August 2021 Security Updates
Security Update
secure@microsoft.com
The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc.
2021-Aug
2021-Aug
Final
1.0
57
2026-02-19T01:36:29
August 2021 Security Updates
2021-08-10T07:00:00
2026-02-19T01:36:29
<h2>Updates this Month</h2>
<p>This release consists of security updates for the following products, features and roles.</p>
<ul>
<li>.NET Core & Visual Studio</li>
<li>ASP .NET</li>
<li>Azure</li>
<li>Azure Sphere</li>
<li>Microsoft Azure Active Directory Connect</li>
<li>Microsoft Dynamics</li>
<li>Microsoft Graphics Component</li>
<li>Microsoft Office</li>
<li>Microsoft Office SharePoint</li>
<li>Microsoft Office Word</li>
<li>Microsoft Scripting Engine</li>
<li>Microsoft Windows Codecs Library</li>
<li>Remote Desktop Client</li>
<li>Windows Bluetooth Service</li>
<li>Windows Cryptographic Services</li>
<li>Windows Defender</li>
<li>Windows Event Tracing</li>
<li>Windows Media</li>
<li>Windows MSHTML Platform</li>
<li>Windows NTLM</li>
<li>Windows Print Spooler Components</li>
<li>Windows Services for NFS ONCRPC XDR Driver</li>
<li>Windows Storage Spaces Controller</li>
<li>Windows TCP/IP</li>
<li>Windows Update</li>
<li>Windows Update Assistant</li>
<li>Windows User Profile Service</li>
</ul>
<p>Please note the following information regarding the security updates:</p>
<h2>Security Update Guide Blog Posts</h2>
<table>
<thead>
<tr>
<th>Date</th>
<th>Blog Post</th>
</tr>
</thead>
<tbody>
<tr>
<td>February 9, 2021</td>
<td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td>
</tr>
<tr>
<td>January 13, 2021</td>
<td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td>
</tr>
<tr>
<td>December 8, 2020</td>
<td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td>
</tr>
<tr>
<td>November 9, 2020</td>
<td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td>
</tr>
</tbody>
</table>
<h2>Relevant Information</h2>
<ul>
<li>Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li>
<li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li>
<li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li>
<li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li>
<li>Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li>
</ul>
<h2>FAQs, Mitigations, and Workarounds</h2>
<p>The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting <strong>FAQs</strong>, <strong>Mitigations</strong> and <strong>Workarounds</strong> columns in the <strong>Edit Columns</strong> panel.</p>
<ul>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26428">CVE-2021-26428</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26429">CVE-2021-26429</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26430">CVE-2021-26430</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26433">CVE-2021-26433</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34478">CVE-2021-34478</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34485">CVE-2021-34485</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34532">CVE-2021-34532</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36926">CVE-2021-36926</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36932">CVE-2021-36932</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36933">CVE-2021-36933</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36938">CVE-2021-36938</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36941">CVE-2021-36941</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36949">CVE-2021-36949</a></li>
</ul>
<h2>Known Issues</h2>
<p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p>
<p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p>
<table>
<thead>
<tr>
<th>KB Article</th>
<th>Applies To</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://support.microsoft.com/help/5005030">5005030</a></td>
<td>Windows 10, Version 1809, Windows Server 2019</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5005031">5005031</a></td>
<td>Windows 10, Version 1909</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5005033">5005033</a></td>
<td>Windows 10, Version 2004, Windows Server, Version 2004, Windows 10, Version 20H2, Windows Server, Version 20H2, Windows 10, Version 21H1</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5005040">5005040</a></td>
<td>Windows 10</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5005076">5005076</a></td>
<td>Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Monthly Rollup)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5005088">5005088</a></td>
<td>Windows 7 SP1, Windows Server 2008 R2 SP1 (Monthly Rollup)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5005089">5005089</a></td>
<td>Windows 7 SP1, Windows Server 2008 R2 SP1 (Security-only update)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5005090">5005090</a></td>
<td>Windows Server 2008 SP2 (Monthly Rollup)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5005094">5005094</a></td>
<td>Windows Server 2012 (Security-only update)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5005095">5005095</a></td>
<td>Windows Server 2008 SP2 (Security-only update)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5005099">5005099</a></td>
<td>Windows Server 2012 (Monthly Rollup)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5005106">5005106</a></td>
<td>Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Security-only update)</td>
</tr>
</tbody>
</table>
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Azure CycleCloud 7.9.10
Azure CycleCloud 8.2.0
Azure Sphere
Microsoft Azure Active Directory Connect 1.X.Y.Z
Azure Active Directory Connect Provisioning Agent
Microsoft Azure Active Directory Connect 2.0.X.Y
Microsoft Dynamics 365 (on-premises) version 9.1
Microsoft Dynamics 365 (on-premises) version 9.0
Microsoft Dynamics NAV 2017
Microsoft Dynamics NAV 2018
Dynamics 365 Business Central 2019 Spring Update
Microsoft Dynamics 365 Business Central 2020 Release Wave 2 - Update 17.9
Microsoft Dynamics 365 Business Central 2020 Release Wave 1 - Update 16.15
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Server 2019
Microsoft Office 2019 for Mac
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2012
Windows Server 2012 R2
Windows Server 2019 (Server Core installation)
Windows Server, version 2004 (Server Core installation)
Windows Server, version 20H2 (Server Core Installation)
Windows Server 2016 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 (Server Core installation)
Windows Update Assistant
Remote Desktop client for Windows Desktop
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)
Microsoft Visual Studio 2019 version 16.10 (includes 16.0 - 16.9)
Visual Studio 2019 for Mac version 8.10
.NET Core 2.1
.NET Core 3.1
.NET 5.0
PowerShell Core 7.1
PowerShell Core 7.0
ASP.NET Core 2.1
ASP.NET Core 3.1
ASP.NET Core 5.0
PowerShell 7.1
PowerShell 7.0
Microsoft Malware Protection Engine
Microsoft Edge (Chromium-based)
CBL Mariner 1.0 x64
CBL Mariner 1.0 ARM
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows Server 2012 R2
Windows RT 8.1
Windows Server 2012 R2 (Server Core installation)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows Server 2016
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016 (Server Core installation)
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
ASP.NET Core 2.1
.NET Core 2.1
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2019 for Mac
Microsoft SharePoint Server 2019
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft Dynamics NAV 2017
Microsoft Edge (Chromium-based)
Microsoft Dynamics 365 (on-premises) version 9.0
Windows Update Assistant
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
ASP.NET Core 3.1
.NET Core 3.1
PowerShell 7.0
Microsoft Dynamics NAV 2018
Dynamics 365 Business Central 2019 Spring Update
.NET 5.0
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)
Azure Sphere
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows Server, version 20H2 (Server Core Installation)
ASP.NET Core 5.0
Remote Desktop client for Windows Desktop
PowerShell Core 7.1
PowerShell Core 7.0
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Microsoft Visual Studio 2019 version 16.10 (includes 16.0 - 16.9)
Visual Studio 2019 for Mac version 8.10
Microsoft Malware Protection Engine
Azure CycleCloud 7.9.10
Azure CycleCloud 8.2.0
Microsoft Dynamics 365 Business Central 2020 Release Wave 2 - Update 17.9
Microsoft Dynamics 365 Business Central 2020 Release Wave 1 - Update 16.15
Microsoft Azure Active Directory Connect 2.0.X.Y
Microsoft Azure Active Directory Connect 1.X.Y.Z
Microsoft Dynamics 365 (on-premises) version 9.1
Azure Active Directory Connect Provisioning Agent
PowerShell 7.1
CBL Mariner 1.0 x64
CBL Mariner 1.0 ARM
cbl2 qt5-qtsvg 5.12.11-3 on CBL Mariner 2.0
cm1 kernel 5.10.60.1-1 on CBL Mariner 1.0
cbl2 kernel 5.10.78.1-1 on CBL Mariner 2.0
cm1 qt5-qtsvg 5.12.11-2 on CBL Mariner 1.0
cbl2 exiv2 0.27.5-1 on CBL Mariner 2.0
azl3 shim-unsigned-aarch64 15.8-5 on Azure Linux 3.0
cm1 krb5 1.18.4-1 on CBL Mariner 1.0
azl3 python-tensorboard 2.16.2-2 on Azure Linux 3.0
cbl2 httpd 2.4.52-1 on CBL Mariner 2.0
cbl2 qemu 6.2.0-24 on CBL Mariner 2.0
cbl2 qt5-qtbase 5.12.11-15 on CBL Mariner 2.0
cbl2 python-gevent 21.1.2-3 on CBL Mariner 2.0
azl3 qemu 8.2.0-16 on Azure Linux 3.0
azl3 golang 1.23.7-1 on Azure Linux 3.0
azl3 tensorflow 2.16.1-9 on Azure Linux 3.0
azl3 edk2 20230301gitf80f052277c8-37 on Azure Linux 3.0
azl3 edk2 20240223gitedc6681206c1-1 on Azure Linux 3.0
azl3 mozjs 102.15.1-1 on Azure Linux 3.0
cbl2 qemu 6.2.0-2 on CBL Mariner 2.0
cbl2 nodejs 16.14.0-1 on CBL Mariner 2.0
cbl2 glibc 2.35-1 on CBL Mariner 2.0
azl3 librsvg2 2.58.1-1 on Azure Linux 3.0
cm1 openssl 1.1.1k-8 on CBL Mariner 1.0
cm1 gd 2.3.3-1 on CBL Mariner 1.0
cbl2 gd 2.3.3-1 on CBL Mariner 2.0
cbl2 gd 2.3.0-5 on CBL Mariner 2.0
cbl2 openssl 1.1.1k-11 on CBL Mariner 2.0
cbl2 krb5 1.19.3-1 on CBL Mariner 2.0
cbl2 curl 7.82.0-1 on CBL Mariner 2.0
cbl2 qt5-qtbase 5.12.11-11 on CBL Mariner 2.0
cm1 git 2.23.4-2 on CBL Mariner 1.0
cm1 mc 4.8.27-1 on CBL Mariner 1.0
cbl2 mc 4.8.27-1 on CBL Mariner 2.0
cm1 qemu-kvm 4.2.0-36 on CBL Mariner 1.0
cm1 nodejs 14.17.5-1 on CBL Mariner 1.0
cm1 httpd 2.4.46-6 on CBL Mariner 1.0
cm1 glibc 2.28-20 on CBL Mariner 1.0
cm1 golang 1.16.7-1 on CBL Mariner 1.0
cm1 curl 7.76.0-5 on CBL Mariner 1.0
cbl2 curl 7.76.0-5 on CBL Mariner 2.0
cm1 curl 7.76.0-7 on CBL Mariner 1.0
cm1 cpio 2.13-3 on CBL Mariner 1.0
cbl2 cpio 2.13-4 on CBL Mariner 2.0
cm1 qemu-kvm 4.2.0-35 on CBL Mariner 1.0
cm1 nettle 3.7.3-1 on CBL Mariner 1.0
cbl2 nettle 3.7.3-1 on CBL Mariner 2.0
cm1 ruby 2.6.7-2 on CBL Mariner 1.0
cbl2 ruby 2.7.4-1 on CBL Mariner 2.0
cbl2 sqlite 3.36.0-3 on CBL Mariner 2.0
cbl2 squashfs-tools 4.5.1-1 on CBL Mariner 2.0
cbl2 fetchmail 6.4.22-1 on CBL Mariner 2.0
cbl2 libssh on CBL Mariner 2.0
cbl2 jsoup on CBL Mariner 2.0
cbl2 qemu 6.2.0-24 on CBL Mariner 2.0
azl3 ceph 18.2.2-8 on Azure Linux 3.0
azl3 golang 1.23.9-1 on Azure Linux 3.0
azl3 python-tensorboard 2.11.0-3 on Azure Linux 3.0
azl3 golang 1.24.3-1 on Azure Linux 3.0
cbl2 qt5-qtbase 5.12.11-15 on CBL Mariner 2.0
azl3 librsvg2 2.50.3-4 on Azure Linux 3.0
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup.Due to errors in the logic the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*which could lead to libcurl reusing wrong connections.File paths are or can be case sensitive on many systems but not all and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
hackerone
Yes
CVE-2021-22924
Use of Incorrectly-Resolved Name or Reference
19008-16820
19009-16823
19008-16820
19009-16823
Low
19008-16820
Low
19009-16823
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
19008-16820
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
19009-16823
CBL-Mariner Releases
19008-16820
19009-16823
No
Security Update
7.76.0-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19008-16820
19009-16823
CBL-Mariner Releases
1.0
2021-08-17T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added curl to CBL-Mariner 2.0</p>
curl supports the `-t` command line option known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
hackerone
Yes
CVE-2021-22925
Use of Uninitialized Resource
19008-16820
19009-16823
19008-16820
19009-16823
Moderate
19008-16820
Moderate
19009-16823
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
19008-16820
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
19009-16823
CBL-Mariner Releases
19008-16820
19009-16823
No
Security Update
7.76.0-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19008-16820
19009-16823
CBL-Mariner Releases
1.0
2021-08-17T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added curl to CBL-Mariner 2.0</p>
Node.js before 16.6.0 14.17.4 and 12.22.4 is vulnerable to Remote Code Execution XSS Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
hackerone
Yes
CVE-2021-22931
Improper Input Validation
19004-16820
17433-16823
18775-16823
17667-17084
19666-17084
19004-16820
17433-16823
18775-16823
17667-17084
19666-17084
Critical
19004-16820
Critical
17433-16823
Critical
18775-16823
Critical
17667-17084
Critical
19666-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19004-16820
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
17433-16823
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18775-16823
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
17667-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19666-17084
CBL-Mariner Releases
19004-16820
No
Security Update
14.17.5-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19004-16820
CBL-Mariner Releases
CBL-Mariner Releases
17433-16823
No
Security Update
21.1.2-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17433-16823
CBL-Mariner Releases
CBL-Mariner Releases
18775-16823
No
Security Update
16.14.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18775-16823
CBL-Mariner Releases
CBL-Mariner Releases
19666-17084
No
Security Update
18.2.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19666-17084
CBL-Mariner Releases
1.2
2026-02-18T14:59:05
<p>Information published.</p>
1.0
2021-08-25T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added nodejs to CBL-Mariner 2.0</p>
If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter no error was returned and connections to servers with an expired certificate would have been accepted.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
hackerone
Yes
CVE-2021-22939
Improper Certificate Validation
19004-16820
18775-16823
19004-16820
18775-16823
Moderate
19004-16820
Moderate
18775-16823
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
19004-16820
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
18775-16823
CBL-Mariner Releases
19004-16820
No
Security Update
14.17.5-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19004-16820
CBL-Mariner Releases
CBL-Mariner Releases
18775-16823
No
Security Update
16.14.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18775-16823
CBL-Mariner Releases
1.0
2021-08-25T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added nodejs to CBL-Mariner 2.0</p>
Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet which (in some situations) allows attackers to bypass access control that is based on IP addresses because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-29923
19007-16820
17021-17084
19697-17084
19696-17084
19007-16820
17021-17084
19697-17084
19696-17084
Important
19007-16820
Important
17021-17084
Important
19697-17084
Important
19696-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
19007-16820
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
17021-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
19697-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
19696-17084
CBL-Mariner Releases
19007-16820
No
Security Update
1.16.7-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19007-16820
CBL-Mariner Releases
CBL-Mariner Releases
