Multiple vulnerabilities in Microsoft Windows

Description

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, cause denial of service, bypass security restrictions, execute arbitrary code, spoof user interface.

Below is a complete list of vulnerabilities:

1. An elevation of privilege vulnerability in Windows Redirected Drive Buffering System can be exploited remotely to gain privileges.
2. An information disclosure vulnerability in Windows Redirected Drive Buffering SubSystem Driver can be exploited remotely to obtain sensitive information.
3. An information disclosure vulnerability in Windows Installer can be exploited remotely to obtain sensitive information.
4. An elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock can be exploited remotely to gain privileges.
5. A denial of service vulnerability in Windows Installer can be exploited remotely to cause denial of service.
6. An elevation of privilege vulnerability in Windows Event Tracing can be exploited remotely to gain privileges.
7. A security feature bypass vulnerability in BitLocker can be exploited remotely to bypass security restrictions.
8. A remote code execution vulnerability in Microsoft MPEG-2 Video Extension can be exploited remotely to execute arbitrary code.
9. An elevation of privilege vulnerability in Windows WLAN AutoConfig Service can be exploited remotely to gain privileges.
10. A spoofing vulnerability in Windows Authenticode can be exploited remotely to spoof user interface.
11. An information disclosure vulnerability in Windows SMB can be exploited remotely to obtain sensitive information.
12. An elevation of privilege vulnerability in Microsoft Windows Update Client can be exploited remotely to gain privileges.
13. A memory corruption vulnerability in Windows Scripting Engine can be exploited remotely to execute arbitrary code.
14. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
15. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely to gain privileges.
16. An elevation of privilege vulnerability in Windows SMB can be exploited remotely to gain privileges.
17. An information disclosure vulnerability in Windows Ancillary Function Driver for WinSock can be exploited remotely to obtain sensitive information.
18. An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
19. An elevation of privilege vulnerability in Windows Subsystem for Linux can be exploited remotely to gain privileges.
20. A remote code execution vulnerability in Windows WLAN AutoConfig Service can be exploited remotely to execute arbitrary code.
21. A security feature bypass vulnerability in Windows Key Storage Provider can be exploited remotely to bypass security restrictions.
22. A remote code execution vulnerability in HEVC Video Extensions can be exploited remotely to execute arbitrary code.
23. An elevation of privilege vulnerability in Windows Bind Filter Driver can be exploited remotely to gain privileges.
24. An information disclosure vulnerability in Windows Storage can be exploited remotely to obtain sensitive information.

Original advisories

• CVE-2021-36973

• CVE-2021-38635
• CVE-2021-36962
• CVE-2021-38628
• CVE-2021-36961
• CVE-2021-38638
• CVE-2021-36964
• CVE-2021-38632
• CVE-2021-38644
• CVE-2021-36967
• CVE-2021-36959
• CVE-2021-36960
• CVE-2021-38636
• CVE-2021-38634
• CVE-2021-36972
• CVE-2021-36969
• CVE-2021-26435
• CVE-2021-36955
• CVE-2021-38630
• CVE-2021-38671
• CVE-2021-40447
• CVE-2021-36974
• CVE-2021-38629
• CVE-2021-38639
• CVE-2021-36966
• CVE-2021-38667
• CVE-2021-36965
• CVE-2021-36963
• CVE-2021-38624
• CVE-2021-38661
• CVE-2021-36954
• CVE-2021-38633
• CVE-2021-36975
• CVE-2021-38637

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-8
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008
• Windows-RT
• Microsoft-Windows-10
• Microsoft-Windows-Server-2016
• Microsoft-Windows-Server-2019

CVE list

• CVE-2021-38635
  unknown
• CVE-2021-36962
  unknown
• CVE-2021-38628
  unknown
• CVE-2021-36961
  unknown
• CVE-2021-38671
  unknown
• CVE-2021-26435
  unknown
• CVE-2021-38630
  unknown
• CVE-2021-36969
  unknown
• CVE-2021-36955
  unknown
• CVE-2021-38638
  unknown
• CVE-2021-36964
  unknown
• CVE-2021-38629
  unknown
• CVE-2021-40447
  unknown
• CVE-2021-38639
  unknown
• CVE-2021-36959
  unknown
• CVE-2021-38667
  unknown
• CVE-2021-38636
  unknown
• CVE-2021-36960
  unknown
• CVE-2021-36965
  unknown
• CVE-2021-36963
  unknown
• CVE-2021-38633
  unknown
• CVE-2021-36973
  unknown
• CVE-2021-38632
  unknown
• CVE-2021-38644
  unknown
• CVE-2021-36967
  unknown
• CVE-2021-38634
  unknown
• CVE-2021-36972
  unknown
• CVE-2021-36974
  unknown
• CVE-2021-36966
  unknown
• CVE-2021-38624
  unknown
• CVE-2021-38661
  unknown
• CVE-2021-36954
  unknown
• CVE-2021-36975
  unknown
• CVE-2021-38637
  unknown

KB list

• 5005613
• 5005568
• 5005575
• 5005627
• 5005565
• 5005623
• 5005573
• 5005569
• 5005566
• 5005607
• 5006699
• 5006672
• 5006674
• 5006670
• 5006667

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com