June 2021 Security Updates Security Update secure@microsoft.com The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc. 2021-Jun 2021-Jun Final 1.0 196 2026-02-21T01:42:48 June 2021 Security Updates 2021-06-08T07:00:00 2026-02-21T01:42:48 <h2 id="updates-this-month">Updates this Month</h2> <p>This release consists of security updates for the following products, features and roles.</p> <ul> <li>.NET Core &amp; Visual Studio</li> <li>3D Viewer</li> <li>Microsoft DWM Core Library</li> <li>Microsoft Edge (Chromium-based)</li> <li>Microsoft Intune</li> <li>Microsoft Office</li> <li>Microsoft Office Excel</li> <li>Microsoft Office Outlook</li> <li>Microsoft Office SharePoint</li> <li>Microsoft Scripting Engine</li> <li>Microsoft Windows Codecs Library</li> <li>Paint 3D</li> <li>Role: Hyper-V</li> <li>Visual Studio Code - Kubernetes Tools</li> <li>Windows Bind Filter Driver</li> <li>Windows Common Log File System Driver</li> <li>Windows Cryptographic Services</li> <li>Windows DCOM Server</li> <li>Windows Defender</li> <li>Windows Drivers</li> <li>Windows Event Logging Service</li> <li>Windows Filter Manager</li> <li>Windows HTML Platform</li> <li>Windows Installer</li> <li>Windows Kerberos</li> <li>Windows Kernel</li> <li>Windows Kernel-Mode Drivers</li> <li>Windows Network File System</li> <li>Windows NTFS</li> <li>Windows NTLM</li> <li>Windows Print Spooler Components</li> <li>Windows Remote Desktop</li> <li>Windows TCP/IP</li> </ul> <p>Please note the following information regarding the security updates:</p> <h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2> <table> <thead> <tr> <th>Date</th> <th>Blog Post</th> </tr> </thead> <tbody> <tr> <td>February 9, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td> </tr> <tr> <td>January 13, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td> </tr> <tr> <td>December 8, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td> </tr> <tr> <td>November 9, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td> </tr> </tbody> </table> <h2 id="relevant-information">Relevant Information</h2> <ul> <li>Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li> <li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li> <li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li> <li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li> <li>Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li> </ul> <h2 id="faqs-mitigations-and-workarounds">FAQs, Mitigations, and Workarounds</h2> <p>The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting <strong>FAQs</strong>, <strong>Mitigations</strong> and <strong>Workarounds</strong> columns in the <strong>Edit Columns</strong> panel.</p> <ul> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26414">CVE-2021-26414</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31199">CVE-2021-31199</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31201">CVE-2021-31201</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31938">CVE-2021-31938</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31939">CVE-2021-31939</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31940">CVE-2021-31940</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31941">CVE-2021-31941</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31942">CVE-2021-31942</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31943">CVE-2021-31943</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31944">CVE-2021-31944</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31945">CVE-2021-31945</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31946">CVE-2021-31946</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31949">CVE-2021-31949</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31955">CVE-2021-31955</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31956">CVE-2021-31956</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31958">CVE-2021-31958</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31959">CVE-2021-31959</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31960">CVE-2021-31960</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31962">CVE-2021-31962</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31965">CVE-2021-31965</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31967">CVE-2021-31967</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31971">CVE-2021-31971</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31972">CVE-2021-31972</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31975">CVE-2021-31975</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31976">CVE-2021-31976</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31977">CVE-2021-31977</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31978">CVE-2021-31978</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31980">CVE-2021-31980</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31983">CVE-2021-31983</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31985">CVE-2021-31985</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33739">CVE-2021-33739</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33741">CVE-2021-33741</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33742">CVE-2021-33742</a></li> </ul> <h2 id="known-issues">Known Issues</h2> <p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p> <p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p> <table> <thead> <tr> <th>KB Article</th> <th>Applies To</th> </tr> </thead> <tbody> <tr> <td><a href="https://support.microsoft.com/help/5001944">5001944</a></td> <td>SharePoint Server 2019</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5001946">5001946</a></td> <td>SharePoint Enterprise Server 2016</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5001962">5001962</a></td> <td>SharePoint Foundation 2013</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5003635">5003635</a></td> <td>Windows 10, Version 1909</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5003637">5003637</a></td> <td>Windows 10, version 21H1, Windows 10, Version 2004, Windows Server, Version 2004, Windows 10, Version 20H2, Windows Server, Version 20H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5003646">5003646</a></td> <td>Windows 10, Version 1809, Windows Server 2019</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5003661">5003661</a></td> <td>Windows Server 2008 Service Pack 2 ((Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5003667">5003667</a></td> <td>Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5003671">5003671</a></td> <td>Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5003681">5003681</a></td> <td>Windows 8.1, Windows Server 2012 R2 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5003694">5003694</a></td> <td>Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5003695">5003695</a></td> <td>Windows Server 2008 Service Pack 2 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5003696">5003696</a></td> <td>Windows Server 2012 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5003697">5003697</a></td> <td>Windows Server 2012 (Monthly Rollup)</td> </tr> </tbody> </table> The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows Server, version 20H2 (Server Core Installation) VP9 Video Extensions Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019 Microsoft SharePoint Foundation 2013 Service Pack 1 Office Online Server Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Office 2013 RT Service Pack 1 Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office Web Apps Server 2013 Service Pack 1 Microsoft Office 2019 for Mac Microsoft Outlook 2013 RT Service Pack 1 Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft Outlook 2016 (32-bit edition) Microsoft Outlook 2016 (64-bit edition) Microsoft Outlook 2013 Service Pack 1 (32-bit editions) Microsoft Outlook 2013 Service Pack 1 (64-bit editions) Visual Studio Code - Kubernetes Tools Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Microsoft Visual Studio 2019 version 16.10 (includes 16.0 - 16.9) Visual Studio 2019 for Mac version 8.10 .NET Core 3.1 .NET 5.0 3D Viewer Paint 3D Intune management extension Microsoft Edge (Chromium-based) Microsoft Malware Protection Engine Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Microsoft Outlook 2013 RT Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows Server 2012 R2 Windows RT 8.1 Windows Server 2012 R2 (Server Core installation) Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2013 RT Service Pack 1 Microsoft Office Web Apps Server 2013 Service Pack 1 Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2013 RT Service Pack 1 Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Outlook 2016 (32-bit edition) Microsoft Outlook 2016 (64-bit edition) Microsoft Outlook 2013 Service Pack 1 (32-bit editions) Microsoft Outlook 2013 Service Pack 1 (64-bit editions) Windows Server 2016 Office Online Server Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 (Server Core installation) Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for Mac Microsoft SharePoint Server 2019 Microsoft Edge (Chromium-based) Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) .NET Core 3.1 Paint 3D 3D Viewer .NET 5.0 Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows Server, version 2004 (Server Core installation) Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows Server, version 20H2 (Server Core Installation) Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Visual Studio Code - Kubernetes Tools VP9 Video Extensions Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Intune management extension Microsoft Visual Studio 2019 version 16.10 (includes 16.0 - 16.9) Visual Studio 2019 for Mac version 8.10 Microsoft Malware Protection Engine Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems cm1 httpd 2.4.49-1 on CBL Mariner 1.0 cbl2 avahi 0.8-1 on CBL Mariner 2.0 cm1 kernel 5.10.60.1-1 on CBL Mariner 1.0 cbl2 kernel 5.10.78.1-1 on CBL Mariner 2.0 cbl2 lrzsz 0.12.20-50 on CBL Mariner 2.0 cm1 python-urllib3 1.25.9-2 on CBL Mariner 1.0 azl3 shim-unsigned-x64 15.8-5 on Azure Linux 3.0 azl3 shim-unsigned-x64 15.8-5 on Azure Linux 3.0 azl3 shim-unsigned-aarch64 15.8-5 on Azure Linux 3.0 azl3 shim-unsigned-aarch64 15.8-5 on Azure Linux 3.0 cbl2 httpd 2.4.52-1 on CBL Mariner 2.0 azl3 kernel 6.6.35.1-4 on Azure Linux 3.0 cm1 nginx 1.20.1-1 on CBL Mariner 1.0 cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 cbl2 python-virtualenv 20.26.6-1 on CBL Mariner 2.0 azl3 avahi 0.8-5 on Azure Linux 3.0 azl3 mod_http2 2.0.29-3 on Azure Linux 3.0 azl3 keda 2.14.0-1 on Azure Linux 3.0 azl3 mozjs 102.15.1-1 on Azure Linux 3.0 cm1 qemu-kvm 4.2.0-48 on CBL Mariner 1.0 cm1 kernel 5.10.131.1-1 on CBL Mariner 1.0 cbl2 kernel 5.15.2.1-1 on CBL Mariner 2.0 cm1 helm 3.4.1-4 on CBL Mariner 1.0 cbl2 helm 3.4.1-4 on CBL Mariner 2.0 cbl2 curl 7.76.0-5 on CBL Mariner 2.0 cbl2 python-urllib3 1.25.9-3 on CBL Mariner 2.0 cm1 httpd 2.4.46-5 on CBL Mariner 1.0 cbl2 httpd 2.4.46-10 on CBL Mariner 2.0 cm1 curl 7.76.0-2 on CBL Mariner 1.0 cm1 curl 7.76.0-4 on CBL Mariner 1.0 cm1 libgcrypt 1.8.7-2 on CBL Mariner 1.0 cm1 tpm2-tools 4.2-2 on CBL Mariner 1.0 cbl2 tpm2-tools 4.2-2 on CBL Mariner 2.0 cm1 postgresql 12.7-1 on CBL Mariner 1.0 cm1 qemu-kvm 4.2.0-34 on CBL Mariner 1.0 cm1 qemu-kvm 4.2.0-37 on CBL Mariner 1.0 cm1 qemu-kvm 4.2.0-33 on CBL Mariner 1.0 azl3 avahi 0.8-1 on Azure Linux 3.0 cm1 libjpeg-turbo 2.0.0-7 on CBL Mariner 1.0 cbl2 libjpeg-turbo 2.0.0-9 on CBL Mariner 2.0 cbl2 xdg-utils 1.1.3-7 on CBL Mariner 2.0 cbl2 dovecot 2.3.20-1 on CBL Mariner 2.0 cbl2 wireshark 3.4.14-1 on CBL Mariner 2.0 cbl2 lasso 2.8.0-1 on CBL Mariner 2.0 cbl2 bluez 5.63-1 on CBL Mariner 2.0 azl3 kernel 6.6.92.2-1 on Azure Linux 3.0 cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 cbl2 python-virtualenv 20.26.6-1 on CBL Mariner 2.0 azl3 keda 2.4.0-15 on Azure Linux 3.0 azl3 shim-unsigned-aarch64 15.4-2 on Azure Linux 3.0 azl3 shim-unsigned-x64 15.4-3 on Azure Linux 3.0 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2021-22222 Loop with Unreachable Exit Condition ('Infinite Loop') 19467-16823 19467-16823 Important 19467-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19467-16823 CBL-Mariner Releases 19467-16823 No Security Update 3.4.14-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19467-16823 CBL-Mariner Releases 1.0 2022-01-19T00:00:00 <p>Information published.</p> curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option known as `CURLOPT_TELNETOPTIONS` in libcurl is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables libcurl could be made to pass on uninitialized data from a stack based buffer to the server resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2021-22898 Missing Initialization of Resource 19039-16820 19009-16823 19039-16820 19009-16823 Low 19039-16820 Low 19009-16823 3.1 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N 19039-16820 3.1 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N 19009-16823 CBL-Mariner Releases 19039-16820 No Security Update 7.76.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19039-16820 CBL-Mariner Releases CBL-Mariner Releases 19009-16823 No Security Update 7.76.0-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19009-16823 CBL-Mariner Releases 1.0 2021-06-23T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added curl to CBL-Mariner 2.0</p> curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory libcurl might even call a function pointer in the object making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2021-22901 Use After Free 19039-16820 19009-16823 19039-16820 19009-16823 Important 19039-16820 Important 19009-16823 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 19039-16820 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 19009-16823 CBL-Mariner Releases 19039-16820 No Security Update 7.76.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19039-16820 CBL-Mariner Releases CBL-Mariner Releases 19009-16823 No Security Update 7.76.0-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19009-16823 CBL-Mariner Releases 1.0 2021-06-23T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added curl to CBL-Mariner 2.0</p> A security issue in nginx resolver was identified which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite resulting in worker process crash or potential other impact. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner f5 Yes CVE-2021-23017 Off-by-one Error 17079-16820 17079-16820 Important 17079-16820 7.7 7.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L 17079-16820 CBL-Mariner Releases 17079-16820 No Security Update 1.20.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17079-16820 CBL-Mariner Releases 1.0 2021-06-11T00:00:00 <p>Information published.</p> mod_session NULL pointer dereference <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2021-26690 NULL Pointer Dereference 19037-16820 19038-16823 19037-16820 19038-16823 Important 19037-16820 Important 19038-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19037-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19038-16823 CBL-Mariner Releases 19037-16820 No Security Update 2.4.46-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19037-16820 CBL-Mariner Releases CBL-Mariner Releases 19038-16823 No Security Update 2.4.46-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19038-16823 CBL-Mariner Releases 1.0 2021-06-22T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added httpd to CBL-Mariner 2.0</p> Apache HTTP Server mod_session response handling heap overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2021-26691 Out-of-bounds Write 19037-16820 19038-16823 19037-16820 19038-16823 Critical 19037-16820 Critical 19038-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19037-16820 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19038-16823 CBL-Mariner Releases 19037-16820 No Security Update 2.4.46-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19037-16820 CBL-Mariner Releases CBL-Mariner Releases 19038-16823 No Security Update 2.4.46-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19038-16823 CBL-Mariner Releases 1.0 2021-06-23T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added httpd to CBL-Mariner 2.0</p> Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-28091 Improper Verification of Cryptographic Signature 19479-16823 19479-16823 Important 19479-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 19479-16823 CBL-Mariner Releases 19479-16823 No Security Update 2.8.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19479-16823 CBL-Mariner Releases 1.0 2022-01-19T00:00:00 <p>Information published.</p> Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux netback when the backend is destroyed as the kernel thread associated with queue 0 will have already exited and thus the call to kthread_stop will be performed against a stale pointer. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner XEN Yes CVE-2021-28691 Use After Free 16919-16820 16920-16823 16919-16820 16920-16823 Important 16919-16820 Important 16920-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 16919-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 16920-16823 CBL-Mariner Releases 16919-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16919-16820 CBL-Mariner Releases CBL-Mariner Releases 16920-16823 No Security Update 5.10.78.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16920-16823 CBL-Mariner Releases 1.0 2021-07-07T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-29157 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 19201-16823 19201-16823 Moderate 19201-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 19201-16823 CBL-Mariner Releases 19201-16823 No Security Update 2.3.20-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19201-16823 CBL-Mariner Releases 1.0 2022-01-19T00:00:00 <p>Information published.</p> Unexpected URL matching with 'MergeSlashes OFF' <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2021-30641 19037-16820 19038-16823 19037-16820 19038-16823 Moderate 19037-16820 Moderate 19038-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 19037-16820 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 19038-16823 CBL-Mariner Releases 19037-16820 No Security Update 2.4.46-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19037-16820 CBL-Mariner Releases CBL-Mariner Releases 19038-16823 No Security Update 2.4.46-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19038-16823 CBL-Mariner Releases 1.0 2021-06-22T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added httpd to CBL-Mariner 2.0</p> A flaw was found in postgresql in versions before 13.3 before 12.7 before 11.12 before 10.17 and before 9.6.22. While modifying certain SQL array values missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-32027 Integer Overflow or Wraparound 19044-16820 19044-16820 Important 19044-16820 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19044-16820 CBL-Mariner Releases 19044-16820 No Security Update 12.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19044-16820 CBL-Mariner Releases 1.0 2021-06-11T00:00:00 <p>Information published.</p> Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm and the window size is not chosen appropriately. This for example affects use of ElGamal in OpenPGP. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-33560 Observable Discrepancy 19041-16820 19041-16820 Important 19041-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19041-16820 CBL-Mariner Releases 19041-16820 No Security Update 1.8.7-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19041-16820 CBL-Mariner Releases 1.0 2021-06-16T00:00:00 <p>Information published.</p> net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-34693 Missing Initialization of Resource 16919-16820 16920-16823 16919-16820 16920-16823 Moderate 16919-16820 Moderate 16920-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 16919-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 16920-16823 CBL-Mariner Releases 16919-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16919-16820 CBL-Mariner Releases CBL-Mariner Releases 16920-16823 No Security Update 5.10.78.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16920-16823 CBL-Mariner Releases 1.0 2021-06-22T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3545 Use of Uninitialized Resource 19046-16820 19046-16820 Moderate 19046-16820 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 19046-16820 CBL-Mariner Releases 19046-16820 No Security Update 4.2.0-37 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19046-16820 CBL-Mariner Releases 1.0 2021-06-10T00:00:00 <p>Information published.</p> An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command from the guest. It could allow a privileged guest user to crash the QEMU process on the host resulting in a denial of service condition or potential code execution with the privileges of the QEMU process. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3546 Out-of-bounds Write 19045-16820 19045-16820 Important 19045-16820 8.2 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 19045-16820 CBL-Mariner Releases 19045-16820 No Security Update 4.2.0-34 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19045-16820 CBL-Mariner Releases 1.0 2021-06-10T00:00:00 <p>Information published.</p> A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3564 Double Free 16919-16820 16920-16823 17065-17084 19529-17084 16919-16820 16920-16823 17065-17084 19529-17084 Moderate 16919-16820 Moderate 16920-16823 Moderate 17065-17084 Moderate 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 16919-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 16920-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17065-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 CBL-Mariner Releases 16919-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16919-16820 CBL-Mariner Releases CBL-Mariner Releases 16920-16823 No Security Update 5.10.78.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16920-16823 CBL-Mariner Releases CBL-Mariner Releases 17065-17084 19529-17084 No Security Update 6.6.35.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17065-17084 19529-17084 CBL-Mariner Releases 1.0 2021-06-18T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> 1.2 2026-02-19T01:09:17 <p>Information published.</p> Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2020-17541 Out-of-bounds Write 19114-16820 19115-16823 19114-16820 19115-16823 Important 19114-16820 Important 19115-16823 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19114-16820 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19115-16823 CBL-Mariner Releases 19114-16820 No Security Update 2.0.0-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19114-16820 CBL-Mariner Releases CBL-Mariner Releases 19115-16823 No Security Update 2.0.0-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19115-16823 CBL-Mariner Releases 1.0 2021-06-11T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added libjpeg-turbo to CBL-Mariner 2.0</p> The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption as demonstrated by a situation with a complex regular expression for the regex extension. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2020-28200 Allocation of Resources Without Limits or Throttling 19201-16823 19201-16823 Moderate 19201-16823 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 19201-16823 CBL-Mariner Releases 19201-16823 No Security Update 2.3.20-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19201-16823 CBL-Mariner Releases 1.0 2022-01-19T00:00:00 <p>Information published.</p> mod_auth_digest possible stack overflow by one nul byte <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2020-35452 Out-of-bounds Write 19037-16820 19038-16823 19037-16820 19038-16823 Important 19037-16820 Important 19038-16823 7.3 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 19037-16820 7.3 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 19038-16823 CBL-Mariner Releases 19037-16820 No Security Update 2.4.46-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19037-16820 CBL-Mariner Releases CBL-Mariner Releases 19038-16823 No Security Update 2.4.46-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19038-16823 CBL-Mariner Releases 1.0 2021-06-17T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added httpd to CBL-Mariner 2.0</p> mod_proxy_wstunnel tunneling of non Upgraded connections <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2019-17567 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') 16886-16820 17030-16823 16886-16820 17030-16823 Moderate 16886-16820 Moderate 17030-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 16886-16820 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 17030-16823 CBL-Mariner Releases 16886-16820 No Security Update 2.4.49-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16886-16820 CBL-Mariner Releases CBL-Mariner Releases 17030-16823 No Security Update 2.4.52-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17030-16823 CBL-Mariner Releases 1.0 2021-06-17T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added httpd to CBL-Mariner 2.0</p> NULL pointer dereference on specially crafted HTTP/2 request <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2021-31618 NULL Pointer Dereference 17683-17084 17683-17084 Important 17683-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17683-17084 CBL-Mariner Releases 17683-17084 No Security Update 2.0.29-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17683-17084 CBL-Mariner Releases 1.0 2025-05-15T00:00:00 <p>Information published.