Multiple vulnerabilities in Microsoft Products (ESU)

Descrição

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service.

Below is a complete list of vulnerabilities:

1. An elevation of privilege vulnerability in Active Directory Domain Services can be exploited remotely to gain privileges.
2. An elevation of privilege vulnerability in NTFS can be exploited remotely to gain privileges.
3. An information disclosure vulnerability in Windows Remote Desktop Protocol (RDP) can be exploited remotely to obtain sensitive information.
4. An information disclosure vulnerability in Remote Desktop Protocol Client can be exploited remotely to obtain sensitive information.
5. A remote code execution vulnerability in Remote Desktop Client can be exploited remotely to execute arbitrary code.
6. An elevation of privilege vulnerability in Windows Fast FAT File System Driver can be exploited remotely to gain privileges.
7. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
8. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
9. A remote code execution vulnerability in Microsoft COM for Windows can be exploited remotely to execute arbitrary code.
10. An elevation of privilege vulnerability in Credential Security Support Provider Protocol (CredSSP) can be exploited remotely to gain privileges.
11. A denial of service vulnerability in Windows Hyper-V can be exploited remotely to cause denial of service.

Comunicados originais

• CVE-2021-42282

• CVE-2021-41367
• CVE-2021-41371
• CVE-2021-38665
• CVE-2021-38666
• CVE-2021-42291
• CVE-2021-42278
• CVE-2021-41377
• CVE-2021-41379
• CVE-2021-42285
• CVE-2021-42283
• CVE-2021-42275
• CVE-2021-38631
• CVE-2021-41370
• CVE-2021-42287
• CVE-2021-41366
• CVE-2021-42284

Exploração

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Produtos relacionados

• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008

Lista de CVE

• CVE-2021-42282
  critical
• CVE-2021-41367
  critical
• CVE-2021-41371
  warning
• CVE-2021-38665
  high
• CVE-2021-38666
  critical
• CVE-2021-42291
  critical
• CVE-2021-42278
  critical
• CVE-2021-41377
  critical
• CVE-2021-41379
  critical
• CVE-2021-42285
  critical
• CVE-2021-42283
  critical
• CVE-2021-42275
  critical
• CVE-2021-38631
  warning
• CVE-2021-41370
  critical
• CVE-2021-42287
  critical
• CVE-2021-42284
  critical
• CVE-2021-41366
  critical

Lista de KB

• 5007233
• 5007236
• 5007263
• 5007246
• 5007260
• 5007255
• 5007245
• 5007247

Saiba mais

Descubra as estatísticas das vulnerabilidades que se espalham em sua região statistics.securelist.com