17021-17084
19696-17084
No
Security Update
2.16.2-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17021-17084
19696-17084
CBL-Mariner Releases
1.0
2021-08-18T00:00:00
<p>Information published.</p>
1.1
2024-08-29T00:00:00
<p>Information published.</p>
1.2
2024-08-30T00:00:00
<p>Information published.</p>
1.3
2024-08-31T00:00:00
<p>Information published.</p>
1.4
2024-09-01T00:00:00
<p>Information published.</p>
1.5
2024-09-02T00:00:00
<p>Information published.</p>
1.6
2024-09-03T00:00:00
<p>Information published.</p>
1.7
2024-09-05T00:00:00
<p>Information published.</p>
1.8
2024-09-06T00:00:00
<p>Information published.</p>
1.9
2024-09-07T00:00:00
<p>Information published.</p>
2.0
2024-09-08T00:00:00
<p>Information published.</p>
2.1
2024-09-11T00:00:00
<p>Information published.</p>
2.2
2026-02-18T14:02:27
<p>Information published.</p>
Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers and thus a return value may contain an unsafe injection (e.g. XSS) that does not conform to the RFC1035 format.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-33195
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
19696-17084
17485-17084
19697-17084
17021-17084
19679-17084
19696-17084
17485-17084
19697-17084
17021-17084
19679-17084
Important
19696-17084
Important
17485-17084
Important
19697-17084
Important
17021-17084
Important
19679-17084
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19696-17084
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
17485-17084
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19697-17084
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
17021-17084
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19679-17084
CBL-Mariner Releases
19696-17084
17021-17084
No
Security Update
2.16.2-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19696-17084
17021-17084
CBL-Mariner Releases
1.0
2024-09-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T01:53:33
<p>Information published.</p>
In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5 a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-33196
Improper Input Validation
19696-17084
17485-17084
17021-17084
19679-17084
19697-17084
19696-17084
17485-17084
17021-17084
19679-17084
19697-17084
Important
19696-17084
Important
17485-17084
Important
17021-17084
Important
19679-17084
Important
19697-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19696-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17485-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17021-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19679-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19697-17084
CBL-Mariner Releases
19696-17084
17021-17084
No
Security Update
2.16.2-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19696-17084
17021-17084
CBL-Mariner Releases
1.1
2026-02-18T14:39:39
<p>Information published.</p>
1.0
2024-09-11T00:00:00
<p>Information published.</p>
In Go before 1.15.13 and 1.16.x before 1.16.5 there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-33198
17021-17084
19696-17084
17021-17084
19696-17084
Important
17021-17084
Important
19696-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17021-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19696-17084
CBL-Mariner Releases
17021-17084
19696-17084
No
Security Update
2.16.2-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17021-17084
19696-17084
CBL-Mariner Releases
1.0
2024-09-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:17:26
<p>Information published.</p>
Denial of service due to integer overflow in loop counter
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2021-34334
Loop with Unreachable Exit Condition ('Infinite Loop')
17009-16823
17009-16823
Moderate
17009-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17009-16823
CBL-Mariner Releases
17009-16823
No
Security Update
0.27.5-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17009-16823
CBL-Mariner Releases
1.0
2022-01-19T00:00:00
<p>Information published.</p>
Denial of service due to FPE in Exiv2::Internal::resolveLens0xffff
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2021-34335
Divide By Zero
17009-16823
17009-16823
Moderate
17009-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17009-16823
CBL-Mariner Releases
17009-16823
No
Security Update
0.27.5-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17009-16823
CBL-Mariner Releases
1.0
2022-01-19T00:00:00
<p>Information published.</p>
A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add() hci_sock_blacklist_del() hci_get_conn_info() hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2021-3573
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
16919-16820
16920-16823
16919-16820
16920-16823
Moderate
16919-16820
Moderate
16920-16823
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
16919-16820
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
16920-16823
CBL-Mariner Releases
16919-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16919-16820
CBL-Mariner Releases
CBL-Mariner Releases
16920-16823
No
Security Update
5.10.78.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16920-16823
CBL-Mariner Releases
1.0
2021-08-25T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added kernel to CBL-Mariner 2.0</p>
A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2021-3580
Improper Input Validation
19014-16820
19015-16823
19014-16820
19015-16823
Important
19014-16820
Important
19015-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19014-16820
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19015-16823
CBL-Mariner Releases
19014-16820
19015-16823
No
Security Update
3.7.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19014-16820
19015-16823
CBL-Mariner Releases
1.0
2021-08-14T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added nettle to CBL-Mariner 2.0</p>
Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-36221
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
19007-16820
19007-16820
Moderate
19007-16820
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
19007-16820
CBL-Mariner Releases
19007-16820
No
Security Update
1.16.7-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19007-16820
CBL-Mariner Releases
1.0
2021-08-20T00:00:00
<p>Information published.</p>
A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g. is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-36690
19473-16823
19473-16823
Important
19473-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19473-16823
CBL-Mariner Releases
19473-16823
No
Security Update
3.36.0-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19473-16823
CBL-Mariner Releases
1.0
2022-02-10T00:00:00
<p>Information published.</p>
A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2021-3679
Loop with Unreachable Exit Condition ('Infinite Loop')
16919-16820
16920-16823
16919-16820
16920-16823
Moderate
16919-16820
Moderate
16920-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
16919-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
16920-16823
CBL-Mariner Releases
16919-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16919-16820
CBL-Mariner Releases
CBL-Mariner Releases
16920-16823
No
Security Update
5.10.78.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16920-16823
CBL-Mariner Releases
1.0
2021-08-14T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added kernel to CBL-Mariner 2.0</p>
An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2021-3713
Out-of-bounds Write
19003-16820
18757-16823
19003-16820
18757-16823
Important
19003-16820
Important
18757-16823
7.4
7.4
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
19003-16820
7.4
7.4
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
18757-16823
CBL-Mariner Releases
19003-16820
No
Security Update
4.2.0-36
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19003-16820
CBL-Mariner Releases
CBL-Mariner Releases
18757-16823
No
Security Update
6.2.0-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18757-16823
CBL-Mariner Releases
1.0
2023-03-10T00:00:00
<p>Information published.</p>
Null pointer dereference in Exiv2::Internal::resolveLens0x319
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2021-37615
NULL Pointer Dereference
17009-16823
17009-16823
Moderate
17009-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17009-16823
CBL-Mariner Releases
17009-16823
No
Security Update
0.27.5-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17009-16823
CBL-Mariner Releases
1.0
2022-01-19T00:00:00
<p>Information published.</p>
Out-of-bounds read in Exiv2::Jp2Image::printStructure
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2021-37618
Out-of-bounds Read
17009-16823
17009-16823
Moderate
17009-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17009-16823
CBL-Mariner Releases
17009-16823
No
Security Update
0.27.5-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17009-16823
CBL-Mariner Releases
1.0
2022-01-19T00:00:00
<p>Information published.</p>
Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2021-37619
Out-of-bounds Read
17009-16823
17009-16823
Moderate
17009-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17009-16823
CBL-Mariner Releases
17009-16823
No
Security Update
0.27.5-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17009-16823
CBL-Mariner Releases
1.0
2022-01-19T00:00:00
<p>Information published.</p>
Out-of-bounds read in XmpTextValue::read()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2021-37620
Out-of-bounds Read
17009-16823
17009-16823
Moderate
17009-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17009-16823
CBL-Mariner Releases
17009-16823
No
Security Update
0.27.5-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17009-16823
CBL-Mariner Releases
1.0
2022-01-19T00:00:00
<p>Information published.</p>
Denial of service due to infinite loop in JpegBase::printStructure (#1)
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2021-37622
Loop with Unreachable Exit Condition ('Infinite Loop')
17009-16823
17009-16823
Moderate
17009-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17009-16823
CBL-Mariner Releases
17009-16823
No
Security Update
0.27.5-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17009-16823
CBL-Mariner Releases
1.0
2022-01-19T00:00:00
<p>Information published.</p>
Denial of service due to infinite loop in JpegBase::printStructure (#2)
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2021-37623
Loop with Unreachable Exit Condition ('Infinite Loop')
17009-16823
17009-16823
Moderate
17009-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17009-16823
CBL-Mariner Releases
17009-16823
No
Security Update
0.27.5-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17009-16823
CBL-Mariner Releases
1.0
2022-01-19T00:00:00
<p>Information published.</p>
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-37750
NULL Pointer Dereference
17015-16820
18983-16823
17015-16820
18983-16823
Moderate
17015-16820
Moderate
18983-16823
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17015-16820
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18983-16823
CBL-Mariner Releases
17015-16820
No
Security Update
1.18.4-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17015-16820
CBL-Mariner Releases
CBL-Mariner Releases
18983-16823
No
Security Update
1.19.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18983-16823
CBL-Mariner Releases
1.0
2021-10-15T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added krb5 to CBL-Mariner 2.0</p>
In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8 there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-38166
Out-of-bounds Write
16919-16820
16920-16823
16919-16820
16920-16823
Important
16919-16820
Important
16920-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
16919-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
16920-16823
CBL-Mariner Releases
16919-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16919-16820
CBL-Mariner Releases
CBL-Mariner Releases
16920-16823
No
Security Update
5.10.78.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16920-16823
CBL-Mariner Releases
1.0
2021-08-15T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added kernel to CBL-Mariner 2.0</p>
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file associated with the -E option is untrusted data.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-38185
Integer Overflow or Wraparound
19011-16820
19012-16823
19011-16820
19012-16823
Important
19011-16820
Important
19012-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
19011-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
19012-16823
CBL-Mariner Releases
19011-16820
No
Security Update
2.13-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19011-16820
CBL-Mariner Releases
CBL-Mariner Releases
19012-16823
No
Security Update
2.13-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19012-16823
CBL-Mariner Releases
1.0
2021-08-17T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added cpio to CBL-Mariner 2.0</p>
arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page leading to a missing guest protection page fault.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-38198
16919-16820
16920-16823
16919-16820
16920-16823
Moderate
16919-16820
Moderate
16920-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
16919-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
16920-16823
CBL-Mariner Releases
16919-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16919-16820
CBL-Mariner Releases
CBL-Mariner Releases
16920-16823
No
Security Update
5.10.78.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16920-16823
CBL-Mariner Releases
1.0
2021-08-14T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added kernel to CBL-Mariner 2.0</p>
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-38199
16919-16820
16920-16823
16919-16820
16920-16823
Moderate
16919-16820
Moderate
16920-16823
6.5
6.5
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
16919-16820
6.5
6.5
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
16920-16823
CBL-Mariner Releases
16919-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16919-16820
CBL-Mariner Releases
CBL-Mariner Releases
16920-16823
No
Security Update
5.10.78.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16920-16823
CBL-Mariner Releases
1.0
2021-08-13T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added kernel to CBL-Mariner 2.0</p>
net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-38201
Improper Restriction of Operations within the Bounds of a Memory Buffer
16919-16820
16920-16823
16919-16820
16920-16823
Important
16919-16820
Important
16920-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
16919-16820
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
16920-16823
CBL-Mariner Releases
16919-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16919-16820
CBL-Mariner Releases
CBL-Mariner Releases
16920-16823
No
Security Update
5.10.78.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16920-16823
CBL-Mariner Releases
1.0
2021-08-13T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added kernel to CBL-Mariner 2.0</p>
fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-38202
Out-of-bounds Read
16919-16820
16920-16823
16919-16820
16920-16823
Important
16919-16820
Important
16920-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
16919-16820
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
16920-16823
CBL-Mariner Releases
16919-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16919-16820
CBL-Mariner Releases
CBL-Mariner Releases
16920-16823
No
Security Update
5.10.78.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16920-16823
CBL-Mariner Releases
1.0
2021-08-13T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added kernel to CBL-Mariner 2.0</p>
drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e. the real IOMEM pointer).
