Multiple vulnerabilities in Microsoft Windows

Description

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, cause denial of service, bypass security restrictions, execute arbitrary code, spoof user interface.

Below is a complete list of vulnerabilities:

1. An elevation of privilege vulnerability in Windows Redirected Drive Buffering System can be exploited remotely to gain privileges.
2. An information disclosure vulnerability in Windows Redirected Drive Buffering SubSystem Driver can be exploited remotely to obtain sensitive information.
3. An information disclosure vulnerability in Windows Installer can be exploited remotely to obtain sensitive information.
4. An elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock can be exploited remotely to gain privileges.
5. A denial of service vulnerability in Windows Installer can be exploited remotely to cause denial of service.
6. An elevation of privilege vulnerability in Windows Event Tracing can be exploited remotely to gain privileges.
7. A security feature bypass vulnerability in BitLocker can be exploited remotely to bypass security restrictions.
8. A remote code execution vulnerability in Microsoft MPEG-2 Video Extension can be exploited remotely to execute arbitrary code.
9. An elevation of privilege vulnerability in Windows WLAN AutoConfig Service can be exploited remotely to gain privileges.
10. A spoofing vulnerability in Windows Authenticode can be exploited remotely to spoof user interface.
11. An information disclosure vulnerability in Windows SMB can be exploited remotely to obtain sensitive information.
12. An elevation of privilege vulnerability in Microsoft Windows Update Client can be exploited remotely to gain privileges.
13. A memory corruption vulnerability in Windows Scripting Engine can be exploited remotely to execute arbitrary code.
14. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
15. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely to gain privileges.
16. An elevation of privilege vulnerability in Windows SMB can be exploited remotely to gain privileges.
17. An information disclosure vulnerability in Windows Ancillary Function Driver for WinSock can be exploited remotely to obtain sensitive information.
18. An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
19. An elevation of privilege vulnerability in Windows Subsystem for Linux can be exploited remotely to gain privileges.
20. A remote code execution vulnerability in Windows WLAN AutoConfig Service can be exploited remotely to execute arbitrary code.
21. A security feature bypass vulnerability in Windows Key Storage Provider can be exploited remotely to bypass security restrictions.
22. A remote code execution vulnerability in HEVC Video Extensions can be exploited remotely to execute arbitrary code.
23. An elevation of privilege vulnerability in Windows Bind Filter Driver can be exploited remotely to gain privileges.
24. An information disclosure vulnerability in Windows Storage can be exploited remotely to obtain sensitive information.

Original advisories

• CVE-2021-36973

• CVE-2021-38635
• CVE-2021-36962
• CVE-2021-38628
• CVE-2021-36961
• CVE-2021-38638
• CVE-2021-36964
• CVE-2021-38632
• CVE-2021-38644
• CVE-2021-36967
• CVE-2021-36959
• CVE-2021-36960
• CVE-2021-38636
• CVE-2021-38634
• CVE-2021-36972
• CVE-2021-36969
• CVE-2021-26435
• CVE-2021-36955
• CVE-2021-38630
• CVE-2021-38671
• CVE-2021-40447
• CVE-2021-36974
• CVE-2021-38629
• CVE-2021-38639
• CVE-2021-36966
• CVE-2021-38667
• CVE-2021-36965
• CVE-2021-36963
• CVE-2021-38624
• CVE-2021-38661
• CVE-2021-36954
• CVE-2021-38633
• CVE-2021-36975
• CVE-2021-38637

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-8
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008
• Windows-RT
• Microsoft-Windows-10
• Microsoft-Windows-Server-2016
• Microsoft-Windows-Server-2019

CVE list

• CVE-2021-38635
  high
• CVE-2021-36962
  high
• CVE-2021-38628
  critical
• CVE-2021-36961
  high
• CVE-2021-38671
  critical
• CVE-2021-26435
  critical
• CVE-2021-38630
  critical
• CVE-2021-36969
  high
• CVE-2021-36955
  critical
• CVE-2021-38638
  critical
• CVE-2021-36964
  critical
• CVE-2021-38629
  high
• CVE-2021-40447
  critical
• CVE-2021-38639
  critical
• CVE-2021-36959
  high
• CVE-2021-38667
  critical
• CVE-2021-38636
  high
• CVE-2021-36960
  critical
• CVE-2021-36965
  critical
• CVE-2021-36963
  critical
• CVE-2021-38633
  critical
• CVE-2021-36973
  critical
• CVE-2021-38632
  high
• CVE-2021-38644
  critical
• CVE-2021-36967
  critical
• CVE-2021-38634
  critical
• CVE-2021-36972
  high
• CVE-2021-36974
  critical
• CVE-2021-36966
  critical
• CVE-2021-38624
  high
• CVE-2021-38661
  critical
• CVE-2021-36954
  critical
• CVE-2021-36975
  critical
• CVE-2021-38637
  high

KB list

• 5005613
• 5005568
• 5005575
• 5005627
• 5005565
• 5005623
• 5005573
• 5005569
• 5005566
• 5005607
• 5006699
• 5006672
• 5006674
• 5006670
• 5006667

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com