Remote Code Execution - Microsoft Defender (CVE-2021-1647) - Critical [691] Description: Microsoft Defender Remote Code Execution Vulnerability1. Remote Code Execution - Microsoft Defender (CVE-2021-1647) - Critical [691] Description: Microsoft Defender Remote Code Execution Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 1.0 | 18 | Exploitation in the wild is mentioned at Vulners (AttackerKB object), AttackerKB |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.8 | 14 | Microsoft Defender |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
qualys: Microsoft patches Defender Remote Code Execution vulnerability (CVE-2021-1647) in today’s patch release for Microsoft Malware Protection Engine. Microsoft stated that this vulnerability was exploited before the patches were made available. This patch should be prioritized.
tenable: CVE-2021-1647 is an RCE vulnerability in Microsoft Defender, Microsoft’s flagship antivirus and antispyware solution. The vulnerability exists within the Microsoft Malware Protection Engine, a core component of Microsoft Defender that addresses malicious software. According to Microsoft, CVE-2021-1647 was exploited in the wild as a zero-day. Details about the in-the-wild exploitation are not yet known. However, considering Microsoft Defender enjoys a 50% market share that represents over 500 million systems worldwide, it provides attackers with a significant attack surface.
rapid7: Microsoft Defender Remote Code Execution Vulnerability (CVE-2021-1647). CVE-2021-1647 is marked as a CVSS 7.8, actively exploited, remote code execution vulnerability through the Microsoft Malware Protection Engine (mpengine.dll) between version 1.1.17600.5 up to 1.1.17700.4.
zdi: CVE-2021-1647 - Microsoft Defender Remote Code Execution Vulnerability. This bug in the Microsoft Malware Protection Engine may already be patched on your system as the engine auto-updates as needed. However, if your systems are not connected to the Internet, you’ll need to manually apply the patch. Microsoft does not state how wide-spread the active attacks are.
2. 
Elevation of Privilege - splwow64 (CVE-2021-1648) - High [590] Description: Microsoft splwow64 Elevation of Privilege Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 1.0 | 18 | Exploitation in the wild is mentioned at Vulners (AttackerKB object) |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.8 | 14 | splwow64 (printer driver host for 32-bit applications) |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
qualys: While Microsoft labeled this issue (CVE-2021-1648) as an elevation-of-privilege vulnerability, it can also be exploited to disclose information, specifically uninitialized memory. Microsoft stated the vulnerability has not been exploited in the wild, although details are available publicly.
tenable: CVE-2021-1648 is an out-of-bounds (OOB) read vulnerability in Microsoft’s printer driver host, splwow64.exe. The flaw exists due to improper validation of user-supplied data. According to Maddie Stone, a researcher at Google Project Zero credited with identifying this vulnerability, CVE-2021-1648 is a patch bypass for CVE-2020-0986, which was exploited in the wild as a zero-day.
tenable: Microsoft initially planned to patch this vulnerability as part of its November and December 2020 Patch Tuesday releases under a CVE identifier of CVE-2020-17008. However, due to testing issues, it was pushed back to January 2021. Because it slipped into 2021, Microsoft scrapped CVE-2020-17008 and now identifies it as CVE-2021-1648.
zdi: CVE-2021-1648 - Microsoft splwow64 Elevation of Privilege Vulnerability. This bug was publicly disclosed by ZDI after it exceeded our disclosure timeline. It was also discovered by Google, likely because this patch corrects a bug introduced by a previous patch. The previous patch introduced a function to check an input string pointer, but in doing so, it introduced an Out-of-Bounds (OOB) Read condition. Additional bugs are also covered by this patch, including an untrusted pointer deref. The previous CVE was being exploited in the wild, so it’s within reason to think this CVE will be actively exploited as well.
3. 