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-38205
Access of Uninitialized Pointer
16919-16820
16920-16823
16919-16820
16920-16823
Low
16919-16820
Low
16920-16823
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
16919-16820
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
16920-16823
CBL-Mariner Releases
16919-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16919-16820
CBL-Mariner Releases
CBL-Mariner Releases
16920-16823
No
Security Update
5.10.78.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16920-16823
CBL-Mariner Releases
1.0
2021-08-13T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added kernel to CBL-Mariner 2.0</p>
The mac80211 subsystem in the Linux kernel before 5.12.13 when a device supporting only 5 GHz is used allows attackers to cause a denial of service (NULL pointer dereference in the radiotap parser) by injecting a frame with 802.11a rates.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-38206
NULL Pointer Dereference
16919-16820
16920-16823
16919-16820
16920-16823
Moderate
16919-16820
Moderate
16920-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
16919-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
16920-16823
CBL-Mariner Releases
16919-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16919-16820
CBL-Mariner Releases
CBL-Mariner Releases
16920-16823
No
Security Update
5.10.78.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16920-16823
CBL-Mariner Releases
1.0
2021-08-13T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added kernel to CBL-Mariner 2.0</p>
net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-38208
NULL Pointer Dereference
16919-16820
16920-16823
16919-16820
16920-16823
Moderate
16919-16820
Moderate
16920-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
16919-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
16920-16823
CBL-Mariner Releases
16919-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16919-16820
CBL-Mariner Releases
CBL-Mariner Releases
16920-16823
No
Security Update
5.10.78.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16920-16823
CBL-Mariner Releases
1.0
2021-08-13T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added kernel to CBL-Mariner 2.0</p>
net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all other net namespaces. This is related to the NF_SYSCTL_CT_MAX NF_SYSCTL_CT_EXPECT_MAX and NF_SYSCTL_CT_BUCKETS sysctls.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-38209
Observable Discrepancy
16919-16820
16920-16823
16919-16820
16920-16823
Low
16919-16820
Low
16920-16823
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
16919-16820
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
16920-16823
CBL-Mariner Releases
16919-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16919-16820
CBL-Mariner Releases
CBL-Mariner Releases
16920-16823
No
Security Update
5.10.78.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16920-16823
CBL-Mariner Releases
1.0
2021-08-13T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added kernel to CBL-Mariner 2.0</p>
Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances such as a certain situation with IMAP and PREAUTH.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-39272
Cleartext Transmission of Sensitive Information
19480-16823
19480-16823
Moderate
19480-16823
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
19480-16823
CBL-Mariner Releases
19480-16823
No
Security Update
6.4.22-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19480-16823
CBL-Mariner Releases
1.0
2022-01-19T00:00:00
<p>Information published.</p>
gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete and should only be used for development and testing purposes.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-40145
Double Free
18958-16820
18960-16823
18958-16820
18960-16823
Important
18958-16820
Important
18960-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18958-16820
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18960-16823
CBL-Mariner Releases
18958-16820
No
Security Update
2.3.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18958-16820
CBL-Mariner Releases
CBL-Mariner Releases
18960-16823
No
Security Update
2.3.0-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18960-16823
CBL-Mariner Releases
1.0
2021-12-01T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added gd to CBL-Mariner 2.0</p>
squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory and thus allows writing to locations outside of the destination.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-40153
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
19474-16823
19474-16823
Important
19474-16823
8.1
8.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
19474-16823
CBL-Mariner Releases
19474-16823
No
Security Update
4.5.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19474-16823
CBL-Mariner Releases
1.0
2022-01-20T00:00:00
<p>Information published.</p>
A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secret_hash" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2021-3634
Out-of-bounds Write
19645-16823
19645-16823
Moderate
19645-16823
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19645-16823
CBL-Mariner Releases
19645-16823
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19645-16823
CBL-Mariner Releases
1.0
2025-10-01T23:11:10
<p>Information published.</p>
An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificate name is mishandled: when the subjecAltName extension is present, the expected name is compared to any name in that extension regardless of its type. This means that an attacker could impersonate a 4-byte or 16-byte domain by getting a certificate for the corresponding IPv4 or IPv6 address (this would require the attacker to control that IP address, though).
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2020-36477
Improper Certificate Validation
19662-17086
17459-17084
17093-17086
19662-17086
17459-17084
17093-17086
19662-17086
Moderate
17459-17084
Moderate
17093-17086
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
19662-17086
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
17459-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
17093-17086
2.0
2026-02-18T03:04:42
<p>Information published.</p>
1.0
2025-09-03T22:03:28
<p>Information published.</p>
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2020-36475
Incorrect Calculation of Buffer Size
19662-17086
17459-17084
17093-17086
19662-17086
17459-17084
17093-17086
19662-17086
Important
17459-17084
Important
17093-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19662-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17459-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17093-17086
2.0
2026-02-18T03:05:11
<p>Information published.</p>
1.0
2025-09-03T22:06:18
<p>Information published.</p>
An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2020-36476
Improper Removal of Sensitive Information Before Storage or Transfer
19662-17086
17459-17084
17093-17086
19662-17086
17459-17084
17093-17086
19662-17086
Important
17459-17084
Important
17093-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
19662-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
17459-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
17093-17086
1.0
2025-09-04T02:31:03
<p>Information published.</p>
2.0
2026-02-18T02:38:16
<p>Information published.</p>
When curl is instructed to download content using the metalink feature thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
hackerone
Yes
CVE-2021-22922
Improper Handling of Exceptional Conditions
19008-16820
19009-16823
19008-16820
19009-16823
Moderate
19008-16820
Moderate
19009-16823
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
19008-16820
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
19009-16823
CBL-Mariner Releases
19008-16820
19009-16823
No
Security Update
7.76.0-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19008-16820
19009-16823
CBL-Mariner Releases
1.0
2021-08-17T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added curl to CBL-Mariner 2.0</p>
When curl is instructed to get content using the metalink feature and a user name and password are used to download the metalink XML file those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
hackerone
Yes
CVE-2021-22923
Cleartext Transmission of Sensitive Information
19008-16820
19009-16823
19008-16820
19009-16823
Moderate
19008-16820
Moderate
19009-16823
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
19008-16820
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
19009-16823
CBL-Mariner Releases
19008-16820
19009-16823
No
Security Update
7.76.0-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19008-16820
19009-16823
CBL-Mariner Releases
1.0
2021-08-14T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added curl to CBL-Mariner 2.0</p>
libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file it will be used instead of by name.If the appliction runs with a current working directory that is writable by other users (like `/tmp`) a malicious user can create a file name with the same name as the app wants to use by name and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
hackerone
Yes
CVE-2021-22926
Improper Certificate Validation
19010-16820
18989-16823
19010-16820
18989-16823
Important
19010-16820
Important
18989-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19010-16820
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18989-16823
CBL-Mariner Releases
19010-16820
No
Security Update
7.76.0-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19010-16820
CBL-Mariner Releases
CBL-Mariner Releases
18989-16823
No
Security Update
7.82.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18989-16823
CBL-Mariner Releases
1.0
2021-08-17T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added curl to CBL-Mariner 2.0</p>
Node.js before 16.6.1 14.17.5 and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption to change process behavior.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
hackerone
Yes
CVE-2021-22940
Use After Free
19004-16820
18775-16823
19004-16820
18775-16823
Important
19004-16820
Important
18775-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
19004-16820
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
18775-16823
CBL-Mariner Releases
19004-16820
No
Security Update
14.17.5-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19004-16820
CBL-Mariner Releases
CBL-Mariner Releases
18775-16823
No
Security Update
16.14.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18775-16823
CBL-Mariner Releases
1.0
2021-08-25T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added nodejs to CBL-Mariner 2.0</p>
An issue was discovered in Ruby through 2.6.7 2.7.x through 2.7.3 and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command aka a "StartTLS stripping attack."
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-32066
Improper Handling of Exceptional Conditions
19016-16820
19017-16823
19016-16820
19017-16823
Important
19016-16820
Important
19017-16823
7.4
7.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
19016-16820
7.4
7.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
19017-16823
CBL-Mariner Releases
19016-16820
No
Security Update
2.6.7-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19016-16820
CBL-Mariner Releases
CBL-Mariner Releases
19017-16823
No
Security Update
2.7.4-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19017-16823
CBL-Mariner Releases
1.0
2021-08-11T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added ruby to CBL-Mariner 2.0</p>
Denial of service due to assertion failure in crwimage_int.cpp
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2021-32815
Reachable Assertion
17009-16823
17009-16823
Moderate
17009-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17009-16823
CBL-Mariner Releases
17009-16823
No
Security Update
0.27.5-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17009-16823
CBL-Mariner Releases
1.0
2022-01-19T00:00:00
<p>Information published.</p>
Request splitting via HTTP/2 method injection and mod_proxy
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
apache
Yes
CVE-2021-33193
19005-16820
17030-16823
19005-16820
17030-16823
Important
19005-16820
Important
17030-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
19005-16820
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
17030-16823
CBL-Mariner Releases
19005-16820
No
Security Update
2.4.46-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19005-16820
CBL-Mariner Releases
CBL-Mariner Releases
17030-16823
No
Security Update
2.4.52-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17030-16823
CBL-Mariner Releases
1.0
2021-08-25T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added httpd to CBL-Mariner 2.0</p>
In Go before 1.15.13 and 1.16.x before 1.16.5 some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-33197
Missing Authorization
17021-17084
19679-17084
19696-17084
19697-17084
17021-17084
19679-17084
19696-17084
19697-17084
Moderate
17021-17084
Moderate
19679-17084
Moderate
19696-17084
Moderate
19697-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
17021-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
19679-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
19696-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
19697-17084
CBL-Mariner Releases
17021-17084
19696-17084
No
Security Update
2.16.2-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17021-17084
19696-17084
CBL-Mariner Releases
1.1
2026-02-19T01:36:29
<p>Information published.</p>
1.0
2024-09-11T00:00:00
<p>Information published.</p>
In the Linux kernel through 5.13.7 an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-34556
Observable Discrepancy
16919-16820
16920-16823
16919-16820
16920-16823
Moderate
16919-16820
Moderate
16920-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
16919-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
16920-16823
CBL-Mariner Releases
16919-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16919-16820
CBL-Mariner Releases
CBL-Mariner Releases
16920-16823
No
Security Update
5.10.78.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16920-16823
CBL-Mariner Releases
1.0
2021-08-10T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added kernel to CBL-Mariner 2.0</p>
In the Linux kernel through 5.13.7 an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-35477
Observable Discrepancy
16919-16820
16920-16823
16919-16820
16920-16823
Moderate
16919-16820
Moderate
16920-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
16919-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
16920-16823
CBL-Mariner Releases
16919-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16919-16820
CBL-Mariner Releases
CBL-Mariner Releases
16920-16823
No
Security Update
5.10.78.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16920-16823
CBL-Mariner Releases
1.0
2021-08-10T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added kernel to CBL-Mariner 2.0</p>
An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection the fingerprint of the server is neither checked nor displayed. As a result a user connects to the server without the ability to verify its authenticity.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-36370
Improper Authentication
19000-16820
19001-16823
19000-16820
19001-16823
Important
19000-16820
Important
19001-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
19000-16820
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
19001-16823
CBL-Mariner Releases
19000-16820
19001-16823
No
Security Update
4.8.27-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19000-16820
19001-16823
CBL-Mariner Releases
1.0
2021-09-09T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added mc to CBL-Mariner 2.0</p>
A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2021-3655
Improper Input Validation
16919-16820
16920-16823
16919-16820
16920-16823
Low
16919-16820
Low
16920-16823
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
16919-16820
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
16920-16823
CBL-Mariner Releases
16919-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16919-16820
CBL-Mariner Releases
CBL-Mariner Releases
16920-16823
No
Security Update
5.10.78.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16920-16823
CBL-Mariner Releases
1.0
2021-08-15T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added kernel to CBL-Mariner 2.0</p>
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2021-3682
Release of Invalid Pointer or Reference
19013-16820
18757-16823
19013-16820
18757-16823
Important
19013-16820
Important
18757-16823
8.5
8.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
19013-16820
8.5
8.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
18757-16823
CBL-Mariner Releases
19013-16820
No
Security Update
4.2.0-35
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19013-16820
CBL-Mariner Releases
CBL-Mariner Releases
18757-16823
No
Security Update
6.2.0-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18757-16823
CBL-Mariner Releases
1.0
2023-03-10T00:00:00
<p>Information published.</p>
Read buffer overruns processing ASN.1 strings
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
openssl
Yes
CVE-2021-3712
Out-of-bounds Read
18903-16820
18982-16823
18131-17084
17859-17084
17013-17084
18903-16820
18982-16823
18131-17084
17859-17084
17013-17084
Important
18903-16820
Important
18982-16823
Important
18131-17084
Important
17859-17084
Important
17013-17084
7.4
7.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
18903-16820
7.4
7.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
18982-16823
7.4
7.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
18131-17084
7.4
7.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
17859-17084
7.4
7.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
17013-17084
CBL-Mariner Releases
18903-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18903-16820
CBL-Mariner Releases
CBL-Mariner Releases
18982-16823
No
Security Update
1.1.1k-11
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18982-16823
CBL-Mariner Releases
CBL-Mariner Releases
18131-17084
No
Security Update
20240223gitedc6681206c1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18131-17084