</p> A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner TianoCore Yes CVE-2021-28211 Heap-based Buffer Overflow 19662-17086 17093-17086 19662-17086 17093-17086 19662-17086 Moderate 17093-17086 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 19662-17086 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 17093-17086 1.0 2025-09-04T02:46:24 <p>Information published.</p> 2.0 2026-02-18T02:40:57 <p>Information published.</p> Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3544 Missing Release of Memory after Effective Lifetime 18533-16820 18533-16820 Moderate 18533-16820 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 18533-16820 CBL-Mariner Releases 18533-16820 No Security Update 4.2.0-48 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18533-16820 CBL-Mariner Releases 1.0 2025-10-01T23:11:10 <p>Information published.</p> curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library which has the surprising side-effect that if an application sets up multiple concurrent transfers the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario this weakens transport security significantly. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2021-22897 Exposure of Resource to Wrong Sphere 19040-16820 19009-16823 19040-16820 19009-16823 Moderate 19040-16820 Moderate 19009-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 19040-16820 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 19009-16823 CBL-Mariner Releases 19040-16820 No Security Update 7.76.0-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19040-16820 CBL-Mariner Releases CBL-Mariner Releases 19009-16823 No Security Update 7.76.0-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19009-16823 CBL-Mariner Releases 1.0 2021-06-23T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added curl to CBL-Mariner 2.0</p> An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative e.g. access to element -2 of an array aka CID-298a58e165e4. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-32078 Out-of-bounds Read 18667-16820 18929-16823 18667-16820 18929-16823 Important 18667-16820 Important 18929-16823 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 18667-16820 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 18929-16823 CBL-Mariner Releases 18667-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18667-16820 CBL-Mariner Releases CBL-Mariner Releases 18929-16823 No Security Update 5.15.2.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18929-16823 CBL-Mariner Releases 1.0 2021-06-23T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> Repository credentials passed to alternate domain <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2021-32690 Exposure of Sensitive Information to an Unauthorized Actor 18994-16820 18995-16823 18994-16820 18995-16823 Important 18994-16820 Important 18995-16823 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 18994-16820 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 18995-16823 CBL-Mariner Releases 18994-16820 18995-16823 No Security Update 3.4.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18994-16820 18995-16823 CBL-Mariner Releases 1.0 2021-09-27T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added helm to CBL-Mariner 2.0</p> HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically those within 1 second of their maximum TTL) which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9 1.6.5 and 1.7.2. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-32923 Insufficient Session Expiration 19877-17084 17761-17084 19877-17084 17761-17084 Important 19877-17084 Important 17761-17084 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 19877-17084 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 17761-17084 CBL-Mariner Releases 19877-17084 17761-17084 No Security Update 2.14.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19877-17084 17761-17084 CBL-Mariner Releases 1.1 2026-02-18T02:07:25 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-33503 Uncontrolled Resource Consumption 16991-16820 19036-16823 18469-17084 19849-17086 17171-17086 16991-16820 19036-16823 18469-17084 19849-17086 17171-17086 Important 16991-16820 Important 19036-16823 Important 18469-17084 19849-17086 Important 17171-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 16991-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19036-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18469-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19849-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17171-17086 CBL-Mariner Releases 16991-16820 No Security Update 1.25.9-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16991-16820 CBL-Mariner Releases CBL-Mariner Releases 19036-16823 No Security Update 1.25.9-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19036-16823 CBL-Mariner Releases 2.0 2026-02-18T14:13:20 <p>Information published.</p> 1.0 2021-07-03T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added python-urllib3 to CBL-Mariner 2.0</p> The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-33515 Improper Neutralization of Special Elements used in a Command ('Command Injection') 19201-16823 19201-16823 Moderate 19201-16823 4.8 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N 19201-16823 CBL-Mariner Releases 19201-16823 No Security Update 2.3.20-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19201-16823 CBL-Mariner Releases 1.0 2022-01-19T00:00:00 <p>Information published.</p> In kernel/bpf/verifier.c in the Linux kernel before 5.12.13 a branch can be mispredicted (e.g. because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack aka CID-9183671af6db. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-33624 Access of Resource Using Incompatible Type ('Type Confusion') 16919-16820 16920-16823 16919-16820 16920-16823 Moderate 16919-16820 Moderate 16920-16823 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 16919-16820 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 16920-16823 CBL-Mariner Releases 16919-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16919-16820 CBL-Mariner Releases CBL-Mariner Releases 16920-16823 No Security Update 5.10.78.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16920-16823 CBL-Mariner Releases 1.0 2021-07-07T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service which becomes unresponsive after this flaw is triggered. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3468 Loop with Unreachable Exit Condition ('Infinite Loop') 17556-17084 16915-16823 19075-17084 17556-17084 16915-16823 19075-17084 Moderate 17556-17084 Moderate 16915-16823 Moderate 19075-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17556-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 16915-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19075-17084 CBL-Mariner Releases 17556-17084 16915-16823 19075-17084 No Security Update 0.8-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17556-17084 16915-16823 19075-17084 CBL-Mariner Releases 1.2 2026-02-18T14:59:05 <p>Information published.</p> 1.0 2021-12-16T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3565 Use of Hard-coded Credentials 19042-16820 19043-16823 19042-16820 19043-16823 Moderate 19042-16820 Moderate 19043-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 19042-16820 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 19043-16823 CBL-Mariner Releases 19042-16820 19043-16823 No Security Update 4.2-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19042-16820 19043-16823 CBL-Mariner Releases 1.0 2021-06-15T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added tpm2-tools to CBL-Mariner 2.0</p> memory contents disclosure in cli_feat_read_cb <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner canonical Yes CVE-2021-3588 Out-of-bounds Read 19481-16823 19481-16823 Low 19481-16823 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 19481-16823 CBL-Mariner Releases 19481-16823 No Security Update 5.63-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19481-16823 CBL-Mariner Releases 1.0 2022-01-19T00:00:00 <p>Information published.</p> mod_proxy_http NULL pointer dereference <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2020-13950 NULL Pointer Dereference 19037-16820 19038-16823 19037-16820 19038-16823 Important 19037-16820 Important 19038-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19037-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19038-16823 CBL-Mariner Releases 19037-16820 No Security Update 2.4.46-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19037-16820 CBL-Mariner Releases CBL-Mariner Releases 19038-16823 No Security Update 2.4.46-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19038-16823 CBL-Mariner Releases 1.0 2021-06-17T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added httpd to CBL-Mariner 2.0</p> A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a denial of service. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2020-27661 Divide By Zero 19050-16820 19050-16820 Moderate 19050-16820 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 19050-16820 CBL-Mariner Releases 19050-16820 No Security Update 4.2.0-33 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19050-16820 CBL-Mariner Releases 1.0 2021-06-15T00:00:00 <p>Information published.</p> A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2020-35503 NULL Pointer Dereference 18533-16820 18533-16820 Moderate 18533-16820 6.0 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H 18533-16820 CBL-Mariner Releases 18533-16820 No Security Update 4.2.0-48 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18533-16820 CBL-Mariner Releases 1.0 2025-10-01T23:11:06 <p>Information published.</p> A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive file to a new email. If a victim user does not notice that an attachment was added and sends the email, this could result in sensitive information disclosure. It has been confirmed that the code behind this issue is in xdg-email and not in Thunderbird. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2020-27748 Insertion of Sensitive Information Into Sent Data 19195-16823 19195-16823 Moderate 19195-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 19195-16823 CBL-Mariner Releases 19195-16823 No Security Update 1.1.3-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19195-16823 CBL-Mariner Releases 1.0 2025-10-01T23:11:05 <p>Information published.</p> Null pointer dereference in Tianocore EDK2 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner intel Yes CVE-2019-14584 NULL Pointer Dereference 19887-17084 19662-17086 17093-17086 17012-16817 17013-16817 17012-17084 17013-17084 19890-17084 19887-17084 19662-17086 17093-17086 17012-16817 17013-16817 17012-17084 17013-17084 19890-17084 Important 19887-17084 19662-17086 Important 17093-17086 Important 17012-16817 Important 17013-16817 Important 17012-17084 Important 17013-17084 Important 19890-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19887-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19662-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17093-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17012-16817 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17013-16817 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17012-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17013-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19890-17084 CBL-Mariner Releases 19887-17084 17012-16817 17013-16817 17012-17084 17013-17084 19890-17084 No Security Update 15.8-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19887-17084 17012-16817 17013-16817 17012-17084 17013-17084 19890-17084 CBL-Mariner Releases 1.0 2024-12-07T00:00:00 <p>Information published.</p> 1.3 2024-12-10T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 1.8 2024-12-15T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 2.0 2024-12-17T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 2.1 2024-12-18T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 2.3 2024-12-20T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 2.4 2024-12-21T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 2.5 2024-12-22T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 2.6 2024-12-23T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 3.3 2024-12-30T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 3.5 2025-01-01T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 3.6 2025-01-02T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 3.9 2025-01-05T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 4.0 2025-01-06T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 4.1 2025-01-07T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 4.3 2025-01-09T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 4.4 2025-01-10T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 4.6 2025-01-12T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 5.0 2025-01-17T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 5.2 2025-01-19T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 5.3 2025-01-20T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 5.5 2025-01-22T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 5.7 2025-01-24T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 5.9 2025-01-27T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 6.3 2025-02-01T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 6.4 2025-02-02T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 6.5 2025-02-03T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 6.7 2025-02-05T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 6.8 2025-02-07T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 6.9 2025-02-08T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 7.2 2025-02-11T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 7.3 2025-02-12T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 7.8 2025-02-17T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 7.9 2025-02-18T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 8.0 2025-02-19T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 8.2 2025-02-21T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 8.5 2025-02-24T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 8.7 2025-02-26T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 8.9 2025-02-28T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 9.1 2025-03-02T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 9.2 2025-03-03T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 9.4 2025-03-05T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 9.5 2025-03-06T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 9.6 2025-03-08T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 10.1 2025-03-14T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 10.5 2025-03-18T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 10.8 2025-03-21T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 11.0 2025-03-23T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 11.1 2025-03-24T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 11.4 2025-03-27T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 11.5 2025-03-28T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 11.7 2025-03-30T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 11.9 2025-04-01T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 12.1 2025-04-04T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 12.2 2025-04-05T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 12.3 2025-04-06T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 12.4 2025-04-07T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 12.5 2025-04-08T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 12.9 2025-04-13T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 13.0 2025-04-14T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 13.3 2025-04-17T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 13.6 2025-04-20T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 14.5 2025-04-30T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 14.8 2025-05-03T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 14.9 2025-05-04T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 15.0 2025-05-05T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 15.2 2025-05-07T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 15.5 2025-05-10T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 15.6 2025-05-11T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 15.7 2025-05-12T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 15.9 2025-05-14T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 16.0 2025-05-15T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 16.2 2025-05-17T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 16.5 2025-05-20T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 16.6 2025-05-21T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 16.9 2025-05-24T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 17.1 2025-05-26T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 17.2 2025-05-27T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 20.0 2025-05-31T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 21.0 2025-06-01T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 23.0 2026-02-21T01:42:48 <p>Information published.</p> 1.1 2024-12-08T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 1.2 2024-12-09T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 1.4 2024-12-11T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 1.5 2024-12-12T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 1.6 2024-12-13T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 1.7 2024-12-14T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 1.9 2024-12-16T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 2.2 2024-12-19T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 2.7 2024-12-24T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 2.8 2024-12-25T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 2.9 2024-12-26T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 3.0 2024-12-27T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 3.1 2024-12-28T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 3.2 2024-12-29T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 3.4 2024-12-31T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 3.7 2025-01-03T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 3.8 2025-01-04T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 4.2 2025-01-08T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 4.5 2025-01-11T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 4.7 2025-01-13T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 4.8 2025-01-15T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 4.9 2025-01-16T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 5.1 2025-01-18T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 5.4 2025-01-21T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 5.6 2025-01-23T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 5.8 2025-01-25T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 6.0 2025-01-28T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 6.1 2025-01-29T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 6.2 2025-01-30T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 6.6 2025-02-04T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 7.0 2025-02-09T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 7.1 2025-02-10T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 7.4 2025-02-13T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 7.5 2025-02-14T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 7.6 2025-02-15T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 7.7 2025-02-16T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 8.1 2025-02-20T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 8.3 2025-02-22T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 8.4 2025-02-23T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 8.6 2025-02-25T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 8.8 2025-02-27T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 9.0 2025-03-01T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 9.3 2025-03-04T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 9.7 2025-03-09T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 9.8 2025-03-10T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 9.9 2025-03-11T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 10.0 2025-03-12T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 10.2 2025-03-15T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 10.3 2025-03-16T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 10.4 2025-03-17T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 10.6 2025-03-19T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 10.7 2025-03-20T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 10.9 2025-03-22T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 11.2 2025-03-25T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 11.3 2025-03-26T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 11.6 2025-03-29T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 11.8 2025-03-31T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 12.0 2025-04-03T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 12.6 2025-04-09T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 12.7 2025-04-11T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 12.8 2025-04-12T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 13.1 2025-04-15T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 13.2 2025-04-16T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 13.4 2025-04-18T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 13.5 2025-04-19T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 13.7 2025-04-21T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 13.8 2025-04-22T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 13.9 2025-04-23T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 14.0 2025-04-24T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 14.1 2025-04-25T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 14.2 2025-04-26T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 14.3 2025-04-28T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 14.4 2025-04-29T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 14.6 2025-05-01T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 14.7 2025-05-02T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 15.1 2025-05-06T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 15.3 2025-05-08T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 15.4 2025-05-09T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 15.8 2025-05-13T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 16.1 2025-05-16T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 16.3 2025-05-18T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 16.4 2025-05-19T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 16.7 2025-05-22T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 16.8 2025-05-23T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 17.0 2025-05-25T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 18.0 2025-05-28T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 19.0 2025-05-30T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> 22.0 2025-06-02T00:00:00 <p>Added shim-unsigned-aarch64 to Azure Linux 3.0</p> lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2018-10195 Integer Overflow or Wraparound 16930-16823 16930-16823 Important 16930-16823 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 16930-16823 CBL-Mariner Releases 16930-16823 No Security Update 0.12.20-50 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16930-16823 CBL-Mariner Releases 1.0 2025-10-01T23:11:00 <p>Information published.</p> An unlimited recursion in DxeCore in EDK II. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner TianoCore Yes CVE-2021-28210 Uncontrolled Recursion 19662-17086 17093-17086 19662-17086 17093-17086 19662-17086 Important 17093-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19662-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17093-17086 1.0 2025-09-04T03:47:50 <p>Information published.</p> 2.0 2026-02-18T02:48:45 <p>Information published.</p> Windows DCOM Server Security Feature Bypass <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.</p> <p><strong>Do I need to take further steps to be protected from this vulnerability?</strong></p> <p>Yes. The security updates released on June 8, 2021 enable RPC_C_AUTHN_LEVEL_PKT_INTEGRITY on DCOM clients by default and provide full protection after manually setting RequireIntegrityActivationAuthenticationLevel = 1 on DCOM servers using the steps in <a href="https://support.microsoft.com/help/5004442">Managing changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414)</a>. Note that a reboot is required after making any changes to the RequireIntegrityActivationAuthenticationLevel registry key. Microsoft recommends enabling full protection as soon as possible to identify any OS and application intermobility issues between Windows and non-Windows operating systems and applications.</p> <p>With the June 14, 2022 security updates, RPC_C_AUTHN_LEVEL_PKT_INTEGRITY on DCOM servers is now enabled by default. Customer who need to do so can still disable it by using the RequireIntegrityActivationAuthenticationLevel registry key.