Multiple vulnerabilities in Microsoft Products (ESU)

Описание

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service.

Below is a complete list of vulnerabilities:

1. An elevation of privilege vulnerability in Active Directory Domain Services can be exploited remotely to gain privileges.
2. An elevation of privilege vulnerability in NTFS can be exploited remotely to gain privileges.
3. An information disclosure vulnerability in Windows Remote Desktop Protocol (RDP) can be exploited remotely to obtain sensitive information.
4. An information disclosure vulnerability in Remote Desktop Protocol Client can be exploited remotely to obtain sensitive information.
5. A remote code execution vulnerability in Remote Desktop Client can be exploited remotely to execute arbitrary code.
6. An elevation of privilege vulnerability in Windows Fast FAT File System Driver can be exploited remotely to gain privileges.
7. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
8. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
9. A remote code execution vulnerability in Microsoft COM for Windows can be exploited remotely to execute arbitrary code.
10. An elevation of privilege vulnerability in Credential Security Support Provider Protocol (CredSSP) can be exploited remotely to gain privileges.
11. A denial of service vulnerability in Windows Hyper-V can be exploited remotely to cause denial of service.

Первичный источник обнаружения

• CVE-2021-42282
  CVE-2021-41367
  CVE-2021-41371
  CVE-2021-38665
  CVE-2021-38666
  CVE-2021-42291
  CVE-2021-42278
  CVE-2021-41377
  CVE-2021-41379
  CVE-2021-42285
  CVE-2021-42283
  CVE-2021-42275
  CVE-2021-38631
  CVE-2021-41370
  CVE-2021-42287
  CVE-2021-41366
  CVE-2021-42284
  

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008

Список CVE

• CVE-2021-42282
  high
• CVE-2021-41367
  warning
• CVE-2021-41371
  warning
• CVE-2021-38665
  warning
• CVE-2021-38666
  high
• CVE-2021-42291
  high
• CVE-2021-42278
  high
• CVE-2021-41377
  warning
• CVE-2021-41379
  warning
• CVE-2021-42285
  high
• CVE-2021-42283
  warning
• CVE-2021-42275
  high
• CVE-2021-38631
  warning
• CVE-2021-41370
  warning
• CVE-2021-42287
  high
• CVE-2021-42284
  high
• CVE-2021-41366
  warning

Список KB

• 5007233
• 5007236
• 5007263
• 5007246
• 5007260
• 5007255
• 5007245
• 5007247

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com