Multiple vulnerabilities in Microsoft Products (ESU)

Descripción

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service.

Below is a complete list of vulnerabilities:

1. An elevation of privilege vulnerability in Active Directory Domain Services can be exploited remotely to gain privileges.
2. An elevation of privilege vulnerability in NTFS can be exploited remotely to gain privileges.
3. An information disclosure vulnerability in Windows Remote Desktop Protocol (RDP) can be exploited remotely to obtain sensitive information.
4. An information disclosure vulnerability in Remote Desktop Protocol Client can be exploited remotely to obtain sensitive information.
5. A remote code execution vulnerability in Remote Desktop Client can be exploited remotely to execute arbitrary code.
6. An elevation of privilege vulnerability in Windows Fast FAT File System Driver can be exploited remotely to gain privileges.
7. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
8. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
9. A remote code execution vulnerability in Microsoft COM for Windows can be exploited remotely to execute arbitrary code.
10. An elevation of privilege vulnerability in Credential Security Support Provider Protocol (CredSSP) can be exploited remotely to gain privileges.
11. A denial of service vulnerability in Windows Hyper-V can be exploited remotely to cause denial of service.

Notas informativas originales

• CVE-2021-42282

• CVE-2021-41367
• CVE-2021-41371
• CVE-2021-38665
• CVE-2021-38666
• CVE-2021-42291
• CVE-2021-42278
• CVE-2021-41377
• CVE-2021-41379
• CVE-2021-42285
• CVE-2021-42283
• CVE-2021-42275
• CVE-2021-38631
• CVE-2021-41370
• CVE-2021-42287
• CVE-2021-41366
• CVE-2021-42284

Explotación

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Productos relacionados

• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008

Lista CVE

• CVE-2021-42282
  critical
• CVE-2021-41367
  critical
• CVE-2021-41371
  warning
• CVE-2021-38665
  high
• CVE-2021-38666
  critical
• CVE-2021-42291
  critical
• CVE-2021-42278
  critical
• CVE-2021-41377
  critical
• CVE-2021-41379
  critical
• CVE-2021-42285
  critical
• CVE-2021-42283
  critical
• CVE-2021-42275
  critical
• CVE-2021-38631
  warning
• CVE-2021-41370
  critical
• CVE-2021-42287
  critical
• CVE-2021-42284
  critical
• CVE-2021-41366
  critical

Lista KB

• 5007233
• 5007236
• 5007263
• 5007246
• 5007260
• 5007255
• 5007245
• 5007247

Leer más

Conozca las estadísticas de las vulnerabilidades que se propagan en su región statistics.securelist.com