</p> <p><strong>If I install the updates and take no further action, what will be the impact?</strong></p> <p>Installing the security updates released on June 8, 2021 enables client side protections in a pure Windows environment but does not provide any protection in environments with non-Windows DCOM client. Organizations will need to identify and mitigate any interop issues between Windows and non-Windows operating systems and applications before the third phase, when the hardening on DCOM servers is enabled by default and will no longer have the ability to be disabled.</p> <p>Installing the security updates released on June 14, 2022 enables the registry key by default so that DCOM servers enforce an Authentication-Level of RPC_C_AUTHN_LEVEL_PKT_INTEGRITY or higher for activation.</p> <p><strong>How does Microsoft plan to address this vulnerability?</strong></p> <p>Microsoft is addressing this vulnerability in a phased rollout. The initial deployment phase starts with the Windows updates released on June 8, 2021. The updates will enable customers to verify that any client/server applications in their environment work as expected with the hardening changes enabled.</p> <p>The second phase, planned for an June 14, 2022, programmatically enables the hardening on DCOM servers by default that can be disabled via the RequireIntegrityActivationAuthenticationLevel registry key if necessary.</p> <p>The third phase, planned for March 14, 2023, enables the hardening on DCOM servers by default and will no longer have the ability to be disabled. By this point, you must resolve any compatibility issues with the hardening changes and applications in your environment.</p> <p><strong>Are there system events available that will help me identify the client devices that will be impacted by the change?</strong></p> <p>Yes. See the <strong>New DCOM error events</strong> section of <a href="https://support.microsoft.com/help/5004442">Managing changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414)</a>. While the first security updates to address this vulnerability were released on June 2021, we recommend that you install the updates released on September 2021 to enable DCOM event logs that were added with those updates.</p> Windows DCOM Server Microsoft CVE-2021-26414 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11712 Security Feature Bypass 11713 Security Feature Bypass 11714 Security Feature Bypass 11896 Security Feature Bypass 11897 Security Feature Bypass 11898 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11801 Security Feature Bypass 11802 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10047 Security Feature Bypass 10048 Security Feature Bypass 10481 Security Feature Bypass 10482 Security Feature Bypass 10484 Security Feature Bypass 9312 Security Feature Bypass 10287 Security Feature Bypass 9318 Security Feature Bypass 9344 Security Feature Bypass 10051 Security Feature Bypass 10049 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11568 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11569 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11570 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11571 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11572 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11712 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11713 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11714 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11896 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11897 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11898 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11923 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11924 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11801 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11802 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11926 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11927 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11929 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11930 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11931 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10729 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10735 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10852 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10853 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10816 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10855 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10047 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10048 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10481 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10482 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10484 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 9312 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10287 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 9318 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 9344 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10051 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10049 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10378 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10379 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10483 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5014701 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014701 5013945 11712 11713 11714 Yes Security Update 10.0.18363.2344 5014699 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014699 5013942 11896 11897 11898 Yes Security Update 10.0.19043.1766 5014699 https://support.microsoft.com/help/5014699 11896 11897 11898 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023787 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023787 10729 10735 Yes ServicingStackUpdate 10.0.10240.19802 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5014748 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014748 5014012 10047 10048 Yes Monthly Rollup 6.1.7601.25984 5014748 https://support.microsoft.com/help/5014748 10047 10048 5014742 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014742 10047 10048 Yes Security Only 6.1.7601.25984 5014742 https://support.microsoft.com/help/5014742 10047 10048 5014738 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014738 5014011 10481 10482 Yes Monthly Rollup 6.3.9600.20402 5014738 https://support.microsoft.com/help/5014738 10481 10482 10484 5014746 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014746 10481 10482 Yes Security Only 6.3.9600.20402 5014746 https://support.microsoft.com/help/5014746 10481 10482 5014738 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014738 10484 Yes Monthly Rollup 6.3.9600.20402 5023755 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023755 5022890 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21966 5023755 https://support.microsoft.com/help/5023755 9312 10287 9318 9344 5023754 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023754 9312 10287 9318 9344 Security Only 6.0.6003.21966 5023754 https://support.microsoft.com/help/5023754 9312 10287 9318 9344 5023769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023769 5022874 10051 10049 Monthly Rollup 6.1.7601.26415 5023769 https://support.microsoft.com/help/5023769 10051 10049 5023759 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023759 10051 10049 Yes Security Only 6.1.7601.26415 5023759 https://support.microsoft.com/help/5023759 10051 10049 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 Dlive (https://twitter.com/D1iv3) of Tencent Security Xuanwu Lab 1.0 2021-06-08T07:00:00 <p>Information published.</p> 1.1 2021-11-03T07:00:00 <p>Updated FAQ with revised planned dates for phases two and three; added FAQ to provide link to information about system events. These are informational changes only.</p> 2.0 2022-06-14T07:00:00 <p>Microsoft is announcing the release of the June 14, 2022 Windows security updates to address the second phase of hardening changes for this vulnerability. After these updates are installed, RPC_C_AUTHN_LEVEL_PKT_INTEGRITY on DCOM servers will be enabled by default. Customers who need to do so can still disable it by using the RequireIntegrityActivationAuthenticationLevel registry key. Microsoft strongly recommends that customers install the June 14, 2022 updates, complete testing in your environment, and enable these hardening changes as soon as possible.</p> 3.0 2022-06-28T07:00:00 <p>In the Security Updates table, added all supported editions of Windows 10 version 21H2, Windows Windows 11, and Windows Server 2022 as they are affected by this vulnerability. Customers running any of these versions of Windows should install the June 14, 2022 security updates to be protected from this vulnerability. After these updates are installed, RPC_C_AUTHN_LEVEL_PKT_INTEGRITY on DCOM servers will be enabled by default. Customers who need to do so can still disable it by using the RequireIntegrityActivationAuthenticationLevel registry key. Microsoft strongly recommends that customers install the updates, complete testing in your environment, and enable these hardening changes as soon as possible.</p> 1.2 2022-01-26T08:00:00 <p>Updated FAQs as follows: Revised planned dates for phases two and three; Added recommendation to install September 2021 security updates to enable DCOM event logs that were added with those updates. These are informational changes only.</p> 1.3 2022-02-24T08:00:00 <p>Updated FAQs with revised planned dates for phases two and three. This is an informational change only.</p> 2.1 2022-06-20T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> 4.1 2023-04-25T07:00:00 <p>Updated links to security updates. This is an informational change only.</p> 3.1 2022-09-15T07:00:00 <p>Fixed a typographical error. This is an information change only.</p> 4.0 2023-03-14T07:00:00 <p>Microsoft is announcing the release of the March 14, 2023 Windows security updates for all supported editions. These updates address the third phase of hardening changes for this vulnerability. After these updates are installed, hardening is enabled by default and customers will no longer have the ability to disable it. Microsoft strongly recommends that customers install the March 14, 2023 updates, but before doing so customers should resolve any compatibility issues with the hardening changes and applications in your environment. For more information see <a href="https://support.microsoft.com/help/5004442">Managing changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414)</a>.</p> Microsoft SharePoint Server Remote Code Execution Vulnerability Microsoft Office SharePoint Microsoft CVE-2021-26420 10950 11585 10612 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 10612 Important 10950 Important 11585 Important 10612 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 10950 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11585 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 10612 5001946 https://www.microsoft.com/downloads/details.aspx?familyid=29e155c6-6f3d-4f43-b08b-2f7976876511 5001917 10950 Maybe Security Update 16.0.5173.1000 5001946 https://support.microsoft.com/help/5001946 10950 5001944 https://www.microsoft.com/downloads/details.aspx?familyid=b009b05d-86c1-404d-947d-759d1a60ae12 5001916 11585 Maybe Security Update 16.0.10375.20000 5001944 https://support.microsoft.com/help/5001944 11585 5001962 https://www.microsoft.com/downloads/details.aspx?familyid=a8ba0918-5776-4ba8-98dc-4cb71653ee0d 5001935 10612 Maybe Security Update 15.0.5353.1000 5001962 https://support.microsoft.com/help/5001962 10612 Anonymous working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2021-06-08T07:00:00 <p>Information published.</p> Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of this vulnerability requires that a user install the Visual Studio Code Kubernetes Tools extension or operate Visual Studio Code using that extension.</p> Visual Studio Code - Kubernetes Tools Microsoft CVE-2021-31938 11882 Elevation of Privilege 11882 Important 11882 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11882 Release Notes https://marketplace.visualstudio.com/items?itemName=ms-kubernetes-tools.vscode-kubernetes-tools 11882 Maybe Security Update 1.3.1 Gerardo Di Giacomo, <a href="https://www.stripe.com">Stripe Inc.</a> Gerardo Di Giacomo, <a href="https://www.stripe.com">Stripe Inc.</a> 1.0 2021-06-08T07:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> Microsoft Office Excel Microsoft CVE-2021-31939 10836 11573 11574 11762 11763 10739 10740 10753 10754 10656 10654 10655 10603 10601 10602 10611 Remote Code Execution 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 10739 Remote Code Execution 10740 Remote Code Execution 10753 Remote Code Execution 10754 Remote Code Execution 10656 Remote Code Execution 10654 Remote Code Execution 10655 Remote Code Execution 10603 Remote Code Execution 10601 Remote Code Execution 10602 Remote Code Execution 10611 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 10739 Important 10740 Important 10753 Important 10754 Important 10656 Important 10654 Important 10655 Important 10603 Important 10601 Important 10602 Important 10611 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10656 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10654 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10655 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10603 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10601 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10602 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10611 5001943 https://www.microsoft.com/downloads/details.aspx?familyid=51625c15-0a84-483b-a42b-0e543fe5892c 5001914 10836 Maybe Security Update 16.0.10375.20000 Click to Run 11573 11574 11762 11763 No Security Update https://aka.ms/OfficeSecurityReleases 5001947 https://www.microsoft.com/downloads/details.aspx?familyid=23ed6e93-7fdd-4abb-aa2f-093f991d1af1 5001918 10739 Maybe Security Update 16.0.5173.1000 5001947 https://www.microsoft.com/downloads/details.aspx?familyid=54a50fa6-521d-4629-a86e-157fe9b3c3be 5001918 10740 Maybe Security Update 16.0.5173.1000 5001951 https://www.microsoft.com/downloads/details.aspx?familyid=aeba7560-f7a3-42de-8da3-32be6266ab6b 5001923 10753 Maybe Security Update 16.0.5173.1000 5001951 https://www.microsoft.com/downloads/details.aspx?familyid=bb34a88c-3129-4ff1-ad8f-18e4ff8d3f9f 5001923 10754 Maybe Security Update 16.0.5173.1000 5001963 5001936 10656 Maybe Security Update 15.0.5353.1000 5001963 https://www.microsoft.com/downloads/details.aspx?familyid=4ce7e7a6-ae05-4a51-821c-52e9c26e32fe 5001936 10654 Maybe Security Update 15.0.5353.1000 5001963 https://www.microsoft.com/downloads/details.aspx?familyid=23fd8f80-0c94-4356-bdaf-b2c172e53dde 5001936 10655 Maybe Security Update 15.0.5353.1000 5001955 5001927 10603 Maybe Security Update 15.0.5353.1000 5001955 https://www.microsoft.com/downloads/details.aspx?familyid=0641626c-c3a7-42fe-acd6-29b6c1cedc7a 5001927 10601 Maybe Security Update 15.0.5353.1000 5001955 https://www.microsoft.com/downloads/details.aspx?familyid=31df4c19-efb1-457a-8824-c66539a4a0cb 5001927 10602 Maybe Security Update 15.0.5353.1000 5001956 https://www.microsoft.com/downloads/details.aspx?familyid=832cc522-e7bd-4ae0-aade-971186898774 5001928 10611 Maybe Security Update 15.0.5353.1000 <a href="https://twitter.com/b2ahex">Ryelv</a> with Tencent <a href="https://twitter.com/jq0904">Jinquan</a> of DBAPPSecurity Lieying Lab kdot working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> Zhangjie and willJ from cdsrc Sagi Tzadik and Netanel Ben-Simon of Check Point Research 1.0 2021-06-08T07:00:00 <p>Information published.</p> Microsoft Office Graphics Remote Code Execution Vulnerability <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> Microsoft Office Microsoft CVE-2021-31940 11573 11574 11575 11762 11763 10753 10754 10603 10601 10602 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11575 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 10753 Remote Code Execution 10754 Remote Code Execution 10603 Remote Code Execution 10601 Remote Code Execution 10602 Important 11573 Important 11574 Important 11575 Important 11762 Important 11763 Important 10753 Important 10754 Important 10603 Important 10601 Important 10602 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11575 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10603 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10601 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10602 Click to Run 11573 11574 11762 11763 No Security Update https://aka.ms/OfficeSecurityReleases Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11575 No Security Update 16.50.21061301 5001950 https://www.microsoft.com/downloads/details.aspx?familyid=942bbb28-3453-435d-97d6-5a5d9f44fa0b 5001920 10753 Maybe Security Update 16.0.5173.1000 5001950 https://www.microsoft.com/downloads/details.aspx?familyid=5e178a0b-fe53-42cf-830c-1953e263f59f 5001920 10754 Maybe Security Update 16.0.5173.1000 5001953 5001925 10603 Maybe Security Update 15.0.5353.1000 5001953 https://www.microsoft.com/downloads/details.aspx?familyid=d1c5b4c7-8be1-4ea4-9fb9-53f5f6051581 5001925 10601 Maybe Security Update 15.0.5353.1000 5001953 https://www.microsoft.com/downloads/details.aspx?familyid=79c774d1-e606-42c6-91ae-ea644cb2f0ae 5001925 10602 Maybe Security Update 15.0.5353.1000 Zhangjie and willJ from cdsrc 1.0 2021-06-08T07:00:00 <p>Information published.</p> 2.0 2021-06-15T07:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> Microsoft Office Graphics Remote Code Execution Vulnerability <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> Microsoft Office Microsoft CVE-2021-31941 11573 11574 11575 11762 11763 10753 10754 10603 10601 10602 10407 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11575 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 10753 Remote Code Execution 10754 Remote Code Execution 10603 Remote Code Execution 10601 Remote Code Execution 10602 Remote Code Execution 10407 Important 11573 Important 11574 Important 11575 Important 11762 Important 11763 Important 10753 Important 10754 Important 10603 Important 10601 Important 10602 Important 10407 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11575 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10603 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10601 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10602 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10407 Click to Run 11573 11574 11762 11763 No Security Update https://aka.ms/OfficeSecurityReleases Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11575 No Security Update 16.50.21061301 5001950 https://www.microsoft.com/downloads/details.aspx?familyid=942bbb28-3453-435d-97d6-5a5d9f44fa0b 5001920 10753 Maybe Security Update 16.0.5173.1000 5001950 https://www.microsoft.com/downloads/details.aspx?familyid=5e178a0b-fe53-42cf-830c-1953e263f59f 5001920 10754 Maybe Security Update 16.0.5173.1000 5001953 5001925 10603 Maybe Security Update 15.0.5353.1000 5001953 https://www.microsoft.com/downloads/details.aspx?familyid=d1c5b4c7-8be1-4ea4-9fb9-53f5f6051581 5001925 10601 Maybe Security Update 15.0.5353.1000 5001953 https://www.microsoft.com/downloads/details.aspx?familyid=79c774d1-e606-42c6-91ae-ea644cb2f0ae 5001925 10602 Maybe Security Update 15.0.5353.1000 5001934 4504733 10407 Maybe Security Update 15.0.5475.1000 kdot working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2021-06-08T07:00:00 <p>Information published.</p> 2.0 2021-06-15T07:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> 3D Viewer Remote Code Execution Vulnerability <p><strong>How do I get the updated app?</strong></p> <p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">here</a> for details.</p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers.</p> <p><strong>My system is in a disconnected environment; is it vulnerable?</strong></p> <p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p> <p><strong>How can I check if the update is installed?</strong></p> <p>App package versions <strong>7.2105.4012.0</strong> and later contain this update.</p> <p>You can check the package version in PowerShell:</p> <p><code>Get-AppxPackage -Name Microsoft.Microsoft3DViewer</code></p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> 3D Viewer Microsoft CVE-2021-31942 11760 Remote Code Execution 11760 Important 11760 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11760 Release Notes https://www.microsoft.com/en-us/p/3d-viewer/9nblggh42ths?activetab=pivot:overviewtab 11760 Maybe Security Update 7.2105.4012.0 Dhanesh Kizhakkinan of FireEye Inc. 1.0 2021-06-08T07:00:00 <p>Information published.</p> 3D Viewer Remote Code Execution Vulnerability <p><strong>How do I get the updated app?</strong></p> <p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">here</a> for details.</p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers.</p> <p><strong>My system is in a disconnected environment; is it vulnerable?</strong></p> <p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p> <p><strong>How can I check if the update is installed?</strong></p> <p>App package versions <strong>7.2105.4012.0</strong> and later contain this update.</p> <p>You can check the package version in PowerShell:</p> <p><code>Get-AppxPackage -Name Microsoft.Microsoft3DViewer</code></p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> 3D Viewer Microsoft CVE-2021-31943 11760 Remote Code Execution 11760 Important 11760 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11760 Release Notes https://www.microsoft.com/en-us/p/3d-viewer/9nblggh42ths?activetab=pivot:overviewtab 11760 Maybe Security Update 7.2105.4012.0 Dhanesh Kizhakkinan of FireEye Inc. 1.0 2021-06-08T07:00:00 <p>Information published.</p> 3D Viewer Information Disclosure Vulnerability <p><strong>How do I get the updated app?</strong></p> <p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">here</a> for details.</p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers.</p> <p><strong>My system is in a disconnected environment; is it vulnerable?</strong></p> <p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p> <p><strong>How can I check if the update is installed?</strong></p> <p>App package versions <strong>7.2105.4012.0</strong> and later contain this update.</p> <p>You can check the package version in PowerShell:</p> <p><code>Get-AppxPackage -Name Microsoft.Microsoft3DViewer</code></p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> 3D Viewer Microsoft CVE-2021-31944 11760 Information Disclosure 11760 Important 11760 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11760 Release Notes https://www.microsoft.com/en-us/p/3d-viewer/9nblggh42ths?activetab=pivot:overviewtab 11760 Maybe Security Update 7.2105.4012.0 Li Qiao of Baidu Security Lab 1.0 2021-06-08T07:00:00 <p>Information published.</p> Paint 3D Remote Code Execution Vulnerability <p><strong>How do I get the updated app?</strong></p> <p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">here</a> for details.</p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers.</p> <p><strong>My system is in a disconnected environment; is it vulnerable?</strong></p> <p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p> <p><strong>How can I check if the update is installed?</strong></p> <p>App package versions <strong>6.2105.4017.0</strong> and later contain this update.</p> <p>You can check the package version in PowerShell:</p> <p><code>Get-AppxPackage -Name Microsoft.MSPaint</code></p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> Paint 3D Microsoft CVE-2021-31945 11758 Remote Code Execution 11758 Important 11758 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11758 Release Notes https://www.microsoft.com/en-us/p/paint-3d/9nblggh5fv99#activetab=pivot:overviewtab 11758 Maybe Security Update 6.2105.4017.0 Li Qiao of Baidu Security Lab garmin working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2021-06-08T07:00:00 <p>Information published.</p> Paint 3D Remote Code Execution Vulnerability <p><strong>How do I get the updated app?</strong></p> <p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">here</a> for details.</p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers.</p> <p><strong>My system is in a disconnected environment; is it vulnerable?</strong></p> <p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p> <p><strong>How can I check if the update is installed?</strong></p> <p>App package versions <strong>6.2105.4017.0</strong> and later contain this update.