Information Disclosure - Windows Docker (CVE-2021-1645) - High [510] Description: Windows Docker Information Disclosure Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 1.0 | 17 | Public exploit is found at Vulners (Microsoft Windows Containers DP API Cryptography Flaw) |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.7 | 14 | Windows Docker |
| CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on NVD data |
4. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-1658) - High [481] Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.9 | 14 | Remote Procedure Call Runtime |
| CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
tenable: CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700 and CVE-2021-1701 are RCE vulnerabilities in the remote procedure call (RPC) runtime in Windows. All nine of the CVEs received CVSSv3 scores of 8.8 and were reported to Microsoft by Yuki Chen, head of 360 Vulnerability Research Group and 360 Vulcan team. Microsoft assesses that exploitation is less likely for these flaws, based on the CVSSv3 score, an attacker would need network access and a low privileged account in order to exploit the vulnerability.
5. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-1660) - High [481] Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.9 | 14 | Remote Procedure Call Runtime |
| CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
tenable: CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700 and CVE-2021-1701 are RCE vulnerabilities in the remote procedure call (RPC) runtime in Windows. All nine of the CVEs received CVSSv3 scores of 8.8 and were reported to Microsoft by Yuki Chen, head of 360 Vulnerability Research Group and 360 Vulcan team. Microsoft assesses that exploitation is less likely for these flaws, based on the CVSSv3 score, an attacker would need network access and a low privileged account in order to exploit the vulnerability.
6. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-1664) - High [481] Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.9 | 14 | Remote Procedure Call Runtime |
| CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
tenable: CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700 and CVE-2021-1701 are RCE vulnerabilities in the remote procedure call (RPC) runtime in Windows. All nine of the CVEs received CVSSv3 scores of 8.8 and were reported to Microsoft by Yuki Chen, head of 360 Vulnerability Research Group and 360 Vulcan team. Microsoft assesses that exploitation is less likely for these flaws, based on the CVSSv3 score, an attacker would need network access and a low privileged account in order to exploit the vulnerability.
7. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-1666) - High [481] Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.9 | 14 | Remote Procedure Call Runtime |
| CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
tenable: CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700 and CVE-2021-1701 are RCE vulnerabilities in the remote procedure call (RPC) runtime in Windows. All nine of the CVEs received CVSSv3 scores of 8.8 and were reported to Microsoft by Yuki Chen, head of 360 Vulnerability Research Group and 360 Vulcan team. Microsoft assesses that exploitation is less likely for these flaws, based on the CVSSv3 score, an attacker would need network access and a low privileged account in order to exploit the vulnerability.
8. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-1667) - High [481] Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.9 | 14 | Remote Procedure Call Runtime |
| CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
tenable: CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700 and CVE-2021-1701 are RCE vulnerabilities in the remote procedure call (RPC) runtime in Windows. All nine of the CVEs received CVSSv3 scores of 8.8 and were reported to Microsoft by Yuki Chen, head of 360 Vulnerability Research Group and 360 Vulcan team. Microsoft assesses that exploitation is less likely for these flaws, based on the CVSSv3 score, an attacker would need network access and a low privileged account in order to exploit the vulnerability.
9. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-1671) - High [481] Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.9 | 14 | Remote Procedure Call Runtime |
| CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
tenable: CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700 and CVE-2021-1701 are RCE vulnerabilities in the remote procedure call (RPC) runtime in Windows. All nine of the CVEs received CVSSv3 scores of 8.8 and were reported to Microsoft by Yuki Chen, head of 360 Vulnerability Research Group and 360 Vulcan team. Microsoft assesses that exploitation is less likely for these flaws, based on the CVSSv3 score, an attacker would need network access and a low privileged account in order to exploit the vulnerability.
10. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-1673) - High [481] Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1700, CVE-2021-1701.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.9 | 14 | Remote Procedure Call Runtime |
| CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
tenable: CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700 and CVE-2021-1701 are RCE vulnerabilities in the remote procedure call (RPC) runtime in Windows. All nine of the CVEs received CVSSv3 scores of 8.8 and were reported to Microsoft by Yuki Chen, head of 360 Vulnerability Research Group and 360 Vulcan team. Microsoft assesses that exploitation is less likely for these flaws, based on the CVSSv3 score, an attacker would need network access and a low privileged account in order to exploit the vulnerability.
11. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-1700) - High [481] Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1701.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.9 | 14 | Remote Procedure Call Runtime |
| CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
tenable: CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700 and CVE-2021-1701 are RCE vulnerabilities in the remote procedure call (RPC) runtime in Windows. All nine of the CVEs received CVSSv3 scores of 8.8 and were reported to Microsoft by Yuki Chen, head of 360 Vulnerability Research Group and 360 Vulcan team. Microsoft assesses that exploitation is less likely for these flaws, based on the CVSSv3 score, an attacker would need network access and a low privileged account in order to exploit the vulnerability.
12. Remote Code Execution - Remote Procedure Call Runtime (CVE-2021-1701) - High [481] Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.9 | 14 | Remote Procedure Call Runtime |
| CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
tenable: CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700 and CVE-2021-1701 are RCE vulnerabilities in the remote procedure call (RPC) runtime in Windows. All nine of the CVEs received CVSSv3 scores of 8.8 and were reported to Microsoft by Yuki Chen, head of 360 Vulnerability Research Group and 360 Vulcan team. Microsoft assesses that exploitation is less likely for these flaws, based on the CVSSv3 score, an attacker would need network access and a low privileged account in order to exploit the vulnerability.
13. Remote Code Execution - Microsoft Windows (CVE-2021-1710) - High [467] Description: Microsoft Windows Media Foundation Remote Code Execution Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.9 | 14 | Windows Kernel |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
14. Remote Code Execution - Microsoft DTV-DVD Video Decoder (CVE-2021-1668) - High [448] Description: Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.8 | 14 | Microsoft DTV-DVD Video Decoder |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
15. 
Security Feature Bypass - NTLM (CVE-2021-1678) - High [447] Description: NTLM Security Feature Bypass Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.9 | 15 | Security Feature Bypass |
| Vulnerable Product is Common | 0.9 | 14 | NTLM |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on NVD data |
16. Security Feature Bypass - Windows Remote Desktop (CVE-2021-1669) - High [441] Description: Windows Remote Desktop Security Feature Bypass Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.9 | 15 | Security Feature Bypass |
| Vulnerable Product is Common | 0.8 | 14 | Windows Remote Desktop |
| CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
zdi: CVE-2021-1674 – Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability. This patch is a bit of a mystery. It carries a relatively high CVSS score (8.8), but without an executive summary, we can only guess what security feature in RDP Core is being bypassed. Short of reversing the patches, we don’t even know how this is different than CVE-2021-1669 - Windows Remote Desktop Security Feature Bypass Vulnerability. What we do know is that RDP has been a popular target in recent memory, and these bugs should be taken seriously. Without any solid information to act on, defenders should assume the worst-case scenario and restrict access to RDP wherever possible.
17. Security Feature Bypass - Windows Remote Desktop (CVE-2021-1674) - High [441] Description: Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.9 | 15 | Security Feature Bypass |
| Vulnerable Product is Common | 0.8 | 14 | Windows Remote Desktop |
| CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
tenable: CVE-2021-1674 is a security feature bypass vulnerability in Windows Remote Desktop Protocol (RDP) which can be exploited by an attacker with a low-level privileged account and network access. The flaw has not been publicly disclosed or exploited, however RDP has been a favored entry point for ransomware actors in 2020 and this trend is likely to continue in 2021.
zdi: CVE-2021-1674 – Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability. This patch is a bit of a mystery. It carries a relatively high CVSS score (8.8), but without an executive summary, we can only guess what security feature in RDP Core is being bypassed. Short of reversing the patches, we don’t even know how this is different than CVE-2021-1669 - Windows Remote Desktop Security Feature Bypass Vulnerability. What we do know is that RDP has been a popular target in recent memory, and these bugs should be taken seriously. Without any solid information to act on, defenders should assume the worst-case scenario and restrict access to RDP wherever possible.