CBL-Mariner Releases
CBL-Mariner Releases
17859-17084
No
Security Update
20240223gitedc6681206c1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17859-17084
CBL-Mariner Releases
2.3
2026-02-18T14:40:48
<p>Information published.</p>
1.0
2021-10-16T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added openssl to CBL-Mariner 2.0</p>
1.2
2024-08-29T00:00:00
<p>Information published.</p>
1.3
2024-08-30T00:00:00
<p>Information published.</p>
1.4
2024-08-31T00:00:00
<p>Information published.</p>
1.5
2024-09-01T00:00:00
<p>Information published.</p>
1.6
2024-09-02T00:00:00
<p>Information published.</p>
1.7
2024-09-03T00:00:00
<p>Information published.</p>
1.8
2024-09-05T00:00:00
<p>Information published.</p>
1.9
2024-09-06T00:00:00
<p>Information published.</p>
2.0
2024-09-07T00:00:00
<p>Information published.</p>
2.1
2024-09-08T00:00:00
<p>Information published.</p>
2.2
2024-09-11T00:00:00
<p>Information published.</p>
Null pointer dereference in Exiv2::Internal::resolveLens0x8ff
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2021-37616
NULL Pointer Dereference
17009-16823
17009-16823
Moderate
17009-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17009-16823
CBL-Mariner Releases
17009-16823
No
Security Update
0.27.5-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17009-16823
CBL-Mariner Releases
1.0
2022-01-19T00:00:00
<p>Information published.</p>
Denial of service due to infinite loop in Image::printIFDStructure
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2021-37621
Loop with Unreachable Exit Condition ('Infinite Loop')
17009-16823
17009-16823
Moderate
17009-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17009-16823
CBL-Mariner Releases
17009-16823
No
Security Update
0.27.5-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17009-16823
CBL-Mariner Releases
1.0
2022-01-19T00:00:00
<p>Information published.</p>
read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-38115
Out-of-bounds Read
18958-16820
18959-16823
18958-16820
18959-16823
Moderate
18958-16820
Moderate
18959-16823
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18958-16820
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18959-16823
CBL-Mariner Releases
18958-16820
18959-16823
No
Security Update
2.3.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18958-16820
18959-16823
CBL-Mariner Releases
1.0
2021-12-01T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added gd to CBL-Mariner 2.0</p>
In drivers/char/virtio_console.c in the Linux kernel before 5.13.4 data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-38160
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
16919-16820
16920-16823
16919-16820
16920-16823
Important
16919-16820
Important
16920-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
16919-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
16920-16823
CBL-Mariner Releases
16919-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16919-16820
CBL-Mariner Releases
CBL-Mariner Releases
16920-16823
No
Security Update
5.10.78.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16920-16823
CBL-Mariner Releases
1.0
2021-08-15T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added kernel to CBL-Mariner 2.0</p>
An issue was discovered in the nalgebra crate before 0.27.1 for Rust. It allows out-of-bounds memory access because it does not ensure that the number of elements is equal to the product of the row count and column count.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-38190
Improper Restriction of Operations within the Bounds of a Memory Buffer
19743-17084
18817-17084
19743-17084
18817-17084
Critical
19743-17084
Critical
18817-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19743-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18817-17084
CBL-Mariner Releases
19743-17084
18817-17084
No
Security Update
2.58.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19743-17084
18817-17084
CBL-Mariner Releases
1.0
2024-06-30T07:00:00
<p>Information published.</p>
1.1
2026-02-18T01:54:29
<p>Information published.</p>
arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12.13 on systems with perf_event_paranoid=-1 and no specific PMU driver support registered allows local users to cause a denial of service (perf_instruction_pointer NULL pointer dereference and OOPS) via a "perf record" command.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-38200
NULL Pointer Dereference
16919-16820
16920-16823
16919-16820
16920-16823
Moderate
16919-16820
Moderate
16920-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
16919-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
16920-16823
CBL-Mariner Releases
16919-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16919-16820
CBL-Mariner Releases
CBL-Mariner Releases
16920-16823
No
Security Update
5.10.78.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16920-16823
CBL-Mariner Releases
1.0
2021-08-13T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added kernel to CBL-Mariner 2.0</p>
btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-38203
Improper Locking
16919-16820
16920-16823
16919-16820
16920-16823
Moderate
16919-16820
Moderate
16920-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
16919-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
16920-16823
CBL-Mariner Releases
16919-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16919-16820
CBL-Mariner Releases
CBL-Mariner Releases
16920-16823
No
Security Update
5.10.78.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16920-16823
CBL-Mariner Releases
1.0
2021-08-13T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added kernel to CBL-Mariner 2.0</p>
drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-38204
Use After Free
16919-16820
16920-16823
16919-16820
16920-16823
Moderate
16919-16820
Moderate
16920-16823
6.8
6.8
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
16919-16820
6.8
6.8
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
16920-16823
CBL-Mariner Releases
16919-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16919-16820
CBL-Mariner Releases
CBL-Mariner Releases
16920-16823
No
Security Update
5.10.78.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16920-16823
CBL-Mariner Releases
1.0
2021-08-13T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added kernel to CBL-Mariner 2.0</p>
drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-38207
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
16919-16820
16920-16823
16919-16820
16920-16823
Important
16919-16820
Important
16920-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
16919-16820
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
16920-16823
CBL-Mariner Releases
16919-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16919-16820
CBL-Mariner Releases
CBL-Mariner Releases
16920-16823
No
Security Update
5.10.78.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16920-16823
CBL-Mariner Releases
1.0
2021-08-13T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added kernel to CBL-Mariner 2.0</p>
Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-38593
Out-of-bounds Write
16965-16820
18992-16823
16857-16823
19737-17086
17384-17086
16965-16820
18992-16823
16857-16823
19737-17086
17384-17086
Important
16965-16820
Important
18992-16823
Important
16857-16823
19737-17086
Important
17384-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
16965-16820
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18992-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
16857-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19737-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17384-17086
CBL-Mariner Releases
16965-16820
No
Security Update
5.12.11-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16965-16820
CBL-Mariner Releases
CBL-Mariner Releases
18992-16823
19737-17086
17384-17086
No
Security Update
5.12.11-11
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18992-16823
19737-17086
17384-17086
CBL-Mariner Releases
CBL-Mariner Releases
16857-16823
No
Security Update
5.12.11-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16857-16823
CBL-Mariner Releases
1.0
2021-10-01T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added qt5-qtsvg to CBL-Mariner 2.0</p>
1.2
2024-02-09T00:00:00
<p>Added qt5-qtbase to CBL-Mariner 2.0</p>
2.0
2026-02-18T14:24:57
<p>Information published.</p>
In librt in the GNU C Library (aka glibc) through 2.34 sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-38604
NULL Pointer Dereference
19006-16820
18810-16823
19006-16820
18810-16823
Important
19006-16820
Important
18810-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19006-16820
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18810-16823
CBL-Mariner Releases
19006-16820
No
Security Update
2.28-20
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19006-16820
CBL-Mariner Releases
CBL-Mariner Releases
18810-16823
No
Security Update
2.35-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18810-16823
CBL-Mariner Releases
1.0
2021-08-23T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added glibc to CBL-Mariner 2.0</p>
git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character which may result in unexpected cross-protocol requests as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-40330
18999-16820
18999-16820
Important
18999-16820
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
18999-16820
CBL-Mariner Releases
18999-16820
No
Security Update
2.23.4-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18999-16820
CBL-Mariner Releases
1.0
2021-09-10T00:00:00
<p>Information published.</p>
An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory allowing attackers to execute arbitrary code via crafted files.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2020-24742
16857-16823
16857-16823
Important
16857-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
16857-16823
CBL-Mariner Releases
16857-16823
No
Security Update
5.12.11-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16857-16823
CBL-Mariner Releases
1.0
2021-12-16T00:00:00
<p>Information published.</p>
Crafted input may cause the jsoup HTML and XML parser to get stuck, timeout, or throw unchecked exceptions
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2021-37714
Loop with Unreachable Exit Condition ('Infinite Loop')
19648-16823
19648-16823
Important
19648-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19648-16823
CBL-Mariner Releases
19648-16823
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19648-16823
CBL-Mariner Releases
1.0
2025-10-01T23:11:11
<p>Information published.</p>
BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
TianoCore
Yes
CVE-2021-28216
Assignment of a Fixed Address to a Pointer
19662-17086
17093-17086
19662-17086
17093-17086
19662-17086
Important
17093-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19662-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17093-17086
2.0
2026-02-18T02:50:40
<p>Information published.</p>
1.0
2025-09-04T04:00:29
<p>Information published.</p>
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate should be considered invalid.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2020-36478
Improper Certificate Validation
19662-17086
17459-17084
17093-17086
19662-17086
17459-17084
17093-17086
19662-17086
Important
17459-17084
Important
17093-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
19662-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
17459-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
17093-17086
2.0
2026-02-18T02:58:00
<p>Information published.</p>
1.0
2025-09-04T05:05:02
<p>Information published.</p>
An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-38191
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
18469-17084
18469-17084
Moderate
18469-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
18469-17084
1.0
2025-09-04T05:12:49
<p>Information published.</p>
1.1
2026-02-18T03:11:54
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2021-35942
https://nvd.nist.gov/vuln/detail/CVE-2021-35942
https://nvd.nist.gov/vuln/detail/CVE-2021-35942
Mariner
cve@mitre.org
CVE-2021-35942
12137
12138
12137
12138
12137
12138
12137
12138
12137
12138
DOS:N/A
9.1
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
12137
9.1
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
12138
9.1
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
12137
9.1
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
12138
glibc
12137
12138
CBL-Mariner
2.28-19
glibc
12137
glibc-2.28-19.cm1.x86_64.rpm
0001-01-01T00:00:00
glibc-devel-2.28-19.cm1.x86_64.rpm
0001-01-01T00:00:00
glibc-lang-2.28-19.cm1.x86_64.rpm
0001-01-01T00:00:00
glibc-i18n-2.28-19.cm1.x86_64.rpm
0001-01-01T00:00:00
glibc-iconv-2.28-19.cm1.x86_64.rpm
0001-01-01T00:00:00
glibc-tools-2.28-19.cm1.x86_64.rpm
0001-01-01T00:00:00
glibc-nscd-2.28-19.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
2.28-19
glibc
12138
glibc-2.28-19.cm1.aarch64.rpm
0001-01-01T00:00:00
glibc-devel-2.28-19.cm1.aarch64.rpm
0001-01-01T00:00:00
glibc-lang-2.28-19.cm1.aarch64.rpm
0001-01-01T00:00:00
glibc-i18n-2.28-19.cm1.aarch64.rpm
0001-01-01T00:00:00
glibc-iconv-2.28-19.cm1.aarch64.rpm
0001-01-01T00:00:00
glibc-tools-2.28-19.cm1.aarch64.rpm
0001-01-01T00:00:00
glibc-nscd-2.28-19.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
2.28-19
1.0
2021-08-03T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2021-37600
https://nvd.nist.gov/vuln/detail/CVE-2021-37600
https://nvd.nist.gov/vuln/detail/CVE-2021-37600
Mariner
cve@mitre.org
CVE-2021-37600
12137
12138
12137
12138
12137
12138
12137
12138
12137
12138
DOS:N/A
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
12137
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
12138
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
12137
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
12138
util-linux
12137
12138
CBL-Mariner
2.32.1-5
util-linux
12137
util-linux-2.32.1-5.cm1.x86_64.rpm
0001-01-01T00:00:00
util-linux-lang-2.32.1-5.cm1.x86_64.rpm
0001-01-01T00:00:00
util-linux-devel-2.32.1-5.cm1.x86_64.rpm
0001-01-01T00:00:00
util-linux-libs-2.32.1-5.cm1.x86_64.rpm
0001-01-01T00:00:00
util-linux-debuginfo-2.32.1-5.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
2.32.1-5
util-linux
12138
util-linux-2.32.1-5.cm1.aarch64.rpm
0001-01-01T00:00:00
util-linux-lang-2.32.1-5.cm1.aarch64.rpm
0001-01-01T00:00:00
util-linux-devel-2.32.1-5.cm1.aarch64.rpm
0001-01-01T00:00:00
util-linux-libs-2.32.1-5.cm1.aarch64.rpm
0001-01-01T00:00:00
util-linux-debuginfo-2.32.1-5.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
2.32.1-5
1.0
2021-08-10T00:00:00
<p>Information published.</p>
Azure CycleCloud Elevation of Privilege Vulnerability
Azure
Microsoft
CVE-2021-33762
11904
11905
Elevation of Privilege
11904
Elevation of Privilege
11905
Important
11904
Important
11905
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11904
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11905
Release Notes
https://docs.microsoft.com/en-us/azure/cyclecloud/packages?view=cyclecloud-8
11904
Maybe
Security Update
7.9.19
Release Notes
https://docs.microsoft.com/en-us/azure/cyclecloud/packages?view=cyclecloud-8
11905
Maybe
Security Update
8.2.0
Terry Zhang @pnig0s
1.0
2021-08-10T07:00:00
<p>Information published.</p>
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
<p><strong>Is the update for Microsoft Dynamics 365 (on-premises) version 9.1 currently available?</strong></p>
<p>The security update for Microsoft Dynamics 365 (on-premises) version 9.1 is not immediately available. The update will be released as soon as possible, and when it is available, customers will be notified via a revision to this CVE information.</p>
Microsoft Dynamics
Microsoft
CVE-2021-34524
11921
11664
Remote Code Execution
11921
Remote Code Execution
11664
Important
11921
Important
11664
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
8.1
7.1
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11921
8.1
7.1
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11664
4618809
https://www.microsoft.com/en-us/download/details.aspx?id=103378
11921
Maybe
Security Update
9.1.3.11
4618795
https://www.microsoft.com/en-us/download/details.aspx?id=103377
11664
Maybe
Security Update
9.0.31.7
<a href="https://www.linkedin.com/in/fabian-schmidt-42-">Fabian Schmidt</a>
1.0
2021-08-10T07:00:00
<p>Information published.</p>
1.1
2021-08-10T07:00:00
<p>The following revisions have been made: 1) In the Security Updates table, updated the Download and Release Note links for Dynamics 365 (on-premises) version 9.0. This is an informational change only. 2) Added an FAQ regarding the availability of the security update for Microsoft Dynamics 365 (on-premises) version 9.1.</p>
2.0
2021-08-11T07:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Dynamics 365 (on-premises) version 9.1. Customers running affected Dynamics software should install the update for their product to be protected from this vulnerability. Customers running other versions of Microsoft Dynamics 365 (on-premises) do not need to take any action. See the <a href="https://support.microsoft.com/en-us/topic/service-update-1-3-for-microsoft-dynamics-crm-on-premises-9-1-4f9cb846-6c00-4fc1-9c13-bc0bbe733009">KB4618809</a> for more information and download links.</p>
Microsoft Office Remote Code Execution Vulnerability
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>According to the CVSS score, user interaction is required to exploit this vulnerability. What kind of user interaction is required?</strong></p>
<p>A user needs to be tricked into running malicious files.</p>
Microsoft Office
Microsoft
CVE-2021-34478
11573
11574
11762
11763
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Important
11573
Important
11574
Important
11762
Important
11763
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
Click to Run
11573
11574
11762
11763
No
Security Update
https://aka.ms/OfficeSecurityReleases
Thomas Bouzerar (@MajorTomSec) from Synacktiv (@Synacktiv) working with Trend Micro Zero Day Initiative
1.0
2021-08-10T07:00:00
<p>Information published.</p>
2.0
2021-08-19T07:00:00