</p> <p>You can check the package version in PowerShell:</p> <p><code>Get-AppxPackage -Name Microsoft.MSPaint</code></p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> Paint 3D Microsoft CVE-2021-31946 11758 Remote Code Execution 11758 Important 11758 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11758 Release Notes https://www.microsoft.com/en-us/p/paint-3d/9nblggh5fv99#activetab=pivot:overviewtab 11758 Maybe Security Update 6.2105.4017.0 Li Qiao of Baidu Security Lab garmin working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> Mat Powell of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2021-06-08T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Microsoft CVE-2021-31951 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11766 Elevation of Privilege 11767 Elevation of Privilege 11768 Elevation of Privilege 11769 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11766 Important 11767 Important 11768 Important 11769 Important 11801 Important 11802 Important 11803 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11766 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11767 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11768 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11769 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 5003646 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003646 5003171 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.1999 5003646 https://support.microsoft.com/help/5003646 11568 11569 11570 11571 11572 5003635 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003635 5003169 11712 11713 11714 Yes Security Update 10.0.18363.1621 5003635 https://support.microsoft.com/help/5003635 11712 11713 11714 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11896 11897 11898 Yes Security Update 10.0.19043.1052 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11766 11767 11768 11769 Yes Security Update 10.0.19041.1052 5003637 https://support.microsoft.com/help/5003637 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11801 11802 11803 Yes Security Update 10.0.19042.1052 diversenok https://twitter.com/diversenok_zero 1.0 2021-06-08T07:00:00 <p>Information published.</p> Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Windows Kernel-Mode Drivers Microsoft CVE-2021-31952 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11766 Elevation of Privilege 11767 Elevation of Privilege 11768 Elevation of Privilege 11769 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11766 Important 11767 Important 11768 Important 11769 Important 11801 Important 11802 Important 11803 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11766 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11767 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11768 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11769 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 5003646 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003646 5003171 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.1999 5003646 https://support.microsoft.com/help/5003646 11568 11569 11570 11571 11572 5003635 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003635 5003169 11712 11713 11714 Yes Security Update 10.0.18363.1621 5003635 https://support.microsoft.com/help/5003635 11712 11713 11714 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11896 11897 11898 Yes Security Update 10.0.19043.1052 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11766 11767 11768 11769 Yes Security Update 10.0.19041.1052 5003637 https://support.microsoft.com/help/5003637 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11801 11802 11803 Yes Security Update 10.0.19042.1052 Microsoft Security Assurance & Vulnerability Research 1.0 2021-06-08T07:00:00 <p>Information published.</p> 1.1 2021-06-15T07:00:00 <p>Updated information to include CVSS scores. This is an informational change only.</p> Windows Filter Manager Elevation of Privilege Vulnerability Windows Filter Manager Microsoft CVE-2021-31953 11568 11569 11570 11571 11572 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5003646 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003646 5003171 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.1999 5003646 https://support.microsoft.com/help/5003646 11568 11569 11570 11571 11572 5003687 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003687 5003172 10729 10735 Yes Security Update 10.0.10240.18967 5003638 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003638 5003197 10852 10853 10816 10855 Yes Security Update 10.0.14393.4467 5003667 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003667 5003233 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25632 5003667 https://support.microsoft.com/help/5003667 10047 10048 10051 10049 5003694 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003694 10047 10048 10051 10049 Yes Security Only 6.1.7601.25632 5003694 https://support.microsoft.com/help/5003694 10047 10048 10051 10049 5003671 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003671 5003209 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20045 5003671 https://support.microsoft.com/help/5003671 10481 10482 10484 10483 10543 5003681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003681 10481 10482 10483 10543 Yes Security Only 6.3.9600.20044 5003681 https://support.microsoft.com/help/5003681 10481 10482 10483 10543 5003671 5003209 10484 Yes Monthly Rollup 6.3.9600.20045 5003661 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003661 5003210 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21137 5003661 https://support.microsoft.com/help/5003661 9312 10287 9318 9344 5003695 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003695 9312 10287 9318 9344 Yes Security Only 6.0.6003.21137 5003695 https://support.microsoft.com/help/5003695 9312 10287 9318 9344 5003697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003697 5003208 10378 10379 Yes Monthly Rollup 6.2.9200.23372 5003697 https://support.microsoft.com/help/5003697 10378 10379 5003696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003696 10378 10379 Yes Security Only 6.2.9200.23372 5003696 https://support.microsoft.com/help/5003696 10378 10379 Ben Splittgerber 1.0 2021-06-08T07:00:00 <p>Information published.</p> Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Microsoft CVE-2021-31954 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11766 Elevation of Privilege 11767 Elevation of Privilege 11768 Elevation of Privilege 11769 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11766 Important 11767 Important 11768 Important 11769 Important 11801 Important 11802 Important 11803 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11766 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11767 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11768 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11769 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5003646 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003646 5003171 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.1999 5003646 https://support.microsoft.com/help/5003646 11568 11569 11570 11571 11572 5003635 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003635 5003169 11712 11713 11714 Yes Security Update 10.0.18363.1621 5003635 https://support.microsoft.com/help/5003635 11712 11713 11714 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11896 11897 11898 Yes Security Update 10.0.19043.1052 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11766 11767 11768 11769 Yes Security Update 10.0.19041.1052 5003637 https://support.microsoft.com/help/5003637 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11801 11802 11803 Yes Security Update 10.0.19042.1052 5003687 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003687 5003172 10729 10735 Yes Security Update 10.0.10240.18967 5003638 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003638 5003197 10852 10853 10816 10855 Yes Security Update 10.0.14393.4467 5003667 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003667 5003233 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25632 5003667 https://support.microsoft.com/help/5003667 10047 10048 10051 10049 5003694 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003694 10047 10048 10051 10049 Yes Security Only 6.1.7601.25632 5003694 https://support.microsoft.com/help/5003694 10047 10048 10051 10049 5003671 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003671 5003209 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20045 5003671 https://support.microsoft.com/help/5003671 10481 10482 10484 10483 10543 5003681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003681 10481 10482 10483 10543 Yes Security Only 6.3.9600.20044 5003681 https://support.microsoft.com/help/5003681 10481 10482 10483 10543 5003671 5003209 10484 Yes Monthly Rollup 6.3.9600.20045 5003661 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003661 5003210 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21137 5003661 https://support.microsoft.com/help/5003661 9312 10287 9318 9344 5003695 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003695 9312 10287 9318 9344 Yes Security Only 6.0.6003.21137 5003695 https://support.microsoft.com/help/5003695 9312 10287 9318 9344 5003697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003697 5003208 10378 10379 Yes Monthly Rollup 6.2.9200.23372 5003697 https://support.microsoft.com/help/5003697 10378 10379 5003696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003696 10378 10379 Yes Security Only 6.2.9200.23372 5003696 https://support.microsoft.com/help/5003696 10378 10379 Anonymous working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2021-06-08T07:00:00 <p>Information published.</p> Windows Kernel Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p> Windows Kernel Microsoft CVE-2021-31955 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11712 Information Disclosure 11713 Information Disclosure 11714 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11766 Information Disclosure 11767 Information Disclosure 11768 Information Disclosure 11769 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11803 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11766 Important 11767 Important 11768 Important 11769 Important 11801 Important 11802 Important 11803 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;Older Software Release:Exploitation Detected;DOS:N/A 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C 11568 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C 11569 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C 11570 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C 11571 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C 11572 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C 11712 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C 11713 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C 11714 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C 11896 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C 11897 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C 11898 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C 11766 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C 11767 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C 11768 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C 11769 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C 11801 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C 11802 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C 11803 5003646 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003646 5003171 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.1999 5003646 https://support.microsoft.com/help/5003646 11568 11569 11570 11571 11572 5003635 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003635 5003169 11712 11713 11714 Yes Security Update 10.0.18363.1621 5003635 https://support.microsoft.com/help/5003635 11712 11713 11714 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11896 11897 11898 Yes Security Update 10.0.19043.1052 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11766 11767 11768 11769 Yes Security Update 10.0.19041.1052 5003637 https://support.microsoft.com/help/5003637 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11801 11802 11803 Yes Security Update 10.0.19042.1052 Boris Larin (<a href="https://twitter.com/oct0xor">oct0xor</a>) of <a href="https://www.kaspersky.com/">Kaspersky Lab</a> 1.0 2021-06-08T07:00:00 <p>Information published.</p> Windows NTFS Elevation of Privilege Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> Windows NTFS Microsoft CVE-2021-31956 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11766 Elevation of Privilege 11767 Elevation of Privilege 11768 Elevation of Privilege 11769 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11766 Important 11767 Important 11768 Important 11769 Important 11801 Important 11802 Important 11803 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;Older Software Release:Exploitation Detected;DOS:N/A 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11568 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11569 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11570 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11571 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11572 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11712 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11713 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11714 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11896 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11897 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11898 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11766 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11767 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11768 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11769 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11801 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11802 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11803 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10729 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10735 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10852 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10853 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10816 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10855 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10047 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10048 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10481 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10482 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10484 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9312 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10287 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9318 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9344 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10051 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10049 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10378 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10379 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10483 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10543 5003646 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003646 5003171 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.1999 5003646 https://support.microsoft.com/help/5003646 11568 11569 11570 11571 11572 5003635 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003635 5003169 11712 11713 11714 Yes Security Update 10.0.18363.1621 5003635 https://support.microsoft.com/help/5003635 11712 11713 11714 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11896 11897 11898 Yes Security Update 10.0.19043.1052 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11766 11767 11768 11769 Yes Security Update 10.0.19041.1052 5003637 https://support.microsoft.com/help/5003637 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11801 11802 11803 Yes Security Update 10.0.19042.1052 5003687 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003687 5003172 10729 10735 Yes Security Update 10.0.10240.18967 5003638 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003638 5003197 10852 10853 10816 10855 Yes Security Update 10.0.14393.4467 5003667 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003667 5003233 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25632 5003667 https://support.microsoft.com/help/5003667 10047 10048 10051 10049 5003694 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003694 10047 10048 10051 10049 Yes Security Only 6.1.7601.25632 5003694 https://support.microsoft.com/help/5003694 10047 10048 10051 10049 5003671 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003671 5003209 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20045 5003671 https://support.microsoft.com/help/5003671 10481 10482 10484 10483 10543 5003681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003681 10481 10482 10483 10543 Yes Security Only 6.3.9600.20044 5003681 https://support.microsoft.com/help/5003681 10481 10482 10483 10543 5003671 5003209 10484 Yes Monthly Rollup 6.3.9600.20045 5003661 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003661 5003210 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21137 5003661 https://support.microsoft.com/help/5003661 9312 10287 9318 9344 5003695 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003695 9312 10287 9318 9344 Yes Security Only 6.0.6003.21137 5003695 https://support.microsoft.com/help/5003695 9312 10287 9318 9344 5003697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003697 5003208 10378 10379 Yes Monthly Rollup 6.2.9200.23372 5003697 https://support.microsoft.com/help/5003697 10378 10379 5003696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003696 10378 10379 Yes Security Only 6.2.9200.23372 5003696 https://support.microsoft.com/help/5003696 10378 10379 Boris Larin (<a href="https://twitter.com/oct0xor">oct0xor</a>) of <a href="https://www.kaspersky.com/">Kaspersky Lab</a> 1.0 2021-06-08T07:00:00 <p>Information published.</p> ASP.NET Core Denial of Service Vulnerability .NET Core & Visual Studio Microsoft CVE-2021-31957 11720 11785 11872 11900 11901 11730 11761 Denial of Service 11720 Denial of Service 11785 Denial of Service 11872 Denial of Service 11900 Denial of Service 11901 Denial of Service 11730 Denial of Service 11761 Important 11720 Important 11785 Important 11872 Important 11900 Important 11901 Important 11730 Important 11761 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11720 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11785 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11872 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11900 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11901 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11730 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11761 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.4 11720 Maybe Security Update 16.4.23 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.7 11785 Maybe Security Update 16.7.16 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.9 11872 Maybe Security Update 16.9.7 Release Notes http://aka.ms/vs/16/release/latest 11900 Maybe Security Update 16.10.1 Release Notes https://visualstudio.microsoft.com/downloads 11901 Maybe Security Update 8.10.1 Release Notes https://dotnet.microsoft.com/download/dotnet-core/3.1 11730 Maybe Security Update 3.1.16 Release Notes https://dotnet.microsoft.com/download/dotnet/5.0 11761 Maybe Security Update 5.0.7 1.0 2021-06-08T07:00:00 <p>Information published.</p> 1.1 2021-06-08T07:00:00 <p>Corrected CVE title. This is an informational change only.</p> Windows NTLM Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.</p> Windows NTLM Microsoft CVE-2021-31958 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11766 Elevation of Privilege 11767 Elevation of Privilege 11768 Elevation of Privilege 11769 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11766 Important 11767 Important 11768 Important 11769 Important 11801 Important 11802 Important 11803 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11766 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11767 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11768 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11769 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5003646 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003646 5003171 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.1999 5003646 https://support.microsoft.com/help/5003646 11568 11569 11570 11571 11572 5003635 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003635 5003169 11712 11713 11714 Yes Security Update 10.0.18363.1621 5003635 https://support.microsoft.com/help/5003635 11712 11713 11714 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11896 11897 11898 Yes Security Update 10.0.19043.1052 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11766 11767 11768 11769 Yes Security Update 10.0.19041.1052 5003637 https://support.microsoft.com/help/5003637 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11801 11802 11803 Yes Security Update 10.0.19042.1052 5003687 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003687 5003172 10729 10735 Yes Security Update 10.0.10240.18967 5003638 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003638 5003197 10852 10853 10816 10855 Yes Security Update 10.0.14393.4467 5003667 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003667 5003233 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25632 5003667 https://support.microsoft.com/help/5003667 10047 10048 10051 10049 5003694 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003694 10047 10048 10051 10049 Yes Security Only 6.1.7601.25632 5003694 https://support.microsoft.com/help/5003694 10047 10048 10051 10049 5003671 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003671 5003209 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20045 5003671 https://support.microsoft.com/help/5003671 10481 10482 10484 10483 10543 5003681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003681 10481 10482 10483 10543 Yes Security Only 6.3.9600.20044 5003681 https://support.microsoft.com/help/5003681 10481 10482 10483 10543 5003671 5003209 10484 Yes Monthly Rollup 6.3.9600.20045 5003661 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003661 5003210 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21137 5003661 https://support.microsoft.com/help/5003661 9312 10287 9318 9344 5003695 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003695 9312 10287 9318 9344 Yes Security Only 6.0.6003.21137 5003695 https://support.microsoft.com/help/5003695 9312 10287 9318 9344 5003697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003697 5003208 10378 10379 Yes Monthly Rollup 6.2.9200.23372 5003697 https://support.microsoft.com/help/5003697 10378 10379 5003696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003696 10378 10379 Yes Security Only 6.2.9200.23372 5003696 https://support.microsoft.com/help/5003696 10378 10379 Gal Levy and Yuval Sarel from <a href="https://armis.com">Armis Security</a> 1.0 2021-06-08T07:00:00 <p>Information published.</p> Scripting Engine Memory Corruption Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2?</strong></p> <p>While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.</p> <p>To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.</p> Microsoft Scripting Engine Microsoft CVE-2021-31959 11896 11897 11898 11802 11766 10853 11767 11571 10482 11801 10852 11768 11712 11714 11569 11713 10729 10816 10483 10378 10481 10051 11570 11568 10048 10735 10047 10484 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11802 Remote Code Execution 11766 Remote Code Execution 10853 Remote Code Execution 11767 Remote Code Execution 11571 Remote Code Execution 10482 Remote Code Execution 11801 Remote Code Execution 10852 Remote Code Execution 11768 Remote Code Execution 11712 Remote Code Execution 11714 Remote Code Execution 11569 Remote Code Execution 11713 Remote Code Execution 10729 Remote Code Execution 10816 Remote Code Execution 10483 Remote Code Execution 10378 Remote Code Execution 10481 Remote Code Execution 10051 Remote Code Execution 11570 Remote Code Execution 11568 Remote Code Execution 10048 Remote Code Execution 10735 Remote Code Execution 10047 Remote Code Execution 10484 Critical 11896 Critical 11897 Critical 11898 Critical 11802 Critical 11766 Critical 10853 Critical 11767 Critical 11571 Critical 10482 Critical 11801 Critical 10852 Critical 11768 Critical 11712 Critical 11714 Critical 11569 Critical 11713 Critical 10729 Critical 10816 Critical 10483 Critical 10378 Critical 10481 Critical 10051 Critical 11570 Critical 11568 Critical 10048 Critical 10735 Critical 10047 Critical 10484 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 6.4 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 11896 6.4 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 11897 6.4 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 11898 6.4 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 11802 6.4 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 11766 6.4 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 10853 6.4 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 11767 6.4 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 11571 6.4 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 10482 6.4 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 11801 6.4 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 10852 6.4 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 11768 6.4 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 11712 6.4 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 11714 6.4 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 11569 6.4 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 11713 6.4 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 10729 6.4 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 10816 6.4 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 10483 6.4 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 10378 6.4 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 10481 6.4 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 10051 6.4 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 11570 6.4 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 11568 6.4 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 10048 6.4 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 10735 6.4 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 10047 6.4 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 10484 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11896 11897 11898 Yes Security Update 10.0.19043.1052 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11802 11801 Yes Security Update 10.0.19042.1052 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11766 11767 11768 Yes Security Update 10.0.19041.1052 5003637 https://support.microsoft.com/help/5003637 11896 11897 11898 11802 11766 11767 11801 11768 5003638 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003638 5003197 10853 10852 10816 Yes Security Update 10.0.14393.4467 5003646 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003646 5003171 11571 11569 11570 11568 Yes Security Update 10.0.17763.1999 5003646 https://support.microsoft.com/help/5003646 11571 11569 11570 11568 5003671 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003671 5003209 10482 10483 10481 Yes Monthly Rollup 6.3.9600.20045 5003671 https://support.microsoft.com/help/5003671 10482 10483 10481 10484 5003636 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003636 5003165 10482 10483 10378 10481 Yes IE Cumulative 1.0.0.0 5003635 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003635 5003169 11712 11714 11713 Yes Security Update 10.0.18363.1621 5003635 https://support.microsoft.com/help/5003635 11712 11714 11713 5003687 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003687 5003172 10729 10735 Yes Security Update 10.0.10240.18967 5003697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003697 5003208 10378 Yes Monthly Rollup 6.2.9200.23372 5003697 https://support.microsoft.com/help/5003697 10378 5003667 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003667 5003233 10051 10048 10047 Yes Monthly Rollup 6.1.7601.25632 5003667 https://support.microsoft.com/help/5003667 10051 10048 10047 5003636 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003636 5003165 10051 10048 10047 Yes IE Cumulative 5003671 5003209 10484 Yes Monthly Rollup 6.3.9600.20045 Ivan Fratric of <a href="https://www.google.com/">Google Project Zero</a> 1.0 2021-06-08T07:00:00 <p>Information published.