Kaspersky ID:
KLA12075
Дата обнаружения:
09/02/2021
Обновлено:
15/11/2023

Описание

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, obtain sensitive information, execute arbitrary code, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. A denial of service vulnerability in Windows Trust Verification API can be exploited remotely to cause denial of service.
  2. An elevation of privilege vulnerability in Windows Event Tracing can be exploited remotely to gain privileges.
  3. An information disclosure vulnerability in Windows Remote Procedure Call can be exploited remotely to obtain sensitive information.
  4. An elevation of privilege vulnerability in Windows PKU2U can be exploited remotely to gain privileges.
  5. A denial of service vulnerability in Windows TCP/IP can be exploited remotely to cause denial of service.
  6. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
  7. A remote code execution vulnerability in Windows TCP/IP can be exploited remotely to execute arbitrary code.
  8. A remote code execution vulnerability in Windows DNS Server can be exploited remotely to execute arbitrary code.
  9. A remote code execution vulnerability in Windows Address Book can be exploited remotely to execute arbitrary code.
  10. A remote code execution vulnerability in Windows Fax Service can be exploited remotely to execute arbitrary code.
  11. A remote code execution vulnerability in Windows Local Spooler can be exploited remotely to execute arbitrary code.
  12. An information disclosure vulnerability in Microsoft Windows VMSwitch can be exploited remotely to obtain sensitive information.
  13. A security feature bypass vulnerability in Microsoft Windows can be exploited remotely to bypass security restrictions.
  14. An information disclosure vulnerability in Windows Backup Engine can be exploited remotely to obtain sensitive information.

Первичный источник обнаружения

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

Список CVE

  • CVE-2021-24080
    high
  • CVE-2021-24103
    critical
  • CVE-2021-1734
    critical
  • CVE-2021-25195
    critical
  • CVE-2021-24086
    critical
  • CVE-2021-1727
    critical
  • CVE-2021-24102
    critical
  • CVE-2021-24094
    critical
  • CVE-2021-24076
    high
  • CVE-2021-24078
    critical
  • CVE-2021-24083
    critical
  • CVE-2021-24079
    high
  • CVE-2021-1722
    critical
  • CVE-2021-24074
    critical
  • CVE-2021-24088
    critical
  • CVE-2021-24077
    critical
  • CVE-2020-17162
    critical

Список KB

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Kaspersky IT Security Calculator:
Оцените ваш профиль кибербезопасности
Узнать больше
Встречай новый Kaspersky!
Каждая минута твоей онлайн-жизни заслуживает топовой защиты.
Узнать больше
Confirm changes?
Your message has been sent successfully.