KLA12191
Multiple vulnerabilities in Microsoft Apps

Updated: 06/09/2021
Detect date
?
06/08/2021
Severity
?
High
Description

Multiple vulnerabilities were found in Microsoft Apps. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Paint 3D can be exploited remotely to execute arbitrary code.
  2. A remote code execution vulnerability in 3D Viewer can be exploited remotely to execute arbitrary code.
  3. An information disclosure vulnerability in 3D Viewer can be exploited remotely to obtain sensitive information.
  4. A remote code execution vulnerability in Microsoft Intune Management Extension can be exploited remotely to execute arbitrary code.
Affected products

3D Viewer
Paint 3D
Intune management extension

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2021-31983
CVE-2021-31943
CVE-2021-31945
CVE-2021-31944
CVE-2021-31942
CVE-2021-31946
CVE-2021-31980

Impacts
?
ACE 
[?]

OSI 
[?]
Related products
Microsoft Internet Information Services
CVE-IDS
?
Find out the statistics of the vulnerabilities spreading in your region