18. Remote Code Execution - HEVC Video Extensions (CVE-2021-1643) - High [429] Description: HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1644.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.7 | 14 | HEVC Video Extensions |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
19. Remote Code Execution - HEVC Video Extensions (CVE-2021-1644) - High [429] Description: HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1643.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.7 | 14 | HEVC Video Extensions |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
20. Remote Code Execution - Windows Fax Compose Form (CVE-2021-1657) - High [429] Description: Windows Fax Compose Form Remote Code Execution Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.7 | 14 | Windows Fax Compose Form |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
21. Remote Code Execution - Office (CVE-2021-1711) - High [410] Description: Microsoft Office Remote Code Execution Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.6 | 14 | MS Office product |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
22. Remote Code Execution - Microsoft Excel (CVE-2021-1713) - High [410] Description: Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1714.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.6 | 14 | MS Office product |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
23. Remote Code Execution - Microsoft Excel (CVE-2021-1714) - High [410] Description: Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1713.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.6 | 14 | MS Office product |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
24. Remote Code Execution - Microsoft Word (CVE-2021-1715) - High [410] Description: Microsoft Word Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1716.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.6 | 14 | MS Office product |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
25. Remote Code Execution - Microsoft Word (CVE-2021-1716) - High [410] Description: Microsoft Word Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1715.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.6 | 14 | MS Office product |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
26. Remote Code Execution - Microsoft SharePoint (CVE-2021-1707) - High [405] Description: Microsoft SharePoint Server Remote Code Execution Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.5 | 14 | Microsoft SharePoint |
| CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
27. Security Feature Bypass - Windows Bluetooth (CVE-2021-1638) - High [401] Description: Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-1683, CVE-2021-1684.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.9 | 15 | Security Feature Bypass |
| Vulnerable Product is Common | 0.8 | 14 | Windows Bluetooth |
| CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on NVD data |
zdi: Similar to last month, there are multiple security feature bypasses being fixed this month. In addition to the two already mentioned, there are three impacting the Bluetooth component and one impacting NTLM. CVE-2021-1638 is definitely intriguing as it requires no authentication and no user interaction. The other Bluetooth bugs do require some level of user interaction. The bypass for NTLM requires some level of user interaction but no authentication. Again, without executive summaries, we can only speculate the true severity of these bypasses.
28. Security Feature Bypass - Windows Bluetooth (CVE-2021-1683) - High [401] Description: Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-1638, CVE-2021-1684.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.9 | 15 | Security Feature Bypass |
| Vulnerable Product is Common | 0.8 | 14 | Windows Bluetooth |
| CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on NVD data |
29. Security Feature Bypass - Windows Bluetooth (CVE-2021-1684) - High [401] Description: Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-1638, CVE-2021-1683.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.9 | 15 | Security Feature Bypass |
| Vulnerable Product is Common | 0.8 | 14 | Windows Bluetooth |
| CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on NVD data |
30. 
Denial of Service - .NET Core (CVE-2021-1723) - Medium [387] Description: ASP.NET Core and Visual Studio Denial of Service Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
| Vulnerable Product is Common | 0.8 | 14 | .NET Core |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on NVD data |
31. Denial of Service - Windows CryptoAPI (CVE-2021-1679) - Medium [374] Description: Windows CryptoAPI Denial of Service Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
| Vulnerable Product is Common | 0.8 | 14 | Windows CryptoAPI |
| CVSS Base Score | 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on NVD data |
32. Elevation of Privilege - Windows Update Stack (CVE-2021-1694) - Medium [374] Description: Windows Update Stack Elevation of Privilege Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.8 | 14 | Windows Update Stack |
| CVSS Base Score | 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 9.8. Based on NVD data |
33. Elevation of Privilege - Windows Kernel (CVE-2021-1682) - Medium [366] Description: Windows Kernel Elevation of Privilege Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.9 | 14 | Windows Kernel |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
34. Elevation of Privilege - Remote Procedure Call Runtime (CVE-2021-1702) - Medium [366] Description: Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.9 | 14 | Remote Procedure Call Runtime |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
35. Elevation of Privilege - Windows Win32k (CVE-2021-1709) - Medium [366] Description: Windows Win32k Elevation of Privilege Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.9 | 14 | Windows kernel-mode driver |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
