Kaspersky ID:
KLA12198
Дата обнаружения:
08/06/2021
Обновлено:
07/11/2024

Описание

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service, bypass security restrictions, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in Windows NTFS can be exploited remotely to gain privileges.
  2. An elevation of privilege vulnerability in Windows GPSVC can be exploited remotely to gain privileges.
  3. A remote code execution vulnerability in Windows MSHTML Platform can be exploited remotely to execute arbitrary code.
  4. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
  5. An elevation of privilege vulnerability in Microsoft Enhanced Cryptographic Provider can be exploited remotely to gain privileges.
  6. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely to gain privileges.
  7. An elevation of privilege vulnerability in Windows Filter Manager can be exploited remotely to gain privileges.
  8. A denial of service vulnerability in Windows Remote Desktop Services can be exploited remotely to cause denial of service.
  9. An elevation of privilege vulnerability in Windows NTLM can be exploited remotely to gain privileges.
  10. A security feature bypass vulnerability in Windows HTML Platform can be exploited remotely to bypass security restrictions.
  11. A security bypass vulnerability in Windows DCOM Server can be exploited remotely to bypass security restrictions.
  12. A memory corruption vulnerability in Scripting Engine can be exploited remotely to execute arbitrary code.
  13. A security feature bypass vulnerability in Kerberos AppContainer can be exploited remotely to bypass security restrictions.
  14. An information disclosure vulnerability in Server for NFS can be exploited remotely to obtain sensitive information.
  15. A denial of service vulnerability in Server for NFS can be exploited remotely to cause denial of service.
  16. A security feature bypass vulnerability in Windows TCP/IP Driver can be exploited remotely to bypass security restrictions.
  17. An information disclosure vulnerability in Event Tracing for Windows can be exploited remotely to obtain sensitive information.

Первичный источник обнаружения

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

Список CVE

  • CVE-2021-31956
    critical
  • CVE-2021-31973
    critical
  • CVE-2021-33742
    critical
  • CVE-2021-31954
    critical
  • CVE-2021-31201
    high
  • CVE-2021-31199
    high
  • CVE-2021-1675
    critical
  • CVE-2021-31953
    critical
  • CVE-2021-31968
    critical
  • CVE-2021-31958
    critical
  • CVE-2021-31971
    high
  • CVE-2021-26414
    warning
  • CVE-2021-31959
    high
  • CVE-2021-31962
    critical
  • CVE-2021-31975
    critical
  • CVE-2021-31972
    high
  • CVE-2021-31976
    critical
  • CVE-2021-31970
    high
  • CVE-2021-31974
    critical

Список KB

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Kaspersky IT Security Calculator:
Оцените ваш профиль кибербезопасности
Узнать больше
Встречай новый Kaspersky!
Каждая минута твоей онлайн-жизни заслуживает топовой защиты.
Узнать больше
Confirm changes?
Your message has been sent successfully.