<p>To comprehensively address CVE-2021-24478, Microsoft has released an updated Build for Microsoft 365 Apps installed on Windows 7 and for the Semi-Annual Enterprise Channel: Version 2002. The new Build number is 12527.22021. See <a href="https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates">Release notes for Microsoft Office security updates</a> for more information.</p>
2.1
2021-08-25T07:00:00
<p>Added acknowledgements. This is an informational change only.</p>
Scripting Engine Memory Corruption Vulnerability
<p><strong>According to the CVSS, User Interaction is Required. What interaction would the user have to do?</strong></p>
<p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p>
<ul>
<li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li>
<li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li>
</ul>
<p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
Microsoft Scripting Engine
Microsoft
CVE-2021-34480
11568
11569
11570
11571
11712
11713
11714
11896
11897
11898
11766
11767
11768
11800
11801
11802
10729
10735
10852
10853
10816
10047
10048
10481
10482
10484
10051
10378
10483
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11712
Remote Code Execution
11713
Remote Code Execution
11714
Remote Code Execution
11896
Remote Code Execution
11897
Remote Code Execution
11898
Remote Code Execution
11766
Remote Code Execution
11767
Remote Code Execution
11768
Remote Code Execution
11800
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10047
Remote Code Execution
10048
Remote Code Execution
10481
Remote Code Execution
10482
Remote Code Execution
10484
Remote Code Execution
10051
Remote Code Execution
10378
Remote Code Execution
10483
Critical
11568
Critical
11569
Critical
11570
Critical
11571
Critical
11712
Critical
11713
Critical
11714
Critical
11896
Critical
11897
Critical
11898
Critical
11766
Critical
11767
Critical
11768
Critical
11800
Critical
11801
Critical
11802
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10047
Critical
10048
Critical
10481
Critical
10482
Critical
10484
Critical
10051
Critical
10378
Critical
10483
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11568
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11569
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11570
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11571
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11712
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11713
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11714
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11896
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11897
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11898
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11766
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11767
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11768
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11800
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11801
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11802
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10729
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10735
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10852
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10853
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10816
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10047
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10048
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10481
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10482
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10484
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10051
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10378
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10483
5005030
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030
5004244
11568
11569
11570
11571
Yes
Security Update
10.0.17763.2114
5005030
https://support.microsoft.com/help/5005030
11568
11569
11570
11571
5005031
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005031
5004245
11712
11713
11714
Yes
Security Update
10.0.18363.1734
5005031
https://support.microsoft.com/help/5005031
11712
11713
11714
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11896
11897
11898
Yes
Security Update
10.0.19043.1165
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11766
11767
11768
Yes
Security Update
10.0.19041.1165
5005033
https://support.microsoft.com/help/5005033
11896
11897
11898
11766
11767
11768
11800
11801
11802
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11800
11801
11802
Yes
Security Update
10.0.19042.1165
5005040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005040
5004249
10729
10735
Yes
Security Update
10.0.10240.19022
5005040
https://support.microsoft.com/help/5005040
10729
10735
5005043
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005043
5004238
10852
10853
10816
Yes
Security Update
10.0.14393.4583
5005088
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005088
5004289
10047
10048
10051
Yes
Monthly Rollup
6.1.7601.25685
5005088
https://support.microsoft.com/help/5005088
10047
10048
10051
5005036
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005036
5004233
10047
10048
10481
10482
10051
10378
10483
Yes
IE Cumulative
5005076
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005076
5004298
10481
10482
10483
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
5005076
5004298
10484
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
5005099
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005099
5004294
10378
Yes
Monthly Rollup
6.2.9200.23435
5005099
https://support.microsoft.com/help/5005099
10378
Ivan Fratric of <a href="https://www.google.com/">Google Project Zero</a>
1.0
2021-08-10T07:00:00
<p>Information published.</p>
Windows MSHTML Platform Remote Code Execution Vulnerability
<p><strong>According to the CVSS, User Interaction is Required. What interaction would the user have to do?</strong></p>
<p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p>
<ul>
<li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li>
<li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li>
</ul>
<p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
Windows MSHTML Platform
Microsoft
CVE-2021-34534
11568
11569
11570
11571
11712
11713
11714
11896
11897
11898
11766
11767
11768
11800
11801
11802
10729
10735
10852
10853
10816
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11712
Remote Code Execution
11713
Remote Code Execution
11714
Remote Code Execution
11896
Remote Code Execution
11897
Remote Code Execution
11898
Remote Code Execution
11766
Remote Code Execution
11767
Remote Code Execution
11768
Remote Code Execution
11800
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Critical
11568
Critical
11569
Critical
11570
Critical
11571
Critical
11712
Critical
11713
Critical
11714
Critical
11896
Critical
11897
Critical
11898
Critical
11766
Critical
11767
Critical
11768
Critical
11800
Critical
11801
Critical
11802
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11568
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11569
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11570
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11571
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11712
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11713
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11714
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11896
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11897
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11898
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11766
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11767
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11768
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11800
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11801
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11802
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10729
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10735
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10852
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10853
6.8
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10816
5005030
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030
5004244
11568
11569
11570
11571
Yes
Security Update
10.0.17763.2114
5005030
https://support.microsoft.com/help/5005030
11568
11569
11570
11571
5005031
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005031
5004245
11712
11713
11714
Yes
Security Update
10.0.18363.1734
5005031
https://support.microsoft.com/help/5005031
11712
11713
11714
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11896
11897
11898
Yes
Security Update
10.0.19043.1165
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11766
11767
11768
Yes
Security Update
10.0.19041.1165
5005033
https://support.microsoft.com/help/5005033
11896
11897
11898
11766
11767
11768
11800
11801
11802
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11800
11801
11802
Yes
Security Update
10.0.19042.1165
5005040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005040
5004249
10729
10735
Yes
Security Update
10.0.10240.19022
5005040
https://support.microsoft.com/help/5005040
10729
10735
5005043
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005043
5004238
10852
10853
10816
Yes
Security Update
10.0.14393.4583
<a href="https://twitter.com/guhe120">Yuki Chen</a>
1.0
2021-08-10T07:00:00
<p>Information published.</p>
Windows Event Tracing Elevation of Privilege Vulnerability
Windows Event Tracing
Microsoft
CVE-2021-34486
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11712
Elevation of Privilege
11713
Elevation of Privilege
11714
Elevation of Privilege
11896
Elevation of Privilege
11897
Elevation of Privilege
11898
Elevation of Privilege
11766
Elevation of Privilege
11767
Elevation of Privilege
11768
Elevation of Privilege
11769
Elevation of Privilege
11800
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11803
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11766
Important
11767
Important
11768
Important
11769
Important
11800
Important
11801
Important
11802
Important
11803
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11896
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11897
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11898
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11766
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11767
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11768
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11769
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11800
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
5005030
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030
5004244
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2114
5005030
https://support.microsoft.com/help/5005030
11568
11569
11570
11571
11572
5005031
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005031
5004245
11712
11713
11714
Yes
Security Update
10.0.18363.1734
5005031
https://support.microsoft.com/help/5005031
11712
11713
11714
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11896
11897
11898
Yes
Security Update
10.0.19043.1165
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11766
11767
11768
11769
Yes
Security Update
10.0.19041.1165
5005033
https://support.microsoft.com/help/5005033
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11800
11801
11802
11803
Yes
Security Update
10.0.19042.1165
Yong Chuan Koh (<a href="https://twitter.com/yongchuank">@yongchuank</a>)
1.0
2021-08-10T07:00:00
<p>Information published.</p>
1.1
2021-08-12T07:00:00
<p>Updated information to include CVSS scores. This is an informational change only.</p>
Storage Spaces Controller Elevation of Privilege Vulnerability
Windows Storage Spaces Controller
Microsoft
CVE-2021-34536
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
10729
10735
10852
10853
10816
10855
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11712
Elevation of Privilege
11713
Elevation of Privilege
11714
Elevation of Privilege
11896
Elevation of Privilege
11897
Elevation of Privilege
11898
Elevation of Privilege
11766
Elevation of Privilege
11767
Elevation of Privilege
11768
Elevation of Privilege
11769
Elevation of Privilege
11800
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11803
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11766
Important
11767
Important
11768
Important
11769
Important
11800
Important
11801
Important
11802
Important
11803
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11896
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11897
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11898
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11766
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11767
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11768
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11769
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11800
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5005030
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030
5004244
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2114
5005030
https://support.microsoft.com/help/5005030
11568
11569
11570
11571
11572
5005031
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005031
5004245
11712
11713
11714
Yes
Security Update
10.0.18363.1734
5005031
https://support.microsoft.com/help/5005031
11712
11713
11714
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11896
11897
11898
Yes
Security Update
10.0.19043.1165
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11766
11767
11768
11769
Yes
Security Update
10.0.19041.1165
5005033
https://support.microsoft.com/help/5005033
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11800
11801
11802
11803
Yes
Security Update
10.0.19042.1165
5005040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005040
5004249
10729
10735
Yes
Security Update
10.0.10240.19022
5005040
https://support.microsoft.com/help/5005040
10729
10735
5005043
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005043
5004238
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4583
nghiadt12 (@nghiadt1098) from Viettel Cyber Security
Le Huu Quang Linh <a href="https://twitter.com/linhlhq">(@linhlhq)</a> from Vietnam National Cyber Security Center (NCSC Vietnam)
kpc working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
1.0
2021-08-10T07:00:00
<p>Information published.</p>
Windows Event Tracing Elevation of Privilege Vulnerability
Windows Event Tracing
Microsoft
CVE-2021-34487
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
10852
10853
10816
10855
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11712
Elevation of Privilege
11713
Elevation of Privilege
11714
Elevation of Privilege
11896
Elevation of Privilege
11897
Elevation of Privilege
11898
Elevation of Privilege
11766
Elevation of Privilege
11767
Elevation of Privilege
11768
Elevation of Privilege
11769
Elevation of Privilege
11800
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11803
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11766
Important
11767
Important
11768
Important
11769
Important
11800
Important
11801
Important
11802
Important
11803
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11896
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11897
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11898
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11766
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11767
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11768
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11769
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11800
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5005030
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030
5004244
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2114
5005030
https://support.microsoft.com/help/5005030
11568
11569
11570
11571
11572
5005031
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005031
5004245
11712
11713
11714
Yes
Security Update
10.0.18363.1734
5005031
https://support.microsoft.com/help/5005031
11712
11713
11714
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11896
11897
11898
Yes
Security Update
10.0.19043.1165
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11766
11767
11768
11769
Yes
Security Update
10.0.19041.1165
5005033
https://support.microsoft.com/help/5005033
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11800
11801
11802
11803
Yes
Security Update
10.0.19042.1165
5005043
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005043
5004238
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4583
Jacob Lewellen of Microsoft
1.0
2021-08-10T07:00:00
<p>Information published.</p>
Windows Bluetooth Driver Elevation of Privilege Vulnerability
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An authorized attacker could exploit the Windows Bluetooth driver vulnerability by programatically running certain functions that could lead to elevation of privilege on the Bluetooth component.</p>
Windows Bluetooth Service
Microsoft
CVE-2021-34537
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
10051
10049
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11712
Elevation of Privilege
11713
Elevation of Privilege
11714
Elevation of Privilege
11896
Elevation of Privilege
11897
Elevation of Privilege
11898
Elevation of Privilege
11766
Elevation of Privilege
11767
Elevation of Privilege
11768
Elevation of Privilege
11769
Elevation of Privilege
11800
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11803
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11766
Important
11767
Important
11768
Important
11769
Important
11800
Important
11801
Important
11802
Important
11803
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
10051
Important
10049
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11896
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11897
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11898
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11766
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11767
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11768
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11769