</p> Windows Bind Filter Driver Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory.</p> Windows Bind Filter Driver Microsoft CVE-2021-31960 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11766 Information Disclosure 11767 Information Disclosure 11768 Information Disclosure 11769 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11803 Important 11896 Important 11897 Important 11898 Important 11766 Important 11767 Important 11768 Important 11769 Important 11801 Important 11802 Important 11803 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11896 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11897 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11898 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11766 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11767 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11768 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11769 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11803 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11896 11897 11898 Yes Security Update 10.0.19043.1052 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11766 11767 11768 11769 Yes Security Update 10.0.19041.1052 5003637 https://support.microsoft.com/help/5003637 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11801 11802 11803 Yes Security Update 10.0.19042.1052 k0shl 1.0 2021-06-08T07:00:00 <p>Information published.</p> Kerberos AppContainer Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>This vulnerability applies to Kerberos Service Principal Name (SPN) negotiation and subsequent LSASS (Local Security Authority Subsystem Service) authentication for sandboxed AppContainer processes.</p> Windows Kerberos Microsoft CVE-2021-31962 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11712 Security Feature Bypass 11713 Security Feature Bypass 11714 Security Feature Bypass 11896 Security Feature Bypass 11897 Security Feature Bypass 11898 Security Feature Bypass 11766 Security Feature Bypass 11767 Security Feature Bypass 11768 Security Feature Bypass 11769 Security Feature Bypass 11801 Security Feature Bypass 11802 Security Feature Bypass 11803 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10047 Security Feature Bypass 10048 Security Feature Bypass 10481 Security Feature Bypass 10482 Security Feature Bypass 10484 Security Feature Bypass 9312 Security Feature Bypass 10287 Security Feature Bypass 9318 Security Feature Bypass 9344 Security Feature Bypass 10051 Security Feature Bypass 10049 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11766 Important 11767 Important 11768 Important 11769 Important 11801 Important 11802 Important 11803 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11568 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11569 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11570 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11571 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11572 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11712 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11713 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11714 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11896 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11897 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11898 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11766 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11767 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11768 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11769 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11801 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11802 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11803 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 10729 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 10735 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 10852 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 10853 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 10816 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 10855 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 10047 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 10048 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 10481 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 10482 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 10484 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 9312 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 10287 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 9318 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 9344 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 10051 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 10049 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 10378 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 10379 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 10483 9.4 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 10543 5003646 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003646 5003171 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.1999 5003646 https://support.microsoft.com/help/5003646 11568 11569 11570 11571 11572 5003635 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003635 5003169 11712 11713 11714 Yes Security Update 10.0.18363.1621 5003635 https://support.microsoft.com/help/5003635 11712 11713 11714 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11896 11897 11898 Yes Security Update 10.0.19043.1052 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11766 11767 11768 11769 Yes Security Update 10.0.19041.1052 5003637 https://support.microsoft.com/help/5003637 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11801 11802 11803 Yes Security Update 10.0.19042.1052 5003687 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003687 5003172 10729 10735 Yes Security Update 10.0.10240.18967 5003638 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003638 5003197 10852 10853 10816 10855 Yes Security Update 10.0.14393.4467 5003667 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003667 5003233 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25632 5003667 https://support.microsoft.com/help/5003667 10047 10048 10051 10049 5003694 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003694 10047 10048 10051 10049 Yes Security Only 6.1.7601.25632 5003694 https://support.microsoft.com/help/5003694 10047 10048 10051 10049 5003671 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003671 5003209 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20045 5003671 https://support.microsoft.com/help/5003671 10481 10482 10484 10483 10543 5003681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003681 10481 10482 10483 10543 Yes Security Only 6.3.9600.20044 5003681 https://support.microsoft.com/help/5003681 10481 10482 10483 10543 5003671 5003209 10484 Yes Monthly Rollup 6.3.9600.20045 5003661 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003661 5003210 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21137 5003661 https://support.microsoft.com/help/5003661 9312 10287 9318 9344 5003695 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003695 9312 10287 9318 9344 Yes Security Only 6.0.6003.21137 5003695 https://support.microsoft.com/help/5003695 9312 10287 9318 9344 5003697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003697 5003208 10378 10379 Yes Monthly Rollup 6.2.9200.23372 5003697 https://support.microsoft.com/help/5003697 10378 10379 5003696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003696 10378 10379 Yes Security Only 6.2.9200.23372 5003696 https://support.microsoft.com/help/5003696 10378 10379 James Forshaw of Google Project Zero 1.0 2021-06-08T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Remote Code Execution Vulnerability Microsoft Office SharePoint Microsoft CVE-2021-31963 10950 11099 11585 10612 Remote Code Execution 10950 Remote Code Execution 11099 Remote Code Execution 11585 Remote Code Execution 10612 Critical 10950 Critical 11099 Critical 11585 Critical 10612 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 10950 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11099 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11585 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 10612 5001946 https://www.microsoft.com/downloads/details.aspx?familyid=29e155c6-6f3d-4f43-b08b-2f7976876511 5001917 10950 Maybe Security Update 16.0.5173.1000 5001946 https://support.microsoft.com/help/5001946 10950 5001954 https://www.microsoft.com/downloads/details.aspx?familyid=d3d98284-da2c-429b-9081-3dc8a0a1217c 4493170 11099 Maybe Security Update 15.0.5353.1000 4011698 https://www.microsoft.com/downloads/details.aspx?familyid=a385fbc2-ca6c-4abf-affd-92e6fb46688b 3203397 11099 Maybe Security Update 15.0.5353.1000 5001944 https://www.microsoft.com/downloads/details.aspx?familyid=b009b05d-86c1-404d-947d-759d1a60ae12 5001916 11585 Maybe Security Update 16.0.10375.20000 5001944 https://support.microsoft.com/help/5001944 11585 5001962 https://www.microsoft.com/downloads/details.aspx?familyid=a8ba0918-5776-4ba8-98dc-4cb71653ee0d 5001935 10612 Maybe Security Update 15.0.5353.1000 5001962 https://support.microsoft.com/help/5001962 10612 Oleksandr Mirosh (@olekmirosh) from Micro Focus Fortify 1.0 2021-06-08T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Spoofing Vulnerability Microsoft Office SharePoint Microsoft CVE-2021-31964 10950 11585 10612 Spoofing 10950 Spoofing 11585 Spoofing 10612 Important 10950 Important 11585 Important 10612 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 10950 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 11585 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 10612 5001946 https://www.microsoft.com/downloads/details.aspx?familyid=29e155c6-6f3d-4f43-b08b-2f7976876511 5001917 10950 Maybe Security Update 16.0.5173.1000 5001946 https://support.microsoft.com/help/5001946 10950 5001944 https://www.microsoft.com/downloads/details.aspx?familyid=b009b05d-86c1-404d-947d-759d1a60ae12 5001916 11585 Maybe Security Update 16.0.10375.20000 5001944 https://support.microsoft.com/help/5001944 11585 5001962 https://www.microsoft.com/downloads/details.aspx?familyid=a8ba0918-5776-4ba8-98dc-4cb71653ee0d 5001935 10612 Maybe Security Update 15.0.5353.1000 5001962 https://support.microsoft.com/help/5001962 10612 1.0 2021-06-08T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Personally Identifiable Information (PII).</p> Microsoft Office SharePoint Microsoft CVE-2021-31965 10950 11585 10612 Information Disclosure 10950 Information Disclosure 11585 Information Disclosure 10612 Important 10950 Important 11585 Important 10612 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10950 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11585 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10612 5001946 https://www.microsoft.com/downloads/details.aspx?familyid=29e155c6-6f3d-4f43-b08b-2f7976876511 5001917 10950 Maybe Security Update 16.0.5173.1000 5001946 https://support.microsoft.com/help/5001946 10950 5001944 https://www.microsoft.com/downloads/details.aspx?familyid=b009b05d-86c1-404d-947d-759d1a60ae12 5001916 11585 Maybe Security Update 16.0.10375.20000 5001944 https://support.microsoft.com/help/5001944 11585 5001962 https://www.microsoft.com/downloads/details.aspx?familyid=a8ba0918-5776-4ba8-98dc-4cb71653ee0d 5001935 10612 Maybe Security Update 15.0.5353.1000 5001962 https://support.microsoft.com/help/5001962 10612 <a href="https://srcincite.io/">Steven Seeley (mr_me) </a> 1.0 2021-06-08T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Remote Code Execution Vulnerability Microsoft Office SharePoint Microsoft CVE-2021-31966 10950 11099 11585 10612 Remote Code Execution 10950 Remote Code Execution 11099 Remote Code Execution 11585 Remote Code Execution 10612 Important 10950 Important 11099 Important 11585 Important 10612 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11099 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10612 5001946 https://www.microsoft.com/downloads/details.aspx?familyid=29e155c6-6f3d-4f43-b08b-2f7976876511 5001917 10950 Maybe Security Update 16.0.5173.1000 5001946 https://support.microsoft.com/help/5001946 10950 5001922 https://www.microsoft.com/downloads/details.aspx?familyid=016eadbe-bb59-4f2d-8272-883372584196 4504723 10950 Maybe Security Update 16.0.5173.1000 5001954 https://www.microsoft.com/downloads/details.aspx?familyid=d3d98284-da2c-429b-9081-3dc8a0a1217c 4493170 11099 Maybe Security Update 15.0.5353.1000 5001944 https://www.microsoft.com/downloads/details.aspx?familyid=b009b05d-86c1-404d-947d-759d1a60ae12 5001916 11585 Maybe Security Update 16.0.10375.20000 5001944 https://support.microsoft.com/help/5001944 11585 5001945 https://www.microsoft.com/downloads/details.aspx?familyid=f6c34e89-39ae-4a6a-aa0f-c30b35fd4c7b 4504715 11585 Maybe Security Update 15.0.5353.1000 5001962 https://www.microsoft.com/downloads/details.aspx?familyid=a8ba0918-5776-4ba8-98dc-4cb71653ee0d 5001935 10612 Maybe Security Update 15.0.5353.1000 5001962 https://support.microsoft.com/help/5001962 10612 5001939 https://www.microsoft.com/downloads/details.aspx?familyid=122a9ca3-880d-4311-9f80-be84878a9c25 4493177 10612 Maybe Security Update 15.0.5353.1000 Yuhao Weng (<a href="https://twitter.com/cjm00nw">@cjm00nw</a>) of <a href="https://www.sangfor.com/">Sangfor</a> & Steven Seeley (<a href="https://twitter.com/steventseeley">@ϻг_ϻε</a>) & Zhiniang Peng(<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a> 1.0 2021-06-08T07:00:00 <p>Information published.</p> VP9 Video Extensions Remote Code Execution Vulnerability <p><strong>How do I get the updated app?</strong></p> <p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">here</a> for details.</p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers.</p> <p><strong>My system is in a disconnected environment; is it vulnerable?</strong></p> <p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p> <p><strong>How can I check if the update is installed?</strong></p> <p>App package versions <strong>1.0.41182.0</strong> and later contain this update.</p> <p>You can check the package version in PowerShell:</p> <p><code>Get-AppxPackage -Name Microsoft.VP9VideoExtensions</code></p> Microsoft Windows Codecs Library Microsoft CVE-2021-31967 11884 Remote Code Execution 11884 Critical 11884 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11884 Information 11884 Maybe Security Update 1.0.41182.0 HAO LI of VenusTech ADLab 1.0 2021-06-08T07:00:00 <p>Information published.</p> Microsoft Intune Management Extension Remote Code Execution Vulnerability <p><strong>What should I do to protect myself from this vulnerability?</strong></p> <p>No action is required. As soon as the client connects to the service, it automatically receives a message to upgrade.</p> Microsoft Intune Microsoft CVE-2021-31980 11899 Remote Code Execution 11899 Important 11899 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11899 What's New? 11899 Maybe Security Update 1.41.203.0 Aapo Oksman of <a href="https://nixu.com">Nixu Cybersecurity</a> 1.0 2021-06-08T07:00:00 <p>Information published.</p> Paint 3D Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> Paint 3D Microsoft CVE-2021-31983 11758 Remote Code Execution 11758 Important 11758 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11758 Release Notes https://www.microsoft.com/en-us/p/paint-3d/9nblggh5fv99#activetab=pivot:overviewtab 11758 Maybe Security Update 6.2105.4017.0 Mat Powell of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2021-06-08T07:00:00 <p>Information published.</p> Microsoft DWM Core Library Elevation of Privilege Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>This vulnerability is subject to a local escalation of privilege attack. The attacker would most likely arrange to run an executable or script on the local computer. An attacker could gain access to the computer through a variety of methods, such as via a phishing attack where a user clicks an executable file that is attached to an email.</p> Windows DWM Core Library Microsoft CVE-2021-33739 11712 11713 11714 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11766 Elevation of Privilege 11767 Elevation of Privilege 11768 Elevation of Privilege 11769 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11766 Important 11767 Important 11768 Important 11769 Important 11801 Important 11802 Important 11803 Publicly Disclosed:Yes;Exploited:Yes;Latest Software Release:Exploitation Detected;Older Software Release:Exploitation Detected;DOS:N/A 8.4 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11712 8.4 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11713 8.4 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11714 8.4 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11896 8.4 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11897 8.4 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11898 8.4 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11766 8.4 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11767 8.4 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11768 8.4 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11769 8.4 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11801 8.4 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11802 8.4 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11803 5003635 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003635 5003169 11712 11713 11714 Yes Security Update 10.0.18363.1621 5003635 https://support.microsoft.com/help/5003635 11712 11713 11714 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11896 11897 11898 Yes Security Update 10.0.19043.1052 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11766 11767 11768 11769 Yes Security Update 10.0.19041.1052 5003637 https://support.microsoft.com/help/5003637 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11801 11802 11803 Yes Security Update 10.0.19042.1052 Tu XiaoYi with <a href="https://ti.dbappsecurity.com.cn/">DBAPPSecurity Threat Intelligence Center</a> Dong Wu with <a href="https://ti.dbappsecurity.com.cn/">DBAPPSecurity Threat Intelligence Center</a> <a href="https://twitter.com/jq0904">Jinquan(@jq0904) </a> with <a href="https://ti.dbappsecurity.com.cn/">DBAPPSecurity Threat Intelligence Center</a> 1.0 2021-06-08T07:00:00 <p>Information published.</p> 1.1 2021-06-14T07:00:00 <p>Added acknowledgements. This is an informational change only.</p> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>91.0.864.41</td> <td>6/3/2021</td> <td>91.0.4472.77</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Microsoft CVE-2021-33741 11655 Elevation of Privilege 11655 Important 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 91.0.864.41 <a href="https://www.daviderceg.com/">David Erceg</a> 1.0 2021-06-04T07:00:00 <p>Information published.</p> Chromium: CVE-2021-30544 Use after free in BFCache <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>91.0.864.48</td> <td>6/11/2021</td> <td>91.0.4472.101</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome CVE-2021-30544 11655 11655 11655 DOS:N/A 1.0 2021-06-11T07:00:00 <p>Information published.</p> Chromium: CVE-2021-30545 Use after free in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>91.0.864.48</td> <td>6/11/2021</td> <td>91.0.4472.101</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome CVE-2021-30545 11655 11655 11655 DOS:N/A 1.0 2021-06-11T07:00:00 <p>Information published.</p> Chromium: CVE-2021-30546 Use after free in Autofill <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>91.0.864.48</td> <td>6/11/2021</td> <td>91.0.4472.101</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome CVE-2021-30546 11655 11655 11655 DOS:N/A 1.0 2021-06-11T07:00:00 <p>Information published.</p> Chromium: CVE-2021-30547 Out of bounds write in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>91.0.864.48</td> <td>6/11/2021</td> <td>91.0.4472.101</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome CVE-2021-30547 11655 11655 11655 DOS:N/A 1.0 2021-06-11T07:00:00 <p>Information published.</p> Chromium: CVE-2021-30548 Use after free in Loader <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>91.0.864.48</td> <td>6/11/2021</td> <td>91.0.4472.101</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome CVE-2021-30548 11655 11655 11655 DOS:N/A 1.0 2021-06-11T07:00:00 <p>Information published.</p> Chromium: CVE-2021-30549 Use after free in Spell check <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>91.0.864.48</td> <td>6/11/2021</td> <td>91.0.4472.101</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome CVE-2021-30549 11655 11655 11655 DOS:N/A 1.0 2021-06-11T07:00:00 <p>Information published.</p> Chromium: CVE-2021-30550 Use after free in Accessibility <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>91.0.864.48</td> <td>6/11/2021</td> <td>91.0.4472.101</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome CVE-2021-30550 11655 11655 11655 DOS:N/A 1.0 2021-06-11T07:00:00 <p>Information published.</p> Chromium: CVE-2021-30551 Type Confusion in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information. Microsoft is aware of reports that exploits for CVE-2021-30551 exist in the wild.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>91.0.864.48</td> <td>6/11/2021</td> <td>91.0.4472.101</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome CVE-2021-30551 11655 11655 11655 DOS:N/A 1.0 2021-06-11T07:00:00 <p>Information published.</p> Chromium: CVE-2021-30552 Use after free in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>91.0.864.48</td> <td>6/11/2021</td> <td>91.0.4472.101</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome CVE-2021-30552 11655 11655 11655 DOS:N/A 1.0 2021-06-11T07:00:00 <p>Information published.</p> Chromium: CVE-2021-30553 Use after free in Network service <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>91.0.864.48</td> <td>6/11/2021</td> <td>91.0.4472.101</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome CVE-2021-30553 11655 11655 11655 DOS:N/A 1.0 2021-06-11T07:00:00 <p>Information published.</p> Chromium: CVE-2021-30554 Use after free in WebGL <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information. Microsoft is aware of reports that exploits for CVE-2021-30554 exist in the wild.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>91.0.864.54</td> <td>6/18/2021</td> <td>91.0.4472.114</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome CVE-2021-30554 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 91.0.864.54 1.0 2021-06-18T16:21:57 <p>Information published.</p> Chromium: CVE-2021-30555 Use after free in Sharing <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>91.0.864.54</td> <td>6/18/2021</td> <td>91.0.4472.114</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome CVE-2021-30555 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 91.0.864.54 1.0 2021-06-18T16:22:03 <p>Information published.