likely candidate for inclusion as part of malicious software. Patches are available for Windows Server, Windows Server Core installations and non-server variants of all currently supported versions of Windows.
rapid7: One zero-day was announced: CVE-2021-1732 is a privilege elevation vulnerability affecting the Win32k component of Windows 10 and Windows Server 2019, reported to be exploited in the wild. Four vulnerabilities have been previously disclosed: CVE-2021-1727, a privilege elevation vulnerability in Windows Installer, affecting all supported versions of Windows; CVE-2021-24098, which is a denial of service (DoS) affecting Windows 10 and Server 2019; CVE-2021-24106, an information disclosure vulnerability affecting DirectX in Windows 10 and Server 2019; and CVE-2021-26701, an RCE in .NET Core.
Spoofing (2)Information Disclosure (9)rapid7: One zero-day was announced: CVE-2021-1732 is a privilege elevation vulnerability affecting the Win32k component of Windows 10 and Windows Server 2019, reported to be exploited in the wild. Four vulnerabilities have been previously disclosed: CVE-2021-1727, a privilege elevation vulnerability in Windows Installer, affecting all supported versions of Windows; CVE-2021-24098, which is a denial of service (DoS) affecting Windows 10 and Server 2019; CVE-2021-24106, an information disclosure vulnerability affecting DirectX in Windows 10 and Server 2019; and CVE-2021-26701, an RCE in .NET Core.
Cross Site Scripting (1)