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11800
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5005030
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030
5004244
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2114
5005030
https://support.microsoft.com/help/5005030
11568
11569
11570
11571
11572
5005031
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005031
5004245
11712
11713
11714
Yes
Security Update
10.0.18363.1734
5005031
https://support.microsoft.com/help/5005031
11712
11713
11714
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11896
11897
11898
Yes
Security Update
10.0.19043.1165
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11766
11767
11768
11769
Yes
Security Update
10.0.19041.1165
5005033
https://support.microsoft.com/help/5005033
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11800
11801
11802
11803
Yes
Security Update
10.0.19042.1165
5005040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005040
5004249
10729
10735
Yes
Security Update
10.0.10240.19022
5005040
https://support.microsoft.com/help/5005040
10729
10735
5005043
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005043
5004238
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4583
5005088
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005088
5004289
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.25685
5005088
https://support.microsoft.com/help/5005088
10047
10048
10051
10049
5005089
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005089
10047
10048
10051
10049
Yes
Security Only
6.1.7601.25685
5005089
https://support.microsoft.com/help/5005089
10047
10048
10051
10049
5005076
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005076
5004298
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
10543
5005106
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005106
10481
10482
10483
10543
Yes
Security Only
6.3.9600.20094
5005106
https://support.microsoft.com/help/5005106
10481
10482
10483
10543
5005076
5004298
10484
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
10543
ziming zhang of Ant Security Light-Year Lab
1.0
2021-08-10T07:00:00
<p>Information published.</p>
.NET Core and Visual Studio Denial of Service Vulnerability
.NET Core & Visual Studio
Microsoft
CVE-2021-26423
11600
11720
11785
11872
11900
11901
11565
11730
11761
11864
11865
Denial of Service
11600
Denial of Service
11720
Denial of Service
11785
Denial of Service
11872
Denial of Service
11900
Denial of Service
11901
Denial of Service
11565
Denial of Service
11730
Denial of Service
11761
Denial of Service
11864
Denial of Service
11865
Important
11600
Important
11720
Important
11785
Important
11872
Important
11900
Important
11901
Important
11565
Important
11730
Important
11761
Important
11864
Important
11865
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11600
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11720
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11785
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11872
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11900
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11901
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11565
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11730
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11761
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11864
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11865
Release Notes
http://aka.ms/vs/15/release/latest
11600
Maybe
Security Update
15.9.38
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.4
11720
Maybe
Security Update
16.4.25
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.7
11785
Maybe
Security Update
16.7.18
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.9
11872
Maybe
Security Update
16.9.10
Release Notes
http://aka.ms/vs/16/release/latest
11900
Maybe
Security Update
16.10.5
Release Notes
https://visualstudio.microsoft.com/vs/mac/
11901
Maybe
Security Update
8.10.7
Release Notes
https://dotnet.microsoft.com/download/dotnet-core/2.1
11565
Maybe
Security Update
2.1.30
Release Notes
https://dotnet.microsoft.com/download/dotnet-core/3.1
11730
Maybe
Security Update
3.1.18
Release Notes
https://dotnet.microsoft.com/download/dotnet/5.0
11761
Maybe
Security Update
5.0.9
Release Notes
https://github.com/PowerShell/PowerShell#get-powershell
11864
Maybe
Security Update
7.1.4
Release Notes
https://github.com/PowerShell/PowerShell#get-powershell
11865
Maybe
Security Update
7.0.7
<a href="https://twitter.com/ulldma">Peter Stöckli</a> with <a href="https://www.ergon.ch">Ergon Informatik</a>
<a href="https://twitter.com/ulldma">Peter Stöckli</a> with <a href="https://www.ergon.ch">Ergon Informatik</a>
1.0
2021-08-10T07:00:00
<p>Information published.</p>
1.1
2021-08-10T07:00:00
<p>In the Security Updates table, added links to the Release Notes. This is an informational change only.</p>
2.0
2021-08-12T07:00:00
<p>Revised the Security Updates table to include PowerShell 7.0 and PowerShell 7.1 because these versions of PowerShell 7 incorporate the versions of .NET Core that are affected by this vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/25">https://github.com/PowerShell/Announcements/issues/25</a> for more information.</p>
3.0
2021-08-19T07:00:00
<p>To comprehensively address this vulnerability, Microsoft has released .NET Core 2.1 Build Number 2.1.30. Customers who have downloaded Build 2.1.29 should download and install Build 2.1.30 to be fully protected from this vulnerability.</p>
Windows TCP/IP Remote Code Execution Vulnerability
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>This vulnerability is remotely triggerable by a malicious Hyper-V guest that sends an ipv6 ping to the Hyper-V host. An attacker could send a specially crafted TCPIP packet to its host utilizing the TCPIP Protocol Stack (tcpip.sys) to process packets.</p>
<p><strong>Is this attack specific to Hyper-V or applicable to all hypervisor technologies?</strong></p>
<p>This attack is specific to Hyper-V. Systems that do not have Hyper-V installed are not at risk.</p>
<p><strong>Will disabling IPV6 mitigate this vulnerability?</strong></p>
<p>Yes. Disabling IPV6 will block the threat vector. See <a href="https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-ipv6-in-windows">Guidance for configuring IPv6 in Windows for advanced users</a> for instructions for disabling IPV6.</p>
Windows TCP/IP
Microsoft
CVE-2021-26424
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11712
Remote Code Execution
11713
Remote Code Execution
11714
Remote Code Execution
11896
Remote Code Execution
11897
Remote Code Execution
11898
Remote Code Execution
11766
Remote Code Execution
11767
Remote Code Execution
11768
Remote Code Execution
11769
Remote Code Execution
11800
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11803
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10047
Remote Code Execution
10048
Remote Code Execution
10481
Remote Code Execution
10482
Remote Code Execution
10484
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
11568
Critical
11569
Critical
11570
Critical
11571
Critical
11572
Critical
11712
Critical
11713
Critical
11714
Critical
11896
Critical
11897
Critical
11898
Critical
11766
Critical
11767
Critical
11768
Critical
11769
Critical
11800
Critical
11801
Critical
11802
Critical
11803
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
10047
Critical
10048
Critical
10481
Critical
10482
Critical
10484
Critical
9312
Critical
10287
Critical
9318
Critical
9344
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11896
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11897
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11898
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11766
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11767
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11768
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11769
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11800
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
9.9
8.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5005030
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030
5004244
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2114
5005030
https://support.microsoft.com/help/5005030
11568
11569
11570
11571
11572
5005031
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005031
5004245
11712
11713
11714
Yes
Security Update
10.0.18363.1734
5005031
https://support.microsoft.com/help/5005031
11712
11713
11714
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11896
11897
11898
Yes
Security Update
10.0.19043.1165
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11766
11767
11768
11769
Yes
Security Update
10.0.19041.1165
5005033
https://support.microsoft.com/help/5005033
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11800
11801
11802
11803
Yes
Security Update
10.0.19042.1165
5005040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005040
5004249
10729
10735
Yes
Security Update
10.0.10240.19022
5005040
https://support.microsoft.com/help/5005040
10729
10735
5005043
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005043
5004238
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4583
5005088
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005088
5004289
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.25685
5005088
https://support.microsoft.com/help/5005088
10047
10048
10051
10049
5005089
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005089
10047
10048
10051
10049
Yes
Security Only
6.1.7601.25685
5005089
https://support.microsoft.com/help/5005089
10047
10048
10051
10049
5005076
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005076
5004298
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
10543
5005106
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005106
10481
10482
10483
10543
Yes
Security Only
6.3.9600.20094
5005106
https://support.microsoft.com/help/5005106
10481
10482
10483
10543
5005076
5004298
10484
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
10543
5005090
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005090
5004305
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21192
5005090
https://support.microsoft.com/help/5005090
9312
10287
9318
9344
5005095
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005095
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21192
5005095
https://support.microsoft.com/help/5005095
9312
10287
9318
9344
5005099
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005099
5004294
10378
10379
Yes
Monthly Rollup
6.2.9200.23435
5005099
https://support.microsoft.com/help/5005099
10378
10379
5005094
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005094
10378
10379
Yes
Security Only
6.2.9200.23435
5005094
https://support.microsoft.com/help/5005094
10378
10379
Quan Luo from Codesafe Team of Legendsec at Qi'anxin Group
1.0
2021-08-10T07:00:00
<p>Information published.</p>
1.1
2021-08-17T07:00:00
<p>Updated FAQ information. This is an informational change only.</p>
Windows Event Tracing Elevation of Privilege Vulnerability
Windows Event Tracing
Microsoft
CVE-2021-26425
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11712
Elevation of Privilege
11713
Elevation of Privilege
11714
Elevation of Privilege
11896
Elevation of Privilege
11897
Elevation of Privilege
11898
Elevation of Privilege
11766
Elevation of Privilege
11767
Elevation of Privilege
11768
Elevation of Privilege
11769
Elevation of Privilege
11800
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11803
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11766
Important
11767
Important
11768
Important
11769
Important
11800
Important
11801
Important
11802
Important
11803
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11896
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11897
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11898
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11766
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11767
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11768
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11769
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11800
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5005030
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030
5004244
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2114
5005030
https://support.microsoft.com/help/5005030
11568
11569
11570
11571
11572
5005031
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005031
5004245
11712
11713
11714
Yes
Security Update
10.0.18363.1734
5005031
https://support.microsoft.com/help/5005031
11712
11713
11714
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11896
11897
11898
Yes
Security Update
10.0.19043.1165
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11766
11767
11768
11769
Yes
Security Update
10.0.19041.1165
5005033
https://support.microsoft.com/help/5005033
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11800
11801
11802
11803
Yes
Security Update
10.0.19042.1165
5005040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005040
5004249
10729
10735
Yes
Security Update
10.0.10240.19022
5005040
https://support.microsoft.com/help/5005040
10729
10735
5005043
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005043
5004238
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4583
5005088
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005088
5004289
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.25685
5005088
https://support.microsoft.com/help/5005088
10047
10048
10051
10049
5005089
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005089
10047
10048
10051
10049
Yes
Security Only
6.1.7601.25685
5005089
https://support.microsoft.com/help/5005089
10047
10048
10051
10049
5005076
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005076
5004298
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
10543
5005106
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005106
10481
10482
10483
10543
Yes
Security Only
6.3.9600.20094
5005106
https://support.microsoft.com/help/5005106
10481
10482
10483
10543
5005076
5004298
10484
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
10543
5005090
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005090
5004305
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21192
5005090
https://support.microsoft.com/help/5005090
9312
10287
9318
9344
5005095
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005095
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21192
5005095
https://support.microsoft.com/help/5005095
9312
10287
9318
9344
5005099
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005099
5004294
10378
10379
Yes
Monthly Rollup
6.2.9200.23435
5005099
https://support.microsoft.com/help/5005099
10378
10379
5005094
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005094
10378
10379
Yes
Security Only
6.2.9200.23435
5005094
https://support.microsoft.com/help/5005094
10378
10379
Abdelhamid Naceri (halov) working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
1.0
2021-08-10T07:00:00
<p>Information published.</p>
Windows User Account Profile Picture Elevation of Privilege Vulnerability
Windows User Profile Service
Microsoft
CVE-2021-26426
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
10729
10735
10852
10853
10816
10855
10481
10482
10484
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11712
Elevation of Privilege
11713
Elevation of Privilege
11714
Elevation of Privilege
11896
Elevation of Privilege
11897
Elevation of Privilege
11898
Elevation of Privilege
11766
Elevation of Privilege
11767
Elevation of Privilege
11768
Elevation of Privilege
11769
Elevation of Privilege
11800
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11803
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11766
Important
11767
Important
11768
Important
11769
Important
11800
Important
11801
Important
11802
Important
11803
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10481
Important
10482
Important
10484
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11896
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11897
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11898
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11766
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11767
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11768
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11769
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11800
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.0
6.1
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5005030
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030
5004244
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2114
5005030
https://support.microsoft.com/help/5005030
11568
11569
11570
11571
11572
5005031
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005031
5004245
11712
11713
11714
Yes
Security Update
10.0.18363.1734
5005031
https://support.microsoft.com/help/5005031
11712
11713
11714
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11896
11897
11898
Yes
Security Update
10.0.19043.1165
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11766
11767
11768
11769
Yes
Security Update
10.0.19041.1165
5005033
https://support.microsoft.com/help/5005033
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11800
11801
11802
11803
Yes
Security Update
10.0.19042.1165
5005040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005040
5004249
10729
10735
Yes
Security Update
10.0.10240.19022
5005040
https://support.microsoft.com/help/5005040
10729
10735
5005043
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005043
5004238
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4583
5005076
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005076
5004298
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
10543
5005106
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005106
10481
10482
10483
10543
Yes
Security Only
6.3.9600.20094
5005106
https://support.microsoft.com/help/5005106
10481
10482
10483
10543
5005076
5004298
10484
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
10543
5005099
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005099
5004294
10378
10379
Yes
Monthly Rollup
6.2.9200.23435
5005099