36. Elevation of Privilege - Windows LUAFV (CVE-2021-1706) - Medium [360] Description: Windows LUAFV Elevation of Privilege Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.8 | 14 | Windows LUAFV |
| CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
37. Elevation of Privilege - Windows AppX Deployment Extensions (CVE-2021-1642) - Medium [347] Description: Windows AppX Deployment Extensions Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1685.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.8 | 14 | Windows AppX Deployment Extensions |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
38. Elevation of Privilege - Windows WLAN Service (CVE-2021-1646) - Medium [347] Description: Windows WLAN Service Elevation of Privilege Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.8 | 14 | Windows WLAN Service |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
39. Elevation of Privilege - Active Template Library (CVE-2021-1649) - Medium [347] Description: Active Template Library Elevation of Privilege Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.8 | 14 | Active Template Library |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
40. Elevation of Privilege - Windows Runtime C++ Template Library (CVE-2021-1650) - Medium [347] Description: Windows Runtime C++ Template Library Elevation of Privilege Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.8 | 14 | Windows Runtime C++ Template Library |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
41. Elevation of Privilege - Diagnostics Hub Standard Collector (CVE-2021-1651) - Medium [347] Description: Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1680.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.8 | 14 | Diagnostics Hub Standard Collector |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
42. Elevation of Privilege - Windows CSC Service (CVE-2021-1652) - Medium [347] Description: Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.8 | 14 | Windows CSC Service |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
43. Elevation of Privilege - Windows CSC Service (CVE-2021-1653) - Medium [347] Description: Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.8 | 14 | Windows CSC Service |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
44. Elevation of Privilege - Windows CSC Service (CVE-2021-1654) - Medium [347] Description: Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.8 | 14 | Windows CSC Service |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
45. Elevation of Privilege - Windows CSC Service (CVE-2021-1655) - Medium [347] Description: Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.8 | 14 | Windows CSC Service |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
46. Elevation of Privilege - Windows CSC Service (CVE-2021-1659) - Medium [347] Description: Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1688, CVE-2021-1693.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.8 | 14 | Windows CSC Service |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
47. Elevation of Privilege - Windows Installer (CVE-2021-1661) - Medium [347] Description: Windows Installer Elevation of Privilege Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.8 | 14 | Windows Installer |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
48. Elevation of Privilege - Windows Event Tracing (CVE-2021-1662) - Medium [347] Description: Windows Event Tracing Elevation of Privilege Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.8 | 14 | Windows Event Tracing |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
49. Elevation of Privilege - Diagnostics Hub Standard Collector (CVE-2021-1680) - Medium [347] Description: Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1651.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.8 | 14 | Diagnostics Hub Standard Collector |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
50. Elevation of Privilege - Windows WalletService (CVE-2021-1681) - Medium [347] Description: Windows WalletService Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1686, CVE-2021-1687, CVE-2021-1690.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.8 | 14 | Windows WalletService |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
51. Elevation of Privilege - Windows AppX Deployment Extensions (CVE-2021-1685) - Medium [347] Description: Windows AppX Deployment Extensions Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1642.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.8 | 14 | Windows AppX Deployment Extensions |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
52. Elevation of Privilege - Windows WalletService (CVE-2021-1686) - Medium [347] Description: Windows WalletService Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1681, CVE-2021-1687, CVE-2021-1690.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.8 | 14 | Windows WalletService |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
53. Elevation of Privilege - Windows WalletService (CVE-2021-1687) - Medium [347] Description: Windows WalletService Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1681, CVE-2021-1686, CVE-2021-1690.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.8 | 14 | Windows WalletService |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
54. Elevation of Privilege - Windows CSC Service (CVE-2021-1688) - Medium [347] Description: Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1693.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.8 | 14 | Windows CSC Service |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
55. Elevation of Privilege - Windows Multipoint Management (CVE-2021-1689) - Medium [347] Description: Windows Multipoint Management Elevation of Privilege Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.8 | 14 | Windows Multipoint Management |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
56. Elevation of Privilege - Windows WalletService (CVE-2021-1690) - Medium [347] Description: Windows WalletService Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1681, CVE-2021-1686, CVE-2021-1687.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.8 | 14 | Windows WalletService |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
