Multiple vulnerabilities in Microsoft Products (ESU)

Описание

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service.

Below is a complete list of vulnerabilities:

1. An elevation of privilege vulnerability in Active Directory Domain Services can be exploited remotely to gain privileges.
2. An elevation of privilege vulnerability in NTFS can be exploited remotely to gain privileges.
3. An information disclosure vulnerability in Windows Remote Desktop Protocol (RDP) can be exploited remotely to obtain sensitive information.
4. An information disclosure vulnerability in Remote Desktop Protocol Client can be exploited remotely to obtain sensitive information.
5. A remote code execution vulnerability in Remote Desktop Client can be exploited remotely to execute arbitrary code.
6. An elevation of privilege vulnerability in Windows Fast FAT File System Driver can be exploited remotely to gain privileges.
7. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
8. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
9. A remote code execution vulnerability in Microsoft COM for Windows can be exploited remotely to execute arbitrary code.
10. An elevation of privilege vulnerability in Credential Security Support Provider Protocol (CredSSP) can be exploited remotely to gain privileges.
11. A denial of service vulnerability in Windows Hyper-V can be exploited remotely to cause denial of service.

Первичный источник обнаружения

• CVE-2021-42282
  CVE-2021-41367
  CVE-2021-41371
  CVE-2021-38665
  CVE-2021-38666
  CVE-2021-42291
  CVE-2021-42278
  CVE-2021-41377
  CVE-2021-41379
  CVE-2021-42285
  CVE-2021-42283
  CVE-2021-42275
  CVE-2021-38631
  CVE-2021-41370
  CVE-2021-42287
  CVE-2021-41366
  CVE-2021-42284
  

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008

Список CVE

• CVE-2021-42282
  critical
• CVE-2021-41367
  critical
• CVE-2021-41371
  warning
• CVE-2021-38665
  high
• CVE-2021-38666
  critical
• CVE-2021-42291
  critical
• CVE-2021-42278
  critical
• CVE-2021-41377
  critical
• CVE-2021-41379
  high
• CVE-2021-42285
  critical
• CVE-2021-42283
  critical
• CVE-2021-42275
  critical
• CVE-2021-38631
  warning
• CVE-2021-41370
  critical
• CVE-2021-42287
  critical
• CVE-2021-42284
  high
• CVE-2021-41366
  critical

Список KB

• 5007233
• 5007236
• 5007263
• 5007246
• 5007260
• 5007255
• 5007245
• 5007247

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com