https://support.microsoft.com/help/5005099
10378
10379
5005094
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005094
10378
10379
Yes
Security Only
6.2.9200.23435
5005094
https://support.microsoft.com/help/5005094
10378
10379
Abdelhamid Naceri (halov) working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
1.0
2021-08-10T07:00:00
<p>Information published.</p>
Azure Sphere Information Disclosure Vulnerability
<p><strong>What version of Azure Sphere has the update that protects from this vulnerability?</strong></p>
<p>All versions of Azure Sphere that are 21.07 and higher are protected from this vulnerability.</p>
<p><strong>How do I ensure my Azure Sphere device has the update?</strong></p>
<p>If your device is new or has not been connected to the internet for a while, connect the device to a secure, private local network with internet access and allow the device to automatically update itself. If the device is already online, verify that the operating system version 21.07 has been installed using the Azure Sphere CLI command:</p>
<p><code>azsphere device show-os-version </code></p>
<p>If the device is connected to the internet and does not yet have the latest update, check the update status with the following Azure Sphere CLI command:</p>
<p><code>azsphere device show-deployment-status </code></p>
<p><strong>Azure Sphere is running on IoT devices in my environment. How do I know if any of those devices are affected by this vulnerability?</strong></p>
<p>An IoT device that is running Azure Sphere and is connected to a network is automatically updated every day. This vulnerability has already been addressed so the devices are protected from this vulnerability. More information on Azure Sphere’s CVE principles can be found on https://docs.microsoft.com/en-us/azure-sphere/deployment/azure-sphere-cves</p>
Azure Sphere
Microsoft
CVE-2021-26428
11796
Information Disclosure
11796
Important
11796
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
4.4
4.0
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
11796
Release Notes
11796
Maybe
Security Update
21.07
Claudio Bozzato with <a href="https://talosintelligence.com/">Cisco Talos</a>
1.0
2021-08-10T07:00:00
<p>Information published.</p>
Azure Sphere Elevation of Privilege Vulnerability
<p><strong>What version of Azure Sphere has the update that protects from this vulnerability?</strong></p>
<p>All versions of Azure Sphere that are 21.07 and higher are protected from this vulnerability.</p>
<p><strong>How do I ensure my Azure Sphere device has the update?</strong></p>
<p>If your device is new or has not been connected to the internet for a while, connect the device to a secure, private local network with internet access and allow the device to automatically update itself. If the device is already online, verify that the operating system version 21.07 has been installed using the Azure Sphere CLI command:</p>
<p><code>azsphere device show-os-version </code></p>
<p>If the device is connected to the internet and does not yet have the latest update, check the update status with the following Azure Sphere CLI command:</p>
<p><code>azsphere device show-deployment-status </code></p>
<p><strong>Azure Sphere is running on IoT devices in my environment. How do I know if any of those devices are affected by this vulnerability?</strong></p>
<p>An IoT device that is running Azure Sphere and is connected to a network is automatically updated every day. This vulnerability has already been addressed so the devices are protected from this vulnerability. More information on Azure Sphere’s CVE principles can be found on https://docs.microsoft.com/en-us/azure-sphere/deployment/azure-sphere-cves</p>
Azure Sphere
Microsoft
CVE-2021-26429
11796
Elevation of Privilege
11796
Important
11796
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.7
6.9
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L/E:P/RL:O/RC:C
11796
Release Notes
11796
Maybe
Security Update
21.07
Bryce Bearchell, Daniel Reyes of Cromulence, LLC
1.0
2021-08-10T07:00:00
<p>Information published.</p>
1.1
2021-08-11T07:00:00
<p>Added an acknowledgement. This is an informational change only.</p>
1.2
2021-08-13T07:00:00
<p>Updated acknowledgment. This is an informational change only.</p>
Azure Sphere Denial of Service Vulnerability
<p><strong>What version of Azure Sphere has the update that protects from this vulnerability?</strong></p>
<p>All versions of Azure Sphere that are 21.07 and higher are protected from this vulnerability.</p>
<p><strong>How do I ensure my Azure Sphere device has the update?</strong></p>
<p>If your device is new or has not been connected to the internet for a while, connect the device to a secure, private local network with internet access and allow the device to automatically update itself. If the device is already online, verify that the operating system version 21.07 has been installed using the Azure Sphere CLI command:</p>
<p><code>azsphere device show-os-version </code></p>
<p>If the device is connected to the internet and does not yet have the latest update, check the update status with the following Azure Sphere CLI command:</p>
<p><code>azsphere device show-deployment-status </code></p>
<p><strong>Azure Sphere is running on IoT devices in my environment. How do I know if any of those devices are affected by this vulnerability?</strong></p>
<p>An IoT device that is running Azure Sphere and is connected to a network is automatically updated every day. This vulnerability has already been addressed so the devices are protected from this vulnerability. More information on Azure Sphere’s CVE principles can be found on https://docs.microsoft.com/en-us/azure-sphere/deployment/azure-sphere-cves</p>
Azure Sphere
Microsoft
CVE-2021-26430
11796
Denial of Service
11796
Important
11796
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
6.0
5.4
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C
11796
Release Notes
11796
Maybe
Security Update
21.07
Claudio Bozzato with <a href="https://talosintelligence.com/">Cisco Talos</a>
1.0
2021-08-10T07:00:00
<p>Information published.</p>
Windows Print Spooler Remote Code Execution Vulnerability
Windows Print Spooler Components
Microsoft
CVE-2021-36936
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11712
Remote Code Execution
11713
Remote Code Execution
11714
Remote Code Execution
11896
Remote Code Execution
11897
Remote Code Execution
11898
Remote Code Execution
11766
Remote Code Execution
11767
Remote Code Execution
11768
Remote Code Execution
11769
Remote Code Execution
11800
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11803
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10047
Remote Code Execution
10048
Remote Code Execution
10481
Remote Code Execution
10482
Remote Code Execution
10484
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
11568
Critical
11569
Critical
11570
Critical
11571
Critical
11572
Critical
11712
Critical
11713
Critical
11714
Critical
11896
Critical
11897
Critical
11898
Critical
11766
Critical
11767
Critical
11768
Critical
11769
Critical
11800
Critical
11801
Critical
11802
Critical
11803
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
10047
Critical
10048
Critical
10481
Critical
10482
Critical
10484
Critical
9312
Critical
10287
Critical
9318
Critical
9344
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11568
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11569
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11570
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11571
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11572
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11712
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11713
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11714
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11896
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11897
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11898
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11766
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11767
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11768
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11769
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11800
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11801
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11802
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11803
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10729
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10735
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10852
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10853
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10816
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10855
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10047
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10048
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10481
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10482
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10484
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9312
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10287
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9318
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9344
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10051
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10049
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10378
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10379
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10483
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10543
5005030
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030
5004244
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2114
5005030
https://support.microsoft.com/help/5005030
11568
11569
11570
11571
11572
5005031
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005031
5004245
11712
11713
11714
Yes
Security Update
10.0.18363.1734
5005031
https://support.microsoft.com/help/5005031
11712
11713
11714
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11896
11897
11898
Yes
Security Update
10.0.19043.1165
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11766
11767
11768
11769
Yes
Security Update
10.0.19041.1165
5005033
https://support.microsoft.com/help/5005033
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11800
11801
11802
11803
Yes
Security Update
10.0.19042.1165
5005040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005040
5004249
10729
10735
Yes
Security Update
10.0.10240.19022
5005040
https://support.microsoft.com/help/5005040
10729
10735
5005043
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005043
5004238
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4583
5005088
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005088
5004289
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.25685
5005088
https://support.microsoft.com/help/5005088
10047
10048
10051
10049
5005089
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005089
10047
10048
10051
10049
Yes
Security Only
6.1.7601.25685
5005089
https://support.microsoft.com/help/5005089
10047
10048
10051
10049
5005076
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005076
5004298
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
10543
5005106
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005106
10481
10482
10483
10543
Yes
Security Only
6.3.9600.20094
5005106
https://support.microsoft.com/help/5005106
10481
10482
10483
10543
5005076
5004298
10484
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
10543
5005090
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005090
5004305
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21192
5005090
https://support.microsoft.com/help/5005090
9312
10287
9318
9344
5005095
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005095
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21192
5005095
https://support.microsoft.com/help/5005095
9312
10287
9318
9344
5005099
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005099
5004294
10378
10379
Yes
Monthly Rollup
6.2.9200.23435
5005099
https://support.microsoft.com/help/5005099
10378
10379
5005094
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005094
10378
10379
Yes
Security Only
6.2.9200.23435
5005094
https://support.microsoft.com/help/5005094
10378
10379
1.0
2021-08-10T07:00:00
<p>Information published.</p>
Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability
Microsoft Windows Codecs Library
Microsoft
CVE-2021-36937
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11712
Remote Code Execution
11713
Remote Code Execution
11714
Remote Code Execution
11896
Remote Code Execution
11897
Remote Code Execution
11898
Remote Code Execution
11766
Remote Code Execution
11767
Remote Code Execution
11768
Remote Code Execution
11769
Remote Code Execution
11800
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11803
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10047
Remote Code Execution
10048
Remote Code Execution
10481
Remote Code Execution
10482
Remote Code Execution
10484
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11766
Important
11767
Important
11768
Important
11769
Important
11800
Important
11801
Important
11802
Important
11803
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11896
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11897
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11898
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11766
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11767
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11768
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11769
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11800
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5005030
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030
5004244
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2114
5005030
https://support.microsoft.com/help/5005030
11568
11569
11570
11571
11572
5005031
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005031
5004245
11712
11713
11714
Yes
Security Update
10.0.18363.1734
5005031
https://support.microsoft.com/help/5005031
11712
11713
11714
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11896
11897
11898
Yes
Security Update
10.0.19043.1165
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11766
11767
11768
11769
Yes
Security Update
10.0.19041.1165
5005033
https://support.microsoft.com/help/5005033
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11800
11801
11802
11803
Yes
Security Update
10.0.19042.1165
5005040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005040
5004249
10729
10735
Yes
Security Update
10.0.10240.19022
5005040
https://support.microsoft.com/help/5005040
10729
10735
5005043
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005043
5004238
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4583
5005088
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005088
5004289
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.25685
5005088
https://support.microsoft.com/help/5005088
10047
10048
10051
10049
5005089
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005089
10047
10048
10051
10049
Yes
Security Only
6.1.7601.25685
5005089
https://support.microsoft.com/help/5005089
10047
10048
10051
10049
5005076
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005076
5004298
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
10543
5005106
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005106
10481
10482
10483
10543
Yes
Security Only
6.3.9600.20094
5005106
https://support.microsoft.com/help/5005106
10481
10482
10483
10543
5005076
5004298
10484
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
10543
5005090
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005090
5004305
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21192
5005090
https://support.microsoft.com/help/5005090
9312
10287
9318
9344
5005095
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005095
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21192
5005095
https://support.microsoft.com/help/5005095
9312
10287
9318
9344
5005099
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005099
5004294
10378
10379
Yes
Monthly Rollup
6.2.9200.23435
5005099
https://support.microsoft.com/help/5005099
10378
10379
5005094
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005094
10378
10379
Yes
Security Only
6.2.9200.23435
5005094
https://support.microsoft.com/help/5005094
10378
10379
HAO LI of VenusTech ADLab
crashman of codemize security research lab
1.0
2021-08-10T07:00:00
<p>Information published.</p>
Windows Cryptographic Primitives Library Information Disclosure Vulnerability
Windows Cryptographic Services
Microsoft
CVE-2021-36938
11568
11569
11570
11571
11572
10729
10735
10852
10853
10816
10855
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11570
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely;Older Software Release:Exploitation Unlikely;DOS:N/A
5.5
4.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11570
5.5
4.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
5.5
4.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
5.5
4.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5005030
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030
5004244
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2114
5005030
https://support.microsoft.com/help/5005030
11568
11569
11570
11571
11572
5005040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005040
5004249
10729
10735
Yes
Security Update
10.0.10240.19022
5005040
https://support.microsoft.com/help/5005040
10729
10735
5005043
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005043
5004238
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4583
1.0
2021-08-10T07:00:00
<p>Information published.</p>
Windows LSA Spoofing Vulnerability
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM. This security update blocks the affected API calls <a href="https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa">OpenEncryptedFileRawA</a> and <a href="https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfileraww">OpenEncryptedFileRawW</a> through LSARPC interface.</p>