57. Elevation of Privilege - Windows CSC Service (CVE-2021-1693) - Medium [347] Description: Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.8 | 14 | Windows CSC Service |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
58. Elevation of Privilege - Windows Print Spooler (CVE-2021-1695) - Medium [347] Description: Windows Print Spooler Elevation of Privilege Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.8 | 14 | Windows Print Spooler |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
59. Elevation of Privilege - Windows InstallService (CVE-2021-1697) - Medium [347] Description: Windows InstallService Elevation of Privilege Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.8 | 14 | Windows InstallService |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
60. Elevation of Privilege - Windows Event Logging Service (CVE-2021-1703) - Medium [347] Description: Windows Event Logging Service Elevation of Privilege Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.8 | 14 | Windows Event Logging Service |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
61. Denial of Service - Hyper-V (CVE-2021-1691) - Medium [331] Description: Hyper-V Denial of Service Vulnerability This CVE ID is unique from CVE-2021-1692.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
| Vulnerable Product is Common | 0.5 | 14 | Hyper-V |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.7. Based on NVD data |
62. Denial of Service - Hyper-V (CVE-2021-1692) - Medium [331] Description: Hyper-V Denial of Service Vulnerability This CVE ID is unique from CVE-2021-1691.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
| Vulnerable Product is Common | 0.5 | 14 | Hyper-V |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.7. Based on NVD data |
63. Elevation of Privilege - Microsoft SQL (CVE-2021-1636) - Medium [322] Description: Microsoft SQL Elevation of Privilege Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.6 | 14 | Microsoft SQL |
| CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
64. Elevation of Privilege - Windows Hyper-V (CVE-2021-1704) - Medium [309] Description: Windows Hyper-V Elevation of Privilege Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.6 | 14 | Windows Hyper-V |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
65. Elevation of Privilege - Microsoft SharePoint (CVE-2021-1712) - Medium [304] Description: Microsoft SharePoint Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1719.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.5 | 14 | Microsoft SharePoint |
| CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.0. Based on NVD data |
66. Elevation of Privilege - Microsoft SharePoint (CVE-2021-1719) - Medium [304] Description: Microsoft SharePoint Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1712.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.5 | 14 | Microsoft SharePoint |
| CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.0. Based on NVD data |
67. Information Disclosure - Windows DNS Query (CVE-2021-1637) - Medium [300] Description: Windows DNS Query Information Disclosure Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.8 | 14 | Windows DNS Query |
| CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on NVD data |
68. Information Disclosure - TPM Device Driver (CVE-2021-1656) - Medium [300] Description: TPM Device Driver Information Disclosure Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.8 | 14 | TPM Device Driver |
| CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on NVD data |
69. Information Disclosure - Windows Projected File System FS Filter Driver (CVE-2021-1663) - Medium [300] Description: Windows Projected File System FS Filter Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-1670, CVE-2021-1672.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.8 | 14 | Windows Projected File System FS Filter Driver |
| CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on NVD data |
70. Information Disclosure - Windows Projected File System FS Filter Driver (CVE-2021-1670) - Medium [300] Description: Windows Projected File System FS Filter Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-1663, CVE-2021-1672.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.8 | 14 | Windows Projected File System FS Filter Driver |
| CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on NVD data |
71. Information Disclosure - Windows Projected File System FS Filter Driver (CVE-2021-1672) - Medium [300] Description: Windows Projected File System FS Filter Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-1663, CVE-2021-1670.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.8 | 14 | Windows Projected File System FS Filter Driver |
| CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on NVD data |
72. Information Disclosure - Windows NT Lan Manager Datagram Receiver Driver (CVE-2021-1676) - Medium [300] Description: Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.8 | 14 | Windows NT Lan Manager Datagram Receiver Driver |
| CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on NVD data |
73. Information Disclosure - Windows Graphics Component (CVE-2021-1696) - Medium [300] Description: Windows Graphics Component Information Disclosure Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.8 | 14 | Windows Graphics Component |
| CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on NVD data |
74. Remote Code Execution - Unknown Product (CVE-2021-1665) - Medium [297] Description: GDI+ Remote Code Execution Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0 | 14 | Unclassified product |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
75. 
Tampering - Microsoft SharePoint (CVE-2021-1718) - Medium [263] Description: Microsoft SharePoint Server Tampering Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.3 | 15 | Tampering |
| Vulnerable Product is Common | 0.5 | 14 | Microsoft SharePoint |
| CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
76. 