</p> Chromium: CVE-2021-30556 Use after free in WebAudio <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>91.0.864.54</td> <td>6/18/2021</td> <td>91.0.4472.114</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome CVE-2021-30556 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 91.0.864.54 1.0 2021-06-18T16:22:09 <p>Information published.</p> Chromium: CVE-2021-30557 Use after free in TabGroups <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>91.0.864.54</td> <td>6/18/2021</td> <td>91.0.4472.114</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome CVE-2021-30557 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 91.0.864.54 1.0 2021-06-18T16:22:14 <p>Information published.</p> Windows Print Spooler Remote Code Execution Vulnerability <p><strong>Is this the vulnerability that has been referred to publicly as PrintNightmare?</strong></p> <p>No, Microsoft has assigned <a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527">CVE-2021-34527</a> to PrintNightmare. CVE-2021-1675 is similar but distinct from CVE-2021-34527.</p> Windows Print Spooler Components Microsoft CVE-2021-1675 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11712 Remote Code Execution 11713 Remote Code Execution 11714 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11766 Remote Code Execution 11767 Remote Code Execution 11768 Remote Code Execution 11769 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11712 Critical 11713 Critical 11714 Critical 11896 Critical 11897 Critical 11898 Critical 11766 Critical 11767 Critical 11768 Critical 11769 Critical 11801 Critical 11802 Critical 11803 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10047 Critical 10048 Critical 10481 Critical 10482 Critical 10484 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11766 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11767 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11768 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11769 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5003646 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003646 5003171 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.1999 5003646 https://support.microsoft.com/help/5003646 11568 11569 11570 11571 11572 5003635 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003635 5003169 11712 11713 11714 Yes Security Update 10.0.18363.1621 5003635 https://support.microsoft.com/help/5003635 11712 11713 11714 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11896 11897 11898 Yes Security Update 10.0.19043.1052 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11766 11767 11768 11769 Yes Security Update 10.0.19041.1052 5003637 https://support.microsoft.com/help/5003637 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11801 11802 11803 Yes Security Update 10.0.19042.1052 5003687 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003687 5003172 10729 10735 Yes Security Update 10.0.10240.18967 5003638 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003638 5003197 10852 10853 10816 10855 Yes Security Update 10.0.14393.4467 5003667 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003667 5003233 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25632 5003667 https://support.microsoft.com/help/5003667 10047 10048 10051 10049 5003694 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003694 10047 10048 10051 10049 Yes Security Only 6.1.7601.25632 5003694 https://support.microsoft.com/help/5003694 10047 10048 10051 10049 5003671 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003671 5003209 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20045 5003671 https://support.microsoft.com/help/5003671 10481 10482 10484 10483 10543 5003681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003681 10481 10482 10483 10543 Yes Security Only 6.3.9600.20044 5003681 https://support.microsoft.com/help/5003681 10481 10482 10483 10543 5003671 5003209 10484 Yes Monthly Rollup 6.3.9600.20045 5003661 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003661 5003210 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21137 5003661 https://support.microsoft.com/help/5003661 9312 10287 9318 9344 5003695 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003695 9312 10287 9318 9344 Yes Security Only 6.0.6003.21137 5003695 https://support.microsoft.com/help/5003695 9312 10287 9318 9344 5003697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003697 5003208 10378 10379 Yes Monthly Rollup 6.2.9200.23372 5003697 https://support.microsoft.com/help/5003697 10378 10379 5003696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003696 10378 10379 Yes Security Only 6.2.9200.23372 5003696 https://support.microsoft.com/help/5003696 10378 10379 Yunhai Zhang of NSFOCUS TIANJI LAB https://www.nsfocus.com.cn/ <a href="https://www.linkedin.com/in/piotr-madej-18b0bb38/">Piotr Madej of AFINE</a> <a href="">Zhipeng Huo (@R3dF09) </a> of <a href="https://xlab.tencent.com">Tencent Security Xuanwu Lab </a> 1.0 2021-06-08T07:00:00 <p>Information published.</p> 1.1 2021-06-21T07:00:00 <p>Corrected the CVE title to address the vulnerability as remote code execution. In the Affected Products table, corrected the Impact to Remote Code Execution and the Severity to Critical. This is an informational change only.</p> 1.2 2021-07-02T07:00:00 <p>Added FAQ information. This is an informational change only.</p> Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability <p><strong>Is this CVE related to Adobe CVE-2021-28550?</strong></p> <p>Yes, Microsoft CVE-2021-31201 and CVE-2021-31199 address vulnerabilities that are related to Adobe's CVE-2021-28550, released in <a href="https://helpx.adobe.com/security/products/acrobat/apsb21-29.html">Adobe Security Bulletin ID APSB21-29</a>. Customers running affected versions of Microsoft Windows should install the June security updates to be fully protected from these three vulnerabilities.</p> Windows Cryptographic Services Microsoft CVE-2021-31199 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11766 Elevation of Privilege 11767 Elevation of Privilege 11768 Elevation of Privilege 11769 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11766 Important 11767 Important 11768 Important 11769 Important 11801 Important 11802 Important 11803 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;Older Software Release:Exploitation Detected;DOS:N/A 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11568 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11569 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11570 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11571 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11572 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11712 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11713 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11714 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11896 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11897 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11898 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11766 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11767 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11768 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11769 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11801 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11802 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11803 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10729 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10735 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10852 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10853 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10816 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10855 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10047 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10048 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10481 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10482 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10484 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 9312 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10287 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 9318 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 9344 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10051 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10049 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10378 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10379 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10483 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10543 5003646 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003646 5003171 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.1999 5003646 https://support.microsoft.com/help/5003646 11568 11569 11570 11571 11572 5003635 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003635 5003169 11712 11713 11714 Yes Security Update 10.0.18363.1621 5003635 https://support.microsoft.com/help/5003635 11712 11713 11714 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11896 11897 11898 Yes Security Update 10.0.19043.1052 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11766 11767 11768 11769 Yes Security Update 10.0.19041.1052 5003637 https://support.microsoft.com/help/5003637 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11801 11802 11803 Yes Security Update 10.0.19042.1052 5003687 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003687 5003172 10729 10735 Yes Security Update 10.0.10240.18967 5003638 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003638 5003197 10852 10853 10816 10855 Yes Security Update 10.0.14393.4467 5003667 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003667 5003233 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25632 5003667 https://support.microsoft.com/help/5003667 10047 10048 10051 10049 5003694 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003694 10047 10048 10051 10049 Yes Security Only 6.1.7601.25632 5003694 https://support.microsoft.com/help/5003694 10047 10048 10051 10049 5003671 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003671 5003209 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20045 5003671 https://support.microsoft.com/help/5003671 10481 10482 10484 10483 10543 5003681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003681 10481 10482 10483 10543 Yes Security Only 6.3.9600.20044 5003681 https://support.microsoft.com/help/5003681 10481 10482 10483 10543 5003671 5003209 10484 Yes Monthly Rollup 6.3.9600.20045 5003661 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003661 5003210 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21137 5003661 https://support.microsoft.com/help/5003661 9312 10287 9318 9344 5003695 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003695 9312 10287 9318 9344 Yes Security Only 6.0.6003.21137 5003695 https://support.microsoft.com/help/5003695 9312 10287 9318 9344 5003697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003697 5003208 10378 10379 Yes Monthly Rollup 6.2.9200.23372 5003697 https://support.microsoft.com/help/5003697 10378 10379 5003696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003696 10378 10379 Yes Security Only 6.2.9200.23372 5003696 https://support.microsoft.com/help/5003696 10378 10379 1.0 2021-06-08T07:00:00 <p>Information published.</p> Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability <p><strong>Is this CVE related to Adobe CVE-2021-28550?</strong></p> <p>Yes, Microsoft CVE-2021-31201 and CVE-2021-31199 address vulnerabilities that are related to Adobe's CVE-2021-28550, released in <a href="https://helpx.adobe.com/security/products/acrobat/apsb21-29.html">Adobe Security Bulletin ID APSB21-29</a>. Customers running affected versions of Microsoft Windows should install the June security updates to be fully protected from these three vulnerabilities.</p> Windows Cryptographic Services Microsoft CVE-2021-31201 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11766 Elevation of Privilege 11767 Elevation of Privilege 11768 Elevation of Privilege 11769 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11766 Important 11767 Important 11768 Important 11769 Important 11801 Important 11802 Important 11803 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;Older Software Release:Exploitation Detected;DOS:N/A 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11568 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11569 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11570 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11571 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11572 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11712 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11713 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11714 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11896 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11897 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11898 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11766 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11767 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11768 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11769 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11801 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11802 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 11803 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10729 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10735 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10852 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10853 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10816 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10855 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10047 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10048 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10481 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10482 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10484 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 9312 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10287 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 9318 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 9344 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10051 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10049 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10378 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10379 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10483 5.2 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 10543 5003646 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003646 5003171 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.1999 5003646 https://support.microsoft.com/help/5003646 11568 11569 11570 11571 11572 5003635 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003635 5003169 11712 11713 11714 Yes Security Update 10.0.18363.1621 5003635 https://support.microsoft.com/help/5003635 11712 11713 11714 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11896 11897 11898 Yes Security Update 10.0.19043.1052 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11766 11767 11768 11769 Yes Security Update 10.0.19041.1052 5003637 https://support.microsoft.com/help/5003637 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11801 11802 11803 Yes Security Update 10.0.19042.1052 5003687 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003687 5003172 10729 10735 Yes Security Update 10.0.10240.18967 5003638 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003638 5003197 10852 10853 10816 10855 Yes Security Update 10.0.14393.4467 5003667 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003667 5003233 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25632 5003667 https://support.microsoft.com/help/5003667 10047 10048 10051 10049 5003694 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003694 10047 10048 10051 10049 Yes Security Only 6.1.7601.25632 5003694 https://support.microsoft.com/help/5003694 10047 10048 10051 10049 5003671 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003671 5003209 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20045 5003671 https://support.microsoft.com/help/5003671 10481 10482 10484 10483 10543 5003681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003681 10481 10482 10483 10543 Yes Security Only 6.3.9600.20044 5003681 https://support.microsoft.com/help/5003681 10481 10482 10483 10543 5003671 5003209 10484 Yes Monthly Rollup 6.3.9600.20045 5003661 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003661 5003210 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21137 5003661 https://support.microsoft.com/help/5003661 9312 10287 9318 9344 5003695 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003695 9312 10287 9318 9344 Yes Security Only 6.0.6003.21137 5003695 https://support.microsoft.com/help/5003695 9312 10287 9318 9344 5003697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003697 5003208 10378 10379 Yes Monthly Rollup 6.2.9200.23372 5003697 https://support.microsoft.com/help/5003697 10378 10379 5003696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003696 10378 10379 Yes Security Only 6.2.9200.23372 5003696 https://support.microsoft.com/help/5003696 10378 10379 1.0 2021-06-08T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Spoofing Vulnerability Microsoft Office SharePoint Microsoft CVE-2021-31948 10950 11585 10612 Spoofing 10950 Spoofing 11585 Spoofing 10612 Important 10950 Important 11585 Important 10612 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 10950 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 11585 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 10612 5001946 https://www.microsoft.com/downloads/details.aspx?familyid=29e155c6-6f3d-4f43-b08b-2f7976876511 5001917 10950 Maybe Security Update 16.0.5173.1000 5001946 https://support.microsoft.com/help/5001946 10950 5001944 https://www.microsoft.com/downloads/details.aspx?familyid=b009b05d-86c1-404d-947d-759d1a60ae12 5001916 11585 Maybe Security Update 16.0.10375.20000 5001944 https://support.microsoft.com/help/5001944 11585 5001962 https://www.microsoft.com/downloads/details.aspx?familyid=a8ba0918-5776-4ba8-98dc-4cb71653ee0d 5001935 10612 Maybe Security Update 15.0.5353.1000 5001962 https://support.microsoft.com/help/5001962 10612 Yaokang Tan & Lewis of <a href="https://www.sangfor.com/">Sangfor</a> 1.0 2021-06-08T07:00:00 <p>Information published.</p> Microsoft Outlook Remote Code Execution Vulnerability <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Outlook software.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> Microsoft Office Outlook Microsoft CVE-2021-31949 11573 11574 11762 11763 10765 10766 10810 10811 10407 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 10765 Remote Code Execution 10766 Remote Code Execution 10810 Remote Code Execution 10811 Remote Code Execution 10407 Important 11573 Important 11574 Important 11762 Important 11763 Important 10765 Important 10766 Important 10810 Important 10811 Important 10407 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11573 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11574 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11762 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11763 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 10765 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 10766 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 10810 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 10811 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 10407 Click to Run 11573 11574 11762 11763 No Security Update https://aka.ms/OfficeSecurityReleases 5001942 https://www.microsoft.com/downloads/details.aspx?familyid=61beea0c-e103-41ee-b3ee-346cc30aa1f6 4504712 10765 Maybe Security Update 16.0.5356.1000. 5001942 https://www.microsoft.com/downloads/details.aspx?familyid=8b8ac0fa-6127-4366-89f7-fc97b8ae12ce 4504712 10766 Maybe Security Update 16.0.5356.1000. 5001934 https://www.microsoft.com/downloads/details.aspx?familyid=3e6dd83b-bfd0-4734-bd6d-6ab6ddc8b3cd 4504733 10810 Maybe Security Update 15.0.5475.1000 5001934 https://www.microsoft.com/downloads/details.aspx?familyid=414bd84d-03ee-48d2-8c47-f7b368c936c5 4504733 10811 Maybe Security Update 15.0.5475.1000 5001934 4504733 10407 Maybe Security Update 15.0.5475.1000 Michael Garrison State Farm Information Security https://twitter.com/p0shkatz 1.0 2021-06-08T07:00:00 <p>Information published.</p> 1.1 2021-06-10T07:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> Microsoft SharePoint Server Spoofing Vulnerability Microsoft Office SharePoint Microsoft CVE-2021-31950 10950 11585 10612 Spoofing 10950 Spoofing 11585 Spoofing 10612 Important 10950 Important 11585 Important 10612 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 10950 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 11585 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 10612 5001946 https://www.microsoft.com/downloads/details.aspx?familyid=29e155c6-6f3d-4f43-b08b-2f7976876511 5001917 10950 Maybe Security Update 16.0.5173.1000 5001946 https://support.microsoft.com/help/5001946 10950 5001944 https://www.microsoft.com/downloads/details.aspx?familyid=b009b05d-86c1-404d-947d-759d1a60ae12 5001916 11585 Maybe Security Update 16.0.10375.20000 5001944 https://support.microsoft.com/help/5001944 11585 5001962 https://www.microsoft.com/downloads/details.aspx?familyid=a8ba0918-5776-4ba8-98dc-4cb71653ee0d 5001935 10612 Maybe Security Update 15.0.5353.1000 5001962 https://support.microsoft.com/help/5001962 10612 Alex Birnberg, https://alexbirnberg.com 1.0 2021-06-08T07:00:00 <p>Information published.</p> Windows Remote Desktop Services Denial of Service Vulnerability Windows Remote Desktop Microsoft CVE-2021-31968 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11712 Denial of Service 11713 Denial of Service 11714 Denial of Service 11896 Denial of Service 11897 Denial of Service 11898 Denial of Service 11766 Denial of Service 11767 Denial of Service 11768 Denial of Service 11769 Denial of Service 11801 Denial of Service 11802 Denial of Service 11803 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10047 Denial of Service 10048 Denial of Service 10481 Denial of Service 10482 Denial of Service 10484 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11766 Important 11767 Important 11768 Important 11769 Important 11801 Important 11802 Important 11803 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11712 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11713 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11714 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11896 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11897 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11898 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11766 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11767 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11768 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11769 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11803 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10047 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10048 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10481 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10482 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10484 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5003646 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003646 5003171 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.1999 5003646 https://support.microsoft.com/help/5003646 11568 11569 11570 11571 11572 5003635 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003635 5003169 11712 11713 11714 Yes Security Update 10.0.18363.1621 5003635 https://support.microsoft.com/help/5003635 11712 11713 11714 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11896 11897 11898 Yes Security Update 10.0.19043.1052 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11766 11767 11768 11769 Yes Security Update 10.0.19041.1052 5003637 https://support.microsoft.com/help/5003637 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11801 11802 11803 Yes Security Update 10.0.19042.1052 5003687 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003687 5003172 10729 10735 Yes Security Update 10.0.10240.18967 5003638 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003638 5003197 10852 10853 10816 10855 Yes Security Update 10.0.14393.4467 5003667 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003667 5003233 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25632 5003667 https://support.microsoft.com/help/5003667 10047 10048 10051 10049 5003694 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003694 10047 10048 10051 10049 Yes Security Only 6.1.7601.25632 5003694 https://support.microsoft.com/help/5003694 10047 10048 10051 10049 5003671 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003671 5003209 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20045 5003671 https://support.microsoft.com/help/5003671 10481 10482 10484 10483 10543 5003681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003681 10481 10482 10483 10543 Yes Security Only 6.3.9600.20044 5003681 https://support.microsoft.com/help/5003681 10481 10482 10483 10543 5003671 5003209 10484 Yes Monthly Rollup 6.3.9600.20045 5003697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003697 5003208 10378 10379 Yes Monthly Rollup 6.2.9200.23372 5003697 https://support.microsoft.com/help/5003697 10378 10379 5003696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003696 10378 10379 Yes Security Only 6.2.9200.23372 5003696 https://support.microsoft.com/help/5003696 10378 10379 1.0 2021-06-08T07:00:00 <p>Information published.