Multiple vulnerabilities in Microsoft Products (ESU)

Описание

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, gain privileges, bypass security restrictions, spoof user interface.

Below is a complete list of vulnerabilities:

1. A remote code execution vulnerability in Remote Procedure Call Runtime can be exploited remotely to execute arbitrary code.
2. An information disclosure vulnerability in Windows DNS can be exploited remotely to obtain sensitive information.
3. A remote code execution vulnerability in Windows GDI+ can be exploited remotely to execute arbitrary code.
4. A denial of service vulnerability in Windows TCP/IP Driver can be exploited remotely to cause denial of service.
5. A remote code execution vulnerability in Windows Media Video Decoder can be exploited remotely to execute arbitrary code.
6. An elevation of privilege vulnerability in NTFS can be exploited remotely to gain privileges.
7. An information disclosure vulnerability in Windows Kernel can be exploited remotely to obtain sensitive information.
8. An information disclosure vulnerability in Microsoft Windows Codecs Library can be exploited remotely to obtain sensitive information.
9. An information disclosure vulnerability in Windows Installer can be exploited remotely to obtain sensitive information.
10. A security feature bypass vulnerability in Windows WLAN AutoConfig Service can be exploited remotely to bypass security restrictions.
11. A remote code execution vulnerability in Microsoft Internet Messaging API can be exploited remotely to execute arbitrary code.
12. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
13. An elevation of privilege vulnerability in RPC Endpoint Mapper Service can be exploited remotely to gain privileges.
14. A remote code execution vulnerability in Windows Network File System can be exploited remotely to execute arbitrary code.
15. An information disclosure vulnerability in Windows GDI+ can be exploited remotely to obtain sensitive information.
16. An information disclosure vulnerability in Windows Portmapping can be exploited remotely to obtain sensitive information.
17. A denial of service vulnerability in Windows Console Driver can be exploited remotely to cause denial of service.
18. A spoofing vulnerability in Windows Installer can be exploited remotely to spoof user interface.

Первичный источник обнаружения

• CVE-2021-28356
  CVE-2021-28328
  CVE-2021-28349
  CVE-2021-28439
  CVE-2021-28315
  CVE-2021-27096
  CVE-2021-28330
  CVE-2021-28338
  CVE-2021-28344
  CVE-2021-28329
  CVE-2021-28355
  CVE-2021-28339
  CVE-2021-28354
  CVE-2021-28332
  CVE-2021-28309
  CVE-2021-27093
  CVE-2021-28342
  CVE-2021-28317
  CVE-2021-28345
  CVE-2021-27095
  CVE-2021-28334
  CVE-2021-28333
  CVE-2021-28323
  CVE-2021-28434
  CVE-2021-28437
  CVE-2021-28316
  CVE-2021-28341
  CVE-2021-27089
  CVE-2021-28358
  CVE-2021-28336
  CVE-2021-28440
  CVE-2021-28337
  CVE-2021-27091
  CVE-2021-28357
  CVE-2021-28445
  CVE-2021-28350
  CVE-2021-28335
  CVE-2021-28352
  CVE-2021-28346
  CVE-2021-28327
  CVE-2021-28353
  CVE-2021-28340
  CVE-2021-28318
  CVE-2021-28446
  CVE-2021-26415
  CVE-2021-28443
  CVE-2021-28331
  CVE-2021-28348
  CVE-2021-26413
  CVE-2021-28343
  

Связанные продукты

• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-8
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008
• Windows-RT
• Microsoft-Windows-10

Список CVE

• CVE-2021-27096
  critical
• CVE-2021-28330
  critical
• CVE-2021-28338
  critical
• CVE-2021-28329
  critical
• CVE-2021-28332
  critical
• CVE-2021-28309
  high
• CVE-2021-28342
  critical
• CVE-2021-27095
  critical
• CVE-2021-28334
  critical
• CVE-2021-26413
  high
• CVE-2021-27089
  critical
• CVE-2021-28358
  critical
• CVE-2021-28336
  critical
• CVE-2021-28440
  critical
• CVE-2021-27091
  critical
• CVE-2021-28350
  critical
• CVE-2021-28335
  critical
• CVE-2021-28352
  critical
• CVE-2021-28340
  critical
• CVE-2021-28318
  high
• CVE-2021-28446
  high
• CVE-2021-28331
  critical
• CVE-2021-28356
  critical
• CVE-2021-28328
  high
• CVE-2021-28349
  critical
• CVE-2021-28439
  critical
• CVE-2021-28315
  critical
• CVE-2021-28344
  critical
• CVE-2021-28355
  critical
• CVE-2021-28339
  critical
• CVE-2021-27093
  high
• CVE-2021-28317
  high
• CVE-2021-28345
  critical
• CVE-2021-28333
  critical
• CVE-2021-28323
  high
• CVE-2021-28434
  critical
• CVE-2021-28437
  high
• CVE-2021-28316
  warning
• CVE-2021-28341
  critical
• CVE-2021-28337
  critical
• CVE-2021-28357
  critical
• CVE-2021-28445
  critical
• CVE-2021-28346
  critical
• CVE-2021-28327
  critical
• CVE-2021-28353
  critical
• CVE-2021-26415
  critical
• CVE-2021-28443
  high
• CVE-2021-28348
  critical
• CVE-2021-28354
  critical
• CVE-2021-28343
  critical

Список KB

• 5001335
• 5001389
• 5001332
• 5001392

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com