Spoofing - Microsoft SharePoint (CVE-2021-1641) - Medium [243] Description: Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-1717.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Spoofing |
| Vulnerable Product is Common | 0.5 | 14 | Microsoft SharePoint |
| CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.4. Based on NVD data |
77. Spoofing - Microsoft SharePoint (CVE-2021-1717) - Medium [243] Description: Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-1641.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Spoofing |
| Vulnerable Product is Common | 0.5 | 14 | Microsoft SharePoint |
| CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.4. Based on NVD data |
78. Spoofing - Azure Active Directory Pod Identity (CVE-2021-1677) - Medium [224] Description: Azure Active Directory Pod Identity Spoofing Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Spoofing |
| Vulnerable Product is Common | 0.4 | 14 | Azure Active Directory Pod Identity |
| CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on NVD data |
zdi: CVE-2021-1677 - Azure Active Directory Pod Identity Spoofing Vulnerability. This vulnerability exists in the way that the Azure Active Directory (AAD) pod identity allows users to assign identities to pods in Kubernetes clusters. When an identity is assigned to a pod, the pod can access to the Azure Instance Metadata Service (IMDS) endpoint and get a token of that identity. This could allow an attacker to laterally steal the identities that are associated with different pods. This is also requires more than just a patch to fix. Anyone with an existing installation will need to re-deploy their cluster and use Azure CNI instead of the default Kubernetes.
79. Information Disclosure - Bot Framework SDK (CVE-2021-1725) - Medium [224] Description: Bot Framework SDK Information Disclosure Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.4 | 14 | Bot Framework SDK |
| CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on NVD data |
80. 
Memory Corruption - Unknown Product (CVE-2021-1705) - Medium [216] Description: Microsoft Edge (HTML-based) Memory Corruption Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.6 | 15 | Memory Corruption |
| Vulnerable Product is Common | 0 | 14 | Unclassified product |
| CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on NVD data |
81. Information Disclosure - Unknown Product (CVE-2021-1699) - Low [148] Description: Windows (modem.sys) Information Disclosure Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0 | 14 | Unclassified product |
| CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on NVD data |
82. Information Disclosure - Unknown Product (CVE-2021-1708) - Low [148] Description: Windows GDI+ Information Disclosure Vulnerability
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0 | 14 | Unclassified product |
| CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.7. Based on NVD data |
83. 
Unknown Vulnerability Type - Unknown Product (CVE-2020-26870) - Low [81] Description: Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
| Vulnerable Product is Common | 0 | 14 | Unclassified product |
| CVSS Base Score | 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.1. Based on NVD data |
Remote Code Execution (1)qualys: Microsoft patches Defender Remote Code Execution vulnerability (CVE-2021-1647) in today’s patch release for Microsoft Malware Protection Engine. Microsoft stated that this vulnerability was exploited before the patches were made available. This patch should be prioritized.
tenable: CVE-2021-1647 is an RCE vulnerability in Microsoft Defender, Microsoft’s flagship antivirus and antispyware solution. The vulnerability exists within the Microsoft Malware Protection Engine, a core component of Microsoft Defender that addresses malicious software. According to Microsoft, CVE-2021-1647 was exploited in the wild as a zero-day. Details about the in-the-wild exploitation are not yet known. However, considering Microsoft Defender enjoys a 50% market share that represents over 500 million systems worldwide, it provides attackers with a significant attack surface.
rapid7: Microsoft Defender Remote Code Execution Vulnerability (CVE-2021-1647). CVE-2021-1647 is marked as a CVSS 7.8, actively exploited, remote code execution vulnerability through the Microsoft Malware Protection Engine (mpengine.dll) between version 1.1.17600.5 up to 1.1.17700.4.
zdi: CVE-2021-1647 - Microsoft Defender Remote Code Execution Vulnerability. This bug in the Microsoft Malware Protection Engine may already be patched on your system as the engine auto-updates as needed. However, if your systems are not connected to the Internet, you’ll need to manually apply the patch. Microsoft does not state how wide-spread the active attacks are.