<p><strong>Is there more information available on how to protect my system?</strong></p>
<p>Yes. Please see <a href="https://msrc.microsoft.com/update-guide/vulnerability/ADV210003">ADV210003 Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS)</a>.</p>
<p><strong>Are there further actions I need to take to protect my system after I have applied the security update?</strong></p>
<p>Yes. Please see <a href="https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429">KB5005413</a> for more information on the steps that you need to take to protect your system. Please note that the combined CVSS score would be 9.8 when this vulnerability is chained with the noted NTLM Relay Attacks on Active Directory Certificate Services (AD CS).</p>
<p><strong>Should I prioritize updating domain controllers when I apply the security updates released on August 10, 2021?</strong></p>
<p>Yes. This vulnerability affects all servers but domain controllers should be prioritized in terms of applying security updates.</p>
<p><strong>How will installing the updates that address this CVE impact my environment?</strong></p>
<p>The EFS API <a href="https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa">OpenEncryptedFileRaw(A/W)</a>, often used in backup software, continues to work in all versions of Windows (local and remote), except when backing up to or from a system running Windows Server 2008 SP2. OpenEncryptedFileRaw will no longer work on Windows Server 2008 SP2.</p>
<p><strong>Note</strong>: If you are unable to use backup software on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 and later, after installing the updates that address this CVE, contact the manufacturer of your backup software for updates and support.</p>
Windows NTLM
Microsoft
CVE-2021-36942
11571
11572
11769
11803
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Spoofing
11571
Spoofing
11572
Spoofing
11769
Spoofing
11803
Spoofing
10816
Spoofing
10855
Spoofing
9312
Spoofing
10287
Spoofing
9318
Spoofing
9344
Spoofing
10051
Spoofing
10049
Spoofing
10378
Spoofing
10379
Spoofing
10483
Spoofing
10543
Important
11571
Important
11572
Important
11769
Important
11803
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A
7.5
7.0
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
11571
7.5
7.0
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
11572
7.5
7.0
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
11769
7.5
7.0
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
11803
7.5
7.0
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10816
7.5
7.0
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10855
7.5
7.0
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
9312
7.5
7.0
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10287
7.5
7.0
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
9318
7.5
7.0
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
9344
7.5
7.0
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10051
7.5
7.0
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10049
7.5
7.0
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10378
7.5
7.0
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10379
7.5
7.0
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10483
7.5
7.0
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10543
5005030
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030
5004244
11571
11572
Yes
Security Update
10.0.17763.2114
5005030
https://support.microsoft.com/help/5005030
11571
11572
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11769
Yes
Security Update
10.0.19041.1165
5005033
https://support.microsoft.com/help/5005033
11769
11803
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11803
Yes
Security Update
10.0.19042.1165
5005043
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005043
5004238
10816
10855
Yes
Security Update
10.0.14393.4583
5005090
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005090
5004305
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21192
5005090
https://support.microsoft.com/help/5005090
9312
10287
9318
9344
5005095
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005095
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21192
5005095
https://support.microsoft.com/help/5005095
9312
10287
9318
9344
5005088
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005088
5004289
10051
10049
Yes
Monthly Rollup
6.1.7601.25685
5005088
https://support.microsoft.com/help/5005088
10051
10049
5005089
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005089
10051
10049
Yes
Security Only
6.1.7601.25685
5005089
https://support.microsoft.com/help/5005089
10051
10049
5005099
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005099
5004294
10378
10379
Yes
Monthly Rollup
6.2.9200.23435
5005099
https://support.microsoft.com/help/5005099
10378
10379
5005094
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005094
10378
10379
Yes
Security Only
6.2.9200.23435
5005094
https://support.microsoft.com/help/5005094
10378
10379
5005076
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005076
5004298
10483
10543
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10483
10543
5005106
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005106
10483
10543
Yes
Security Only
6.3.9600.20094
5005106
https://support.microsoft.com/help/5005106
10483
10543
1.0
2021-08-10T07:00:00
<p>Information published.</p>
Microsoft SharePoint Server Spoofing Vulnerability
Microsoft Office SharePoint
Microsoft
CVE-2021-36940
10950
11099
11585
Spoofing
10950
Spoofing
11099
Spoofing
11585
Important
10950
Important
11099
Important
11585
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.6
6.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C
10950
7.6
6.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C
11099
7.6
6.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C
11585
5002002
https://www.microsoft.com/downloads/details.aspx?familyid=68e05993-b360-416b-bcb7-5999bd6e054c
5001976
10950
Maybe
Security Update
16.0.5200.1000
4011600
https://www.microsoft.com/downloads/details.aspx?familyid=ffe86fcd-cc12-4bee-9d97-a48153597552
3178638
11099
Maybe
Security Update
15.0.5371.1000
5002000
https://www.microsoft.com/downloads/details.aspx?familyid=08c64f69-8b76-4c7e-a512-71513f46f7b4
5001975
11585
Maybe
Security Update
16.0.10377.20000
<a href="https://www.aswsec.com">Adam Willard</a>
1.0
2021-08-10T07:00:00
<p>Information published.</p>
Microsoft Word Remote Code Execution Vulnerability
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>According to the CVSS score, user interaction is required to exploit this vulnerability. What kind of user interaction is required?</strong></p>
<p>A user needs to be tricked into running malicious files.</p>
Microsoft Office Word
Microsoft
CVE-2021-36941
11575
11762
11763
Remote Code Execution
11575
Remote Code Execution
11762
Remote Code Execution
11763
Important
11575
Important
11762
Important
11763
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11575
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11575
Maybe
Security Update
16.52.21080801
Click to Run
11762
11763
No
Security Update
https://aka.ms/OfficeSecurityReleases
Lev Aronsky with <a href="https://alephsecurity.com">Aleph Research by HCL AppScan</a>
Vera Mens with <a href="https://alephsecurity.com">Aleph Security by HCL AppScan</a>
1.0
2021-08-10T07:00:00
<p>Information published.</p>
Windows 10 Update Assistant Elevation of Privilege Vulnerability
Windows Update Assistant
Microsoft
CVE-2021-36945
11707
Elevation of Privilege
11707
Important
11707
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.3
6.4
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11707
4023814
https://www.microsoft.com/en-us/software-download/windows10
11707
Maybe
Security Update
Abdelhamid Naceri (halov) working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
1.0
2021-08-10T07:00:00
<p>Information published.</p>
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
Microsoft Dynamics
Microsoft
CVE-2021-36946
11603
11746
11750
11916
11917
Spoofing
11603
Spoofing
11746
Spoofing
11750
Spoofing
11916
Spoofing
11917
Important
11603
Important
11746
Important
11750
Important
11916
Important
11917
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
5.4
4.9
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C
11603
5.4
4.9
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C
11746
5.4
4.9
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C
11750
5.4
4.9
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C
11916
5.4
4.9
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C
11917
5005368
https://www.microsoft.com/en-us/download/details.aspx?id=103354
11603
Maybe
Security Update
30601
5005369
https://www.microsoft.com/en-us/download/details.aspx?id=103357
11746
Maybe
Security Update
47562
5005370
https://www.microsoft.com/en-us/download/details.aspx?id=103358
11750
Maybe
Security Update
Application Build 14.27.47563, Platform Build 14.0
5005374
https://www.microsoft.com/en-us/download/details.aspx?id=103356
5004716
11916
Maybe
Security Update
Application Build 17.9.28504, Platform Build 17.0.
5005373
https://www.microsoft.com/en-us/download/details.aspx?id=103355
5004716
11917
Maybe
Security Update
Application Build 16.15.28500, Platform Build 16.0
<a href="https://twitter.com/rskvp93">rskvp93</a> with <a href="https://viettelcybersecurity.com/">Viettel Cyber Security</a>
1.0
2021-08-10T07:00:00
<p>Information published.</p>
Windows Print Spooler Remote Code Execution Vulnerability
Windows Print Spooler Components
Microsoft
CVE-2021-36947
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11712
Remote Code Execution
11713
Remote Code Execution
11714
Remote Code Execution
11896
Remote Code Execution
11897
Remote Code Execution
11898
Remote Code Execution
11766
Remote Code Execution
11767
Remote Code Execution
11768
Remote Code Execution
11769
Remote Code Execution
11800
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11803
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10047
Remote Code Execution
10048
Remote Code Execution
10481
Remote Code Execution
10482
Remote Code Execution
10484
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11766
Important
11767
Important
11768
Important
11769
Important
11800
Important
11801
Important
11802
Important
11803
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11568
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11569
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11570
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11571
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11572
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11712
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11713
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11714
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11896
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11897
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11898
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11766
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11767
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11768
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11769
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11800
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11801
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11802
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11803
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10729
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10735
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10852
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10853
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10816
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10855
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10047
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10048
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10481
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10482
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10484
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9312
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10287
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9318
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9344
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10051
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10049
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10378
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10379
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10483
8.8
8.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10543
5005030
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030
5004244
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2114
5005030
https://support.microsoft.com/help/5005030
11568
11569
11570
11571
11572
5005031
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005031
5004245
11712
11713
11714
Yes
Security Update
10.0.18363.1734
5005031
https://support.microsoft.com/help/5005031
11712
11713
11714
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11896
11897
11898
Yes
Security Update
10.0.19043.1165
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11766
11767
11768
11769
Yes
Security Update
10.0.19041.1165
5005033
https://support.microsoft.com/help/5005033
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11800
11801
11802
11803
Yes
Security Update
10.0.19042.1165
5005040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005040
5004249
10729
10735
Yes
Security Update
10.0.10240.19022
5005040
https://support.microsoft.com/help/5005040
10729
10735
5005043
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005043
5004238
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4583
5005088
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005088
5004289
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.25685
5005088
https://support.microsoft.com/help/5005088
10047
10048
10051
10049
5005089
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005089
10047
10048
10051
10049
Yes
Security Only
6.1.7601.25685
5005089
https://support.microsoft.com/help/5005089
10047
10048
10051
10049
5005076
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005076
5004298
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
10543
5005106
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005106
10481
10482
10483
10543
Yes
Security Only
6.3.9600.20094
5005106
https://support.microsoft.com/help/5005106
10481
10482
10483
10543
5005076
5004298
10484
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
10543
5005090
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005090
5004305
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21192
5005090
https://support.microsoft.com/help/5005090
9312
10287
9318
9344
5005095
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005095
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21192
5005095
https://support.microsoft.com/help/5005095
9312
10287
9318
9344
5005099
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005099
5004294
10378
10379
Yes
Monthly Rollup
6.2.9200.23435
5005099
https://support.microsoft.com/help/5005099
10378
10379
5005094
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005094
10378
10379
Yes
Security Only
6.2.9200.23435
5005094
https://support.microsoft.com/help/5005094
10378
10379
1.0
2021-08-10T07:00:00
<p>Information published.</p>
Windows Update Medic Service Elevation of Privilege Vulnerability
Windows Update
Microsoft
CVE-2021-36948
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11712
Elevation of Privilege
11713
Elevation of Privilege
11714
Elevation of Privilege
11896
Elevation of Privilege
11897
Elevation of Privilege
11898
Elevation of Privilege
11766
Elevation of Privilege
11767
Elevation of Privilege
11768
Elevation of Privilege
11769
Elevation of Privilege
11800
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11803
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11766
Important
11767
Important
11768
Important
11769
Important
11800
Important
11801
Important
11802
Important
11803
Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;Older Software Release:Exploitation Detected;DOS:N/A
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11568
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11569
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11570
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11571
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11572
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11712
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11713
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11714
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11896
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11897
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11898
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11766
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11767
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11768
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11769
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11800
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11801
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11802
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11803
5005030
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030
5004244
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2114
5005030
https://support.microsoft.com/help/5005030
11568
11569
11570
11571
11572
5005031
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005031
5004245
11712
11713
11714
Yes
Security Update
10.0.18363.1734
5005031
https://support.microsoft.com/help/5005031
11712
11713
11714
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11896
11897
11898
Yes
Security Update
10.0.19043.1165
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11766
11767
11768
11769
Yes
Security Update
10.0.19041.1165
5005033
https://support.microsoft.com/help/5005033
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11800
11801
11802
11803
Yes
Security Update
10.0.19042.1165
Microsoft Threat Intelligence Center (MSTIC)
Microsoft Security Response Center (MSRