Multiple vulnerabilities in Microsoft Products (ESU)

Описание

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges, spoof user interface, bypass security restrictions, cause denial of service.

Below is a complete list of vulnerabilities:

1. A remote code execution vulnerability in Remote Procedure Call Runtime can be exploited remotely to execute arbitrary code.
2. An information disclosure vulnerability in Windows GDI+ can be exploited remotely to obtain sensitive information.
3. An elevation of privilege vulnerability in Windows Hyper-V can be exploited remotely to gain privileges.
4. An elevation of privilege vulnerability in Windows CSC Service can be exploited remotely to gain privileges.
5. An elevation of privilege vulnerability in Windows Update Stack can be exploited remotely to gain privileges.
6. An elevation of privilege vulnerability in Windows Remote Procedure Call Runtime can be exploited remotely to gain privileges.
7. An information disclosure vulnerability in Windows Graphics Component can be exploited remotely to obtain sensitive information.
8. A remote code execution vulnerability in Microsoft DTV-DVD Video Decoder can be exploited remotely to execute arbitrary code.
9. A remote code execution vulnerability in Windows Fax Compose Form can be exploited remotely to execute arbitrary code.
10. An elevation of privilege vulnerability in Windows LUAFV can be exploited remotely to gain privileges.
11. A security feature bypass vulnerability in NTLM can be exploited remotely to bypass security restrictions.
12. An information disclosure vulnerability in TPM Device Driver can be exploited remotely to obtain sensitive information.
13. An elevation of privilege vulnerability in Active Template Library can be exploited remotely to gain privileges.
14. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely to gain privileges.
15. A security feature bypass vulnerability in Windows Remote Desktop Protocol Core can be exploited remotely to bypass security restrictions.
16. A denial of service vulnerability in Windows CryptoAPI can be exploited remotely to cause denial of service.
17. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
18. An elevation of privilege vulnerability in Windows Win32k can be exploited remotely to gain privileges.
19. An information disclosure vulnerability in Windows (modem.sys) can be exploited remotely to obtain sensitive information.
20. An information disclosure vulnerability in Windows NT Lan Manager Datagram Receiver Driver can be exploited remotely to obtain sensitive information.
21. A remote code execution vulnerability in GDI+ can be exploited remotely to execute arbitrary code.
22. An elevation of privilege vulnerability in Windows Runtime C++ Template Library can be exploited remotely to gain privileges.
23. An elevation of privilege vulnerability in Microsoft splwow64 can be exploited remotely to gain privileges.
24. A remote code execution vulnerability in Microsoft Windows Media Foundation can be exploited remotely to execute arbitrary code.
25. A denial of service vulnerability in Hyper-V can be exploited remotely to cause denial of service.
26. An information disclosure vulnerability in Windows DNS Query can be exploited remotely to obtain sensitive information.
27. A security feature bypass vulnerability in Windows Bluetooth can be exploited remotely to bypass security restrictions.
28. An elevation of privilege vulnerability in Microsoft SQL can be exploited remotely to gain privileges.

Первичный источник обнаружения

• CVE-2021-1658
  CVE-2021-1708
  CVE-2021-1704
  CVE-2021-1653
  CVE-2021-1659
  CVE-2021-1666
  CVE-2021-1673
  CVE-2021-1694
  CVE-2021-1671
  CVE-2021-1702
  CVE-2021-1667
  CVE-2021-1696
  CVE-2021-1701
  CVE-2021-1668
  CVE-2021-1657
  CVE-2021-1706
  CVE-2021-1660
  CVE-2021-1678
  CVE-2021-1656
  CVE-2021-1654
  CVE-2021-1693
  CVE-2021-1649
  CVE-2021-1652
  CVE-2021-1664
  CVE-2021-1695
  CVE-2021-1674
  CVE-2021-1679
  CVE-2021-1661
  CVE-2021-1709
  CVE-2021-1700
  CVE-2021-1699
  CVE-2021-1655
  CVE-2021-1676
  CVE-2021-1665
  CVE-2021-1688
  CVE-2021-1650
  CVE-2021-1648
  CVE-2021-1710
  CVE-2021-1692
  CVE-2021-1637
  CVE-2021-1684
  CVE-2021-1636
  CVE-2021-1683
  

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Microsoft-SQL-Server
• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008

Список CVE

• CVE-2021-1658
  high
• CVE-2021-1708
  high
• CVE-2021-1704
  high
• CVE-2021-1653
  high
• CVE-2021-1659
  high
• CVE-2021-1666
  high
• CVE-2021-1673
  high
• CVE-2021-1694
  high
• CVE-2021-1671
  high
• CVE-2021-1702
  high
• CVE-2021-1667
  high
• CVE-2021-1696
  high
• CVE-2021-1701
  high
• CVE-2021-1668
  high
• CVE-2021-1657
  high
• CVE-2021-1706
  high
• CVE-2021-1660
  high
• CVE-2021-1678
  high
• CVE-2021-1656
  high
• CVE-2021-1654
  high
• CVE-2021-1693
  high
• CVE-2021-1649
  high
• CVE-2021-1652
  high
• CVE-2021-1664
  high
• CVE-2021-1695
  high
• CVE-2021-1674
  high
• CVE-2021-1679
  high
• CVE-2021-1661
  high
• CVE-2021-1709
  high
• CVE-2021-1700
  high
• CVE-2021-1699
  high
• CVE-2021-1655
  high
• CVE-2021-1676
  high
• CVE-2021-1665
  high
• CVE-2021-1688
  high
• CVE-2021-1636
  high
• CVE-2021-1684
  warning
• CVE-2021-1692
  high
• CVE-2021-1683
  warning
• CVE-2021-1637
  high
• CVE-2021-1650
  high
• CVE-2021-1648
  high
• CVE-2021-1710
  high

Список KB

• 4598275
• 4598285
• 4598278
• 4598297
• 4598288
• 4598279
• 4598287
• 4598289
• 4583465
• 5005613
• 5005627
• 5005623
• 5005633
• 5005606
• 5005607
• 5005615
• 5005618

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com