Elevation of Privilege (1)qualys: While Microsoft labeled this issue (CVE-2021-1648) as an elevation-of-privilege vulnerability, it can also be exploited to disclose information, specifically uninitialized memory. Microsoft stated the vulnerability has not been exploited in the wild, although details are available publicly.
tenable: CVE-2021-1648 is an out-of-bounds (OOB) read vulnerability in Microsoft’s printer driver host, splwow64.exe. The flaw exists due to improper validation of user-supplied data. According to Maddie Stone, a researcher at Google Project Zero credited with identifying this vulnerability, CVE-2021-1648 is a patch bypass for CVE-2020-0986, which was exploited in the wild as a zero-day.
tenable: Microsoft initially planned to patch this vulnerability as part of its November and December 2020 Patch Tuesday releases under a CVE identifier of CVE-2020-17008. However, due to testing issues, it was pushed back to January 2021. Because it slipped into 2021, Microsoft scrapped CVE-2020-17008 and now identifies it as CVE-2021-1648.
zdi: CVE-2021-1648 - Microsoft splwow64 Elevation of Privilege Vulnerability. This bug was publicly disclosed by ZDI after it exceeded our disclosure timeline. It was also discovered by Google, likely because this patch corrects a bug introduced by a previous patch. The previous patch introduced a function to check an input string pointer, but in doing so, it introduced an Out-of-Bounds (OOB) Read condition. Additional bugs are also covered by this patch, including an untrusted pointer deref. The previous CVE was being exploited in the wild, so it’s within reason to think this CVE will be actively exploited as well.
Information Disclosure (1)Remote Code Execution (21)tenable: CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700 and CVE-2021-1701 are RCE vulnerabilities in the remote procedure call (RPC) runtime in Windows. All nine of the CVEs received CVSSv3 scores of 8.8 and were reported to Microsoft by Yuki Chen, head of 360 Vulnerability Research Group and 360 Vulcan team. Microsoft assesses that exploitation is less likely for these flaws, based on the CVSSv3 score, an attacker would need network access and a low privileged account in order to exploit the vulnerability.
Security Feature Bypass (6)tenable: CVE-2021-1674 is a security feature bypass vulnerability in Windows Remote Desktop Protocol (RDP) which can be exploited by an attacker with a low-level privileged account and network access. The flaw has not been publicly disclosed or exploited, however RDP has been a favored entry point for ransomware actors in 2020 and this trend is likely to continue in 2021.
zdi: CVE-2021-1674 – Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability. This patch is a bit of a mystery. It carries a relatively high CVSS score (8.8), but without an executive summary, we can only guess what security feature in RDP Core is being bypassed. Short of reversing the patches, we don’t even know how this is different than CVE-2021-1669 - Windows Remote Desktop Security Feature Bypass Vulnerability. What we do know is that RDP has been a popular target in recent memory, and these bugs should be taken seriously. Without any solid information to act on, defenders should assume the worst-case scenario and restrict access to RDP wherever possible.
zdi: Similar to last month, there are multiple security feature bypasses being fixed this month. In addition to the two already mentioned, there are three impacting the Bluetooth component and one impacting NTLM. CVE-2021-1638 is definitely intriguing as it requires no authentication and no user interaction. The other Bluetooth bugs do require some level of user interaction. The bypass for NTLM requires some level of user interaction but no authentication. Again, without executive summaries, we can only speculate the true severity of these bypasses.
Denial of Service (4)Elevation of Privilege (33)Information Disclosure (10)Tampering (1)Spoofing (3)zdi: CVE-2021-1677 - Azure Active Directory Pod Identity Spoofing Vulnerability. This vulnerability exists in the way that the Azure Active Directory (AAD) pod identity allows users to assign identities to pods in Kubernetes clusters. When an identity is assigned to a pod, the pod can access to the Azure Instance Metadata Service (IMDS) endpoint and get a token of that identity. This could allow an attacker to laterally steal the identities that are associated with different pods. This is also requires more than just a patch to fix. Anyone with an existing installation will need to re-deploy their cluster and use Azure CNI instead of the default Kubernetes.
Memory Corruption (1)Unknown Vulnerability Type (1)