</p> Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Windows Drivers Microsoft CVE-2021-31969 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11766 Elevation of Privilege 11767 Elevation of Privilege 11768 Elevation of Privilege 11769 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11766 Important 11767 Important 11768 Important 11769 Important 11801 Important 11802 Important 11803 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11766 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11767 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11768 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11769 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 5003646 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003646 5003171 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.1999 5003646 https://support.microsoft.com/help/5003646 11568 11569 11570 11571 11572 5003635 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003635 5003169 11712 11713 11714 Yes Security Update 10.0.18363.1621 5003635 https://support.microsoft.com/help/5003635 11712 11713 11714 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11896 11897 11898 Yes Security Update 10.0.19043.1052 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11766 11767 11768 11769 Yes Security Update 10.0.19041.1052 5003637 https://support.microsoft.com/help/5003637 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11801 11802 11803 Yes Security Update 10.0.19042.1052 Anonymous working with Trend Micro Zero Day Initiative Keqi Hu 1.0 2021-06-08T07:00:00 <p>Information published.</p> Windows TCP/IP Driver Security Feature Bypass Vulnerability Windows TCP/IP Microsoft CVE-2021-31970 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 10729 10735 10852 10853 10816 10855 10481 10482 10484 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11712 Security Feature Bypass 11713 Security Feature Bypass 11714 Security Feature Bypass 11896 Security Feature Bypass 11897 Security Feature Bypass 11898 Security Feature Bypass 11766 Security Feature Bypass 11767 Security Feature Bypass 11768 Security Feature Bypass 11769 Security Feature Bypass 11801 Security Feature Bypass 11802 Security Feature Bypass 11803 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10481 Security Feature Bypass 10482 Security Feature Bypass 10484 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11766 Important 11767 Important 11768 Important 11769 Important 11801 Important 11802 Important 11803 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10481 Important 10482 Important 10484 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11712 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11713 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11714 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11896 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11897 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11898 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11766 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11767 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11768 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11769 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11801 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11802 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11803 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10481 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10482 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10484 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5003646 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003646 5003171 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.1999 5003646 https://support.microsoft.com/help/5003646 11568 11569 11570 11571 11572 5003635 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003635 5003169 11712 11713 11714 Yes Security Update 10.0.18363.1621 5003635 https://support.microsoft.com/help/5003635 11712 11713 11714 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11896 11897 11898 Yes Security Update 10.0.19043.1052 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11766 11767 11768 11769 Yes Security Update 10.0.19041.1052 5003637 https://support.microsoft.com/help/5003637 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11801 11802 11803 Yes Security Update 10.0.19042.1052 5003687 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003687 5003172 10729 10735 Yes Security Update 10.0.10240.18967 5003638 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003638 5003197 10852 10853 10816 10855 Yes Security Update 10.0.14393.4467 5003671 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003671 5003209 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20045 5003671 https://support.microsoft.com/help/5003671 10481 10482 10484 10483 10543 5003681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003681 10481 10482 10483 10543 Yes Security Only 6.3.9600.20044 5003681 https://support.microsoft.com/help/5003681 10481 10482 10483 10543 5003671 5003209 10484 Yes Monthly Rollup 6.3.9600.20045 5003697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003697 5003208 10378 10379 Yes Monthly Rollup 6.2.9200.23372 5003697 https://support.microsoft.com/help/5003697 10378 10379 5003696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003696 10378 10379 Yes Security Only 6.2.9200.23372 5003696 https://support.microsoft.com/help/5003696 10378 10379 James Forshaw of Google Project Zero 1.0 2021-06-08T07:00:00 <p>Information published.</p> Windows HTML Platforms Security Feature Bypass Vulnerability <p><strong>The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2?</strong></p> <p>While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.</p> <p>To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.</p> Windows HTML Platform Microsoft CVE-2021-31971 10483 10378 10852 10481 10047 10816 10853 9312 10484 10048 10729 10051 10735 9318 10482 11898 11896 11897 11768 11766 11802 11568 11571 11569 11767 11713 11714 11712 11801 11570 Security Feature Bypass 10483 Security Feature Bypass 10378 Security Feature Bypass 10852 Security Feature Bypass 10481 Security Feature Bypass 10047 Security Feature Bypass 10816 Security Feature Bypass 10853 Security Feature Bypass 9312 Security Feature Bypass 10484 Security Feature Bypass 10048 Security Feature Bypass 10729 Security Feature Bypass 10051 Security Feature Bypass 10735 Security Feature Bypass 9318 Security Feature Bypass 10482 Security Feature Bypass 11898 Security Feature Bypass 11896 Security Feature Bypass 11897 Security Feature Bypass 11768 Security Feature Bypass 11766 Security Feature Bypass 11802 Security Feature Bypass 11568 Security Feature Bypass 11571 Security Feature Bypass 11569 Security Feature Bypass 11767 Security Feature Bypass 11713 Security Feature Bypass 11714 Security Feature Bypass 11712 Security Feature Bypass 11801 Security Feature Bypass 11570 Important 10483 Important 10378 Important 10852 Important 10481 Important 10047 Important 10816 Important 10853 Important 9312 Important 10484 Important 10048 Important 10729 Important 10051 Important 10735 Important 9318 Important 10482 Important 11898 Important 11896 Important 11897 Important 11768 Important 11766 Important 11802 Important 11568 Important 11571 Important 11569 Important 11767 Important 11713 Important 11714 Important 11712 Important 11801 Important 11570 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10483 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10378 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10852 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10481 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10047 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10816 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10853 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 9312 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10484 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10048 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10729 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10051 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10735 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 9318 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10482 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11898 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11896 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11897 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11768 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11766 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11802 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11568 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11571 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11569 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11767 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11713 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11714 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11712 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11801 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11570 5003671 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003671 5003209 10483 10481 10482 Yes Monthly Rollup 6.3.9600.20045 5003671 https://support.microsoft.com/help/5003671 10483 10481 10484 10482 5003636 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003636 5003165 10483 10378 10481 10482 Yes IE Cumulative 1.0.0.0 5003697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003697 5003208 10378 Yes Monthly Rollup 6.2.9200.23372 5003697 https://support.microsoft.com/help/5003697 10378 5003638 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003638 5003197 10852 10816 10853 Yes Security Update 10.0.14393.4467 5003667 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003667 5003233 10047 10048 10051 Yes Monthly Rollup 6.1.7601.25632 5003667 https://support.microsoft.com/help/5003667 10047 10048 10051 5003636 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003636 5003165 10047 9312 10048 10051 9318 Yes IE Cumulative 5003661 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003661 5003210 9312 9318 Yes Monthly Rollup 6.0.6003.21137 5003661 https://support.microsoft.com/help/5003661 9312 9318 5003671 5003209 10484 Yes Monthly Rollup 6.3.9600.20045 5003687 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003687 5003172 10729 10735 Yes Security Update 10.0.10240.18967 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11898 11896 11897 Yes Security Update 10.0.19043.1052 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11768 11766 11767 Yes Security Update 10.0.19041.1052 5003637 https://support.microsoft.com/help/5003637 11898 11896 11897 11768 11766 11802 11767 11801 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11802 11801 Yes Security Update 10.0.19042.1052 5003646 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003646 5003171 11568 11571 11569 11570 Yes Security Update 10.0.17763.1999 5003646 https://support.microsoft.com/help/5003646 11568 11571 11569 11570 5003635 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003635 5003169 11713 11714 11712 Yes Security Update 10.0.18363.1621 5003635 https://support.microsoft.com/help/5003635 11713 11714 11712 Marcus Brinkmann (Ruhr University Bochum), Christian Dresen (Münster University of Applied Sciences), Robert Merget (Ruhr University Bochum), Damian Poddebniak (Münster University of Applied Sciences), Jens Müller (Ruhr University Bochum), Juraj Somorovsky (Paderborn University), Jörg Schwenk (Ruhr University Bochum), Sebastian Schinzel (Münster University of Applied Sciences) 1.0 2021-06-08T07:00:00 <p>Information published.</p> Event Tracing for Windows Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory.</p> Windows Event Logging Service Microsoft CVE-2021-31972 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 10729 10735 10852 10853 10816 10855 10481 10482 10484 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11712 Information Disclosure 11713 Information Disclosure 11714 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11766 Information Disclosure 11767 Information Disclosure 11768 Information Disclosure 11769 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11803 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10481 Information Disclosure 10482 Information Disclosure 10484 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11766 Important 11767 Important 11768 Important 11769 Important 11801 Important 11802 Important 11803 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10481 Important 10482 Important 10484 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11712 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11713 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11714 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11896 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11897 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11898 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11766 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11767 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11768 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11769 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11803 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10481 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10482 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10484 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5003646 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003646 5003171 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.1999 5003646 https://support.microsoft.com/help/5003646 11568 11569 11570 11571 11572 5003635 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003635 5003169 11712 11713 11714 Yes Security Update 10.0.18363.1621 5003635 https://support.microsoft.com/help/5003635 11712 11713 11714 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11896 11897 11898 Yes Security Update 10.0.19043.1052 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11766 11767 11768 11769 Yes Security Update 10.0.19041.1052 5003637 https://support.microsoft.com/help/5003637 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11801 11802 11803 Yes Security Update 10.0.19042.1052 5003687 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003687 5003172 10729 10735 Yes Security Update 10.0.10240.18967 5003638 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003638 5003197 10852 10853 10816 10855 Yes Security Update 10.0.14393.4467 5003671 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003671 5003209 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20045 5003671 https://support.microsoft.com/help/5003671 10481 10482 10484 10483 10543 5003681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003681 10481 10482 10483 10543 Yes Security Only 6.3.9600.20044 5003681 https://support.microsoft.com/help/5003681 10481 10482 10483 10543 5003671 5003209 10484 Yes Monthly Rollup 6.3.9600.20045 Wen of Kunlun Lab 1.0 2021-06-08T07:00:00 <p>Information published.</p> Windows GPSVC Elevation of Privilege Vulnerability Windows Installer Microsoft CVE-2021-31973 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11766 Elevation of Privilege 11767 Elevation of Privilege 11768 Elevation of Privilege 11769 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11766 Important 11767 Important 11768 Important 11769 Important 11801 Important 11802 Important 11803 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11766 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11767 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11768 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11769 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5003646 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003646 5003171 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.1999 5003646 https://support.microsoft.com/help/5003646 11568 11569 11570 11571 11572 5003635 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003635 5003169 11712 11713 11714 Yes Security Update 10.0.18363.1621 5003635 https://support.microsoft.com/help/5003635 11712 11713 11714 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11896 11897 11898 Yes Security Update 10.0.19043.1052 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11766 11767 11768 11769 Yes Security Update 10.0.19041.1052 5003637 https://support.microsoft.com/help/5003637 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11801 11802 11803 Yes Security Update 10.0.19042.1052 5003687 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003687 5003172 10729 10735 Yes Security Update 10.0.10240.18967 5003638 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003638 5003197 10852 10853 10816 10855 Yes Security Update 10.0.14393.4467 5003667 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003667 5003233 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25632 5003667 https://support.microsoft.com/help/5003667 10047 10048 10051 10049 5003694 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003694 10047 10048 10051 10049 Yes Security Only 6.1.7601.25632 5003694 https://support.microsoft.com/help/5003694 10047 10048 10051 10049 5003671 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003671 5003209 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20045 5003671 https://support.microsoft.com/help/5003671 10481 10482 10484 10483 10543 5003681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003681 10481 10482 10483 10543 Yes Security Only 6.3.9600.20044 5003681 https://support.microsoft.com/help/5003681 10481 10482 10483 10543 5003671 5003209 10484 Yes Monthly Rollup 6.3.9600.20045 5003661 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003661 5003210 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21137 5003661 https://support.microsoft.com/help/5003661 9312 10287 9318 9344 5003695 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003695 9312 10287 9318 9344 Yes Security Only 6.0.6003.21137 5003695 https://support.microsoft.com/help/5003695 9312 10287 9318 9344 5003697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003697 5003208 10378 10379 Yes Monthly Rollup 6.2.9200.23372 5003697 https://support.microsoft.com/help/5003697 10378 10379 5003696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003696 10378 10379 Yes Security Only 6.2.9200.23372 5003696 https://support.microsoft.com/help/5003696 10378 10379 1.0 2021-06-08T07:00:00 <p>Information published.</p> Server for NFS Denial of Service Vulnerability Windows Network File System Microsoft CVE-2021-31974 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 10729 10735 10852 10853 10816 10855 10481 10482 10484 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11712 Denial of Service 11713 Denial of Service 11714 Denial of Service 11896 Denial of Service 11897 Denial of Service 11898 Denial of Service 11766 Denial of Service 11767 Denial of Service 11768 Denial of Service 11769 Denial of Service 11801 Denial of Service 11802 Denial of Service 11803 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10481 Denial of Service 10482 Denial of Service 10484 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11766 Important 11767 Important 11768 Important 11769 Important 11801 Important 11802 Important 11803 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10481 Important 10482 Important 10484 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11712 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11713 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11714 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11896 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11897 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11898 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11766 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11767 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11768 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11769 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11803 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10481 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10482 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10484 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5003646 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003646 5003171 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.1999 5003646 https://support.microsoft.com/help/5003646 11568 11569 11570 11571 11572 5003635 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003635 5003169 11712 11713 11714 Yes Security Update 10.0.18363.1621 5003635 https://support.microsoft.com/help/5003635 11712 11713 11714 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11896 11897 11898 Yes Security Update 10.0.19043.1052 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11766 11767 11768 11769 Yes Security Update 10.0.19041.1052 5003637 https://support.microsoft.com/help/5003637 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11801 11802 11803 Yes Security Update 10.0.19042.1052 5003687 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003687 5003172 10729 10735 Yes Security Update 10.0.10240.18967 5003638 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003638 5003197 10852 10853 10816 10855 Yes Security Update 10.0.14393.4467 5003671 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003671 5003209 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20045 5003671 https://support.microsoft.com/help/5003671 10481 10482 10484 10483 10543 5003681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003681 10481 10482 10483 10543 Yes Security Only 6.3.9600.20044 5003681 https://support.microsoft.com/help/5003681 10481 10482 10483 10543 5003671 5003209 10484 Yes Monthly Rollup 6.3.9600.20045 5003697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003697 5003208 10378 10379 Yes Monthly Rollup 6.2.9200.23372 5003697 https://support.microsoft.com/help/5003697 10378 10379 5003696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003696 10378 10379 Yes Security Only 6.2.9200.23372 5003696 https://support.microsoft.com/help/5003696 10378 10379 1.0 2021-06-08T07:00:00 <p>Information published.</p> Server for NFS Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p> Windows Network File System Microsoft CVE-2021-31975 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 10729 10735 10852 10853 10816 10855 10481 10482 10484 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11712 Information Disclosure 11713 Information Disclosure 11714 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11766 Information Disclosure 11767 Information Disclosure 11768 Information Disclosure 11769 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11803 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10481 Information Disclosure 10482 Information Disclosure 10484 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11766 Important 11767 Important 11768 Important 11769 Important 11801 Important 11802 Important 11803 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10481 Important 10482 Important 10484 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11712 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11713 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11714 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11896 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11897 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11898 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11766 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11767 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11768 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11769 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11803 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10481 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10482 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10484 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5003646 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003646 5003171 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.1999 5003646 https://support.microsoft.com/help/5003646 11568 11569 11570 11571 11572 5003635 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003635 5003169 11712 11713 11714 Yes Security Update 10.0.18363.1621 5003635 https://support.microsoft.com/help/5003635 11712 11713 11714 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11896 11897 11898 Yes Security Update 10.0.19043.1052 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11766 11767 11768 11769 Yes Security Update 10.0.19041.1052 5003637 https://support.microsoft.com/help/5003637 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11801 11802 11803 Yes Security Update 10.0.19042.1052 5003687 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003687 5003172 10729 10735 Yes Security Update 10.0.10240.18967 5003638 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003638 5003197 10852 10853 10816 10855 Yes Security Update 10.0.14393.4467 5003671 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003671 5003209 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20045 5003671 https://support.microsoft.com/help/5003671 10481 10482 10484 10483 10543 5003681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003681 10481 10482 10483 10543 Yes Security Only 6.3.9600.20044 5003681 https://support.microsoft.com/help/5003681 10481 10482 10483 10543 5003671 5003209 10484 Yes Monthly Rollup 6.3.9600.20045 5003697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003697 5003208 10378 10379 Yes Monthly Rollup 6.2.9200.23372 5003697 https://support.microsoft.com/help/5003697 10378 10379 5003696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003696 10378 10379 Yes Security Only 6.2.9200.23372 5003696 https://support.microsoft.com/help/5003696 10378 10379 1.0 2021-06-08T07:00:00 <p>Information published.</p> Server for NFS Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p> Windows Network File System Microsoft CVE-2021-31976 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 10729 10735 10852 10853 10816 10855 10481 10482 10484 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11712 Information Disclosure 11713 Information Disclosure 11714 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11766 Information Disclosure 11767 Information Disclosure 11768 Information Disclosure 11769 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11803 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10481 Information Disclosure 10482 Information Disclosure 10484 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11766 Important 11767 Important 11768 Important 11769 Important 11801 Important 11802 Important 11803 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10481 Important 10482 Important 10484 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11712 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11713 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11714 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11896 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11897 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11898 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11766 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11767 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11768 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11769 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11803 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10481 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10482 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10484 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5003646 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003646 5003171 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.1999 5003646 https://support.microsoft.com/help/5003646 11568 11569 11570 11571 11572 5003635 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003635 5003169 11712 11713 11714 Yes Security Update 10.0.18363.1621 5003635 https://support.microsoft.com/help/5003635 11712 11713 11714 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11896 11897 11898 Yes Security Update 10.0.19043.1052 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11766 11767 11768 11769 Yes Security Update 10.0.19041.1052 5003637 https://support.microsoft.com/help/5003637 11896 11897 11898 11766 11767 11768 11769 11801 11802 11803 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11801 11802 11803 Yes Security Update 10.0.19042.1052 5003687 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003687 5003172 10729 10735 Yes Security Update 10.0.10240.18967 5003638 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003638 5003197 10852 10853 10816 10855 Yes Security Update 10.0.14393.4467 5003671 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003671 5003209 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20045 5003671 https://support.microsoft.com/help/5003671 10481 10482 10484 10483 10543 5003681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003681 10481 10482 10483 10543 Yes Security Only 6.3.9600.20044 5003681 https://support.microsoft.com/help/5003681 10481 10482 10483 10543 5003671 5003209 10484 Yes Monthly Rollup 6.3.9600.20045 5003697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003697 5003208 10378 10379 Yes Monthly Rollup 6.2.9200.23372 5003697 https://support.microsoft.com/help/5003697 10378 10379 5003696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003696 10378 10379 Yes Security Only 6.2.9200.23372 5003696 https://support.microsoft.com/help/5003696 10378 10379 1.0 2021-06-08T07:00:00 <p>Information published.</p> Windows Hyper-V Denial of Service Vulnerability <p><strong>How might an attacker attempt to exploit this vulnerability?</strong></p> <p>By sending a specially crafted message to the Hyper-V host virtualization stack, a guest VM could cause a reference count in the host virtualization stack to be leaked. In most circumstances, this would result in a memory leak on the Hyper-V host. If the leaked reference count value were to overflow, reference count hardening built-in to the Hyper-V virtualization stack would cause the host to bugcheck (crash) in a controlled manner, mitigating this issue against exploitation for code execution or privilege elevation.</p> Role: Windows Hyper-V Microsoft CVE-2021-31977 11569 11571 11572 11713 11896 11768 11769 11803 10735 10853 10816 10855 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11713 Denial of Service 11896 Denial of Service 11768 Denial of Service 11769 Denial of Service 11803 Denial of Service 10735 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Important 11569 Important 11571 Important 11572 Important 11713 Important 11896 Important 11768 Important 11769 Important 11803 Important 10735 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.6 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 8.6 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 8.6 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 8.6 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11713 8.6 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11896 8.6 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11768 8.6 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11769 8.6 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11803 8.6 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 8.6 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 8.6 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 8.6 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5003646 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003646 5003171 11569 11571 11572 Yes Security Update 10.0.17763.1999 5003646 https://support.microsoft.com/help/5003646 11569 11571 11572 5003635 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003635 5003169 11713 Yes Security Update 10.0.18363.1621 5003635 https://support.microsoft.com/help/5003635 11713 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11896 Yes Security Update 10.0.19043.1052 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11768 11769 Yes Security Update 10.0.19041.1052 5003637 https://support.microsoft.com/help/5003637 11896 11768 11769 11803 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11803 Yes Security Update 10.0.19042.1052 5003687 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003687 5003172 10735 Yes Security Update 10.0.10240.18967 5003638 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003638 5003197 10853 10816 10855 Yes Security Update 10.0.14393.4467 1.0 2021-06-08T07:00:00 <p>Information published.</p> Microsoft Defender Denial of Service Vulnerability <table> <thead> <tr> <th>References</th> <th>Identification</th> </tr> </thead> <tbody> <tr> <td>First version of the Microsoft Malware Protection Engine with this vulnerability addressed</td> <td>Version 1.1.18200.3</td> </tr> </tbody> </table> <p>See <a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus">Manage Updates Baselines Microsoft Defender Antivirus</a> for more information.</p> <p><strong>Microsoft Defender is disabled in my environment, why are vulnerability scanners showing that I am vulnerable to this issue?</strong></p> <p>Vulnerability scanners are looking for specific binaries and version numbers on devices. Microsoft Defender files are still on disk even when disabled. Systems that have disabled Microsoft Defender are not in an exploitable state.</p> <p><strong>Why is no action required to install this update?</strong></p> <p>In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner.</p> <p>For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Microsoft Malware Protection Engine are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating.</p> <p>Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Microsoft Malware Protection Engine updates and malware definitions, is working as expected in their environment.</p> <p><strong>How often are the Microsoft Malware Protection Engine and malware definitions updated?</strong></p> <p>Microsoft typically releases an update for the Microsoft Malware Protection Engine once a month or as needed to protect against new threats. Microsoft also typically updates the malware definitions three times daily and can increase the frequency when needed.</p> <p>Depending on which Microsoft antimalware software is used and how it is configured, the software may search for engine and definition updates every day when connected to the Internet, up to multiple times daily. Customers can also choose to manually check for updates at any time.</p> <p><strong>What is the Microsoft Malware Protection Engine?</strong></p> <p>The Microsoft Malware Protection Engine, mpengine.dll, provides the scanning, detection, and cleaning capabilities for Microsoft antivirus and antispyware software.</p> <p><strong>Windows Defender uses the Microsoft Malware Protection Engine. On which products is Defender installed and active by default?</strong></p> <p>Defender runs on all supported version of Windows.</p> <p><strong>Are there other products that use the Microsoft Malware Protection Engine?</strong></p> <p>Yes, Microsoft System Center Endpoint Protection, Microsoft System Center 2012 R2 Endpoint Protection, Microsoft System Center 2012 Endpoint Protection and Microsoft Security Essentials.</p> <p><strong>Does this update contain any additional security-related changes to functionality?</strong></p> <p>Yes.  In addition to the changes that are listed for this vulnerability, this update includes defense-in-depth updates to help improve security-related features.</p> <h2 id="suggested-actions">Suggested Actions</h2> <p><strong>Verify that the update is installed</strong></p> <p>Customers should verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded and installed for their Microsoft antimalware products.</p> <ol> <li>Open the Windows Security program. For example, type Security in the Search bar, and select the Windows Security program.</li> <li>In the navigation pane, select Virus &amp; threat protection.</li> <li>Under Virus &amp; threat protection updates in the main window, select Check for updates</li> <li>Select Check for updates again.</li> <li>In the navigation pane, select Settings, and then select About.</li> <li>Examine the Engine Version number. The update was successfully installed if the Malware Protection Engine version number or the signature package version number matches or exceeds the version number that you are trying to verify as installed.</li> </ol> <p>For affected software, verify that the Microsoft Malware Protection Engine version is 1.1.18200.3 or later.</p> <p><strong>If necessary, install the update</strong></p> <p>Administrators of enterprise antimalware deployments should ensure that their update management software is configured to automatically approve and distribute engine updates and new malware definitions. Enterprise administrators should also verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded, approved and deployed in their environment.</p> <p>For end-users, the affected software provides built-in mechanisms for the automatic detection and deployment of this update. For these customers, the update will be applied within 48 hours of its availability. The exact time frame depends on the software used, Internet connection, and infrastructure configuration.</p> <p>End users that do not wish to wait can manually update their antimalware software.</p> Windows Defender Microsoft CVE-2021-31978 11902 Denial of Service 11902 Important 11902 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11902 Release Notes 11902 No Security Update Version 1.1.18200.3 Tavis Ormandy of <a href ="https://www.google.com/">Google Project Zero</a> 1.0 2021-06-08T07:00:00 <p>Information published.</p> Microsoft Defender Remote Code Execution Vulnerability <table> <thead> <tr> <th>References</th> <th>Identification</th> </tr> </thead> <tbody> <tr> <td>First version of the Microsoft Malware Protection Engine with this vulnerability addressed</td> <td>Version 1.1.18200.3</td> </tr> </tbody> </table> <p>See <a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus">Manage Updates Baselines Microsoft Defender Antivirus</a> for more information.</p> <p><strong>Microsoft Defender is disabled in my environment, why are vulnerability scanners showing that I am vulnerable to this issue?</strong></p> <p>Vulnerability scanners are looking for specific binaries and version numbers on devices. Microsoft Defender files are still on disk even when disabled. Systems that have disabled Microsoft Defender are not in an exploitable state.</p> <p><strong>Why is no action required to install this update?</strong></p> <p>In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner.</p> <p>For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Microsoft Malware Protection Engine are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating.</p> <p>Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Microsoft Malware Protection Engine updates and malware definitions, is working as expected in their environment.</p> <p><strong>How often are the Microsoft Malware Protection Engine and malware definitions updated?</strong></p> <p>Microsoft typically releases an update for the Microsoft Malware Protection Engine once a month or as needed to protect against new threats. Microsoft also typically updates the malware definitions three times daily and can increase the frequency when needed.</p> <p>Depending on which Microsoft antimalware software is used and how it is configured, the software may search for engine and definition updates every day when connected to the Internet, up to multiple times daily. Customers can also choose to manually check for updates at any time.</p> <p><strong>What is the Microsoft Malware Protection Engine?</strong></p> <p>The Microsoft Malware Protection Engine, mpengine.dll, provides the scanning, detection, and cleaning capabilities for Microsoft antivirus and antispyware software.</p> <p><strong>Windows Defender uses the Microsoft Malware Protection Engine. On which products is Defender installed and active by default?</strong></p> <p>Defender runs on all supported version of Windows.</p> <p><strong>Are there other products that use the Microsoft Malware Protection Engine?</strong></p> <p>Yes, Microsoft System Center Endpoint Protection, Microsoft System Center 2012 R2 Endpoint Protection, Microsoft System Center 2012 Endpoint Protection and Microsoft Security Essentials.</p> <p><strong>Does this update contain any additional security-related changes to functionality?</strong></p> <p>Yes.  In addition to the changes that are listed for this vulnerability, this update includes defense-in-depth updates to help improve security-related features.</p> <h2 id="suggested-actions">Suggested Actions</h2> <p><strong>Verify that the update is installed</strong></p> <p>Customers should verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded and installed for their Microsoft antimalware products.</p> <ol> <li>Open the Windows Security program. For example, type Security in the Search bar, and select the Windows Security program.</li> <li>In the navigation pane, select Virus &amp; threat protection.</li> <li>Under Virus &amp; threat protection updates in the main window, select Check for updates</li> <li>Select Check for updates again.</li> <li>In the navigation pane, select Settings, and then select About.</li> <li>Examine the Engine Version number. The update was successfully installed if the Malware Protection Engine version number or the signature package version number matches or exceeds the version number that you are trying to verify as installed.</li> </ol> <p>For affected software, verify that the Microsoft Malware Protection Engine version is 1.1.18200.3 or later.</p> <p><strong>If necessary, install the update</strong></p> <p>Administrators of enterprise antimalware deployments should ensure that their update management software is configured to automatically approve and distribute engine updates and new malware definitions. Enterprise administrators should also verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded, approved and deployed in their environment.</p> <p>For end-users, the affected software provides built-in mechanisms for the automatic detection and deployment of this update. For these customers, the update will be applied within 48 hours of its availability. The exact time frame depends on the software used, Internet connection, and infrastructure configuration.</p> <p>End users that do not wish to wait can manually update their antimalware software.</p> Windows Defender Microsoft CVE-2021-31985 11902 Remote Code Execution 11902 Critical 11902 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11902 Release Notes 11902 No Security Update Version 1.1.18200.3 Tavis Ormandy, Google Project Zero 1.0 2021-06-08T07:00:00 <p>Information published.</p> Windows MSHTML Platform Remote Code Execution Vulnerability <p><strong>The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2?</strong></p> <p>While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.</p> <p>To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.</p> Windows MSHTML Platform Microsoft CVE-2021-33742 11568 11569 11570 11571 11712 11713 11714 11896 11897 11898 11766 11767 11768 11801 11802 10729 10735 10852 10853 10816 10047 10048 10481 10482 10484 9312 9318 10051 10378 10483 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11712 Remote Code Execution 11713 Remote Code Execution 11714 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11766 Remote Code Execution 11767 Remote Code Execution 11768 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 9318 Remote Code Execution 10051 Remote Code Execution 10378 Remote Code Execution 10483 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11712 Critical 11713 Critical 11714 Critical 11896 Critical 11897 Critical 11898 Critical 11766 Critical 11767 Critical 11768 Critical 11801 Critical 11802 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10047 Critical 10048 Critical 10481 Critical 10482 Critical 10484 Critical 9312 Critical 9318 Critical 10051 Critical 10378 Critical 10483 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;Older Software Release:Exploitation Detected;DOS:N/A 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11568 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11569 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11570 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11571 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11712 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11713 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11714 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11896 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11897 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11898 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11766 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11767 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11768 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11801 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11802 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10729 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10735 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10852 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10853 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10816 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10047 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10048 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10481 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10482 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10484 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9312 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9318 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10051 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10378 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10483 5003646 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003646 5003171 11568 11569 11570 11571 Yes Security Update 10.0.17763.1999 5003646 https://support.microsoft.com/help/5003646 11568 11569 11570 11571 5003635 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003635 5003169 11712 11713 11714 Yes Security Update 10.0.18363.1621 5003635 https://support.microsoft.com/help/5003635 11712 11713 11714 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11896 11897 11898 Yes Security Update 10.0.19043.1052 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11766 11767 11768 Yes Security Update 10.0.19041.1052 5003637 https://support.microsoft.com/help/5003637 11896 11897 11898 11766 11767 11768 11801 11802 5003637 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637 5003173 11801 11802 Yes Security Update 10.0.19042.1052 5003687 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003687 5003172 10729 10735 Yes Security Update 10.0.10240.18967 5003638 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003638 5003197 10852 10853 10816 Yes Security Update 10.0.14393.4467 5003667 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003667 5003233 10047 10048 10051 Yes Monthly Rollup 6.1.7601.25632 5003667 https://support.microsoft.com/help/5003667 10047 10048 10051 5003636 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003636 5003165 10047 10048 9312 9318 10051 Yes IE Cumulative 5003671 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003671 5003209 10481 10482 10483 Yes Monthly Rollup 6.3.9600.20045 5003671 https://support.microsoft.com/help/5003671 10481 10482 10484 10483 5003636 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003636 5003165 10481 10482 10378 10483 Yes IE Cumulative 1.0.0.0 5003671 5003209 10484 Yes Monthly Rollup 6.3.9600.20045 5003661 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003661 5003210 9312 9318 Yes Monthly Rollup 6.0.6003.21137 5003661 https://support.microsoft.com/help/5003661 9312 9318 5003697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003697 5003208 10378 Yes Monthly Rollup 6.2.9200.23372 5003697 https://support.microsoft.com/help/5003697 10378 Clément Lecigne of Google’s Threat Analysis Group 1.0 2021-06-08T07:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>91.0.864.59</td> <td>6/24/2021</td> <td>91.0.4472.101</td> </tr> </tbody> </table> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:N). What does that mean for this vulnerability?</strong></p> <p>There are limited impact to Confidentiality and Integrity and no Avaibility impact from exploiting this vulnerability. An attacker would need to combine this with other vulnerabilities to perform an attack.</p> Microsoft Edge (Chromium-based) Microsoft CVE-2021-34475 11655 Elevation of Privilege 11655 Important 11655 Publicly Disclosed:No;Exploited:No;DOS:N/A 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 91.0.864.59 <a href="https://www.linkedin.com/in/shankar-king-s-299919143">vemula Bhavani shankar</a> <a href="https://www.daviderceg.com/">David Erceg</a> 1.1 2021-09-21T07:00:00 <p>Updated information to include CVSS scores. This is an informational change only.</p> 1.0 2021-06-24T07:00:00 <p>Information published.</p> 1.2 2023-08-01T07:00:00 <p>Added an FAQ. This is an information change only.</p> Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>91.0.864.59</td> <td>6/24/2021</td> <td>91.0.4472.101</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p> Microsoft Edge (Chromium-based) Microsoft CVE-2021-34506 11655 Security Feature Bypass 11655 Important 11655 Publicly Disclosed:No;Exploited:No;DOS:N/A 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 91.0.864.59 <a href="https://twitter.com/MrRajputHacker/">Shivam Kumar Singh</a> with <a href="https://cyberxplore.com">CyberXplore Private Limited</a> <a href="https://linkedin.com/in/vanshdevgan">Vansh Devgan</a> with <a href="https://cyberxplore.com">CyberXplore Private Limited</a> <a href="">Ignacio Laurence</a> with <a href=""></a> Anonymous 1.0 2021-06-24T07:00:00 <p>Information published.</p> 1.1 2021-09-21T07:00:00 <p>Updated information to include CVSS scores. This is an informational change only.</p> 1.2 2023-08-01T07:00:00 <p>Added an FAQ. This is an information change only.</p> 1.3 2023-08-17T07:00:00 <p>Updated information to include CVSS scores. This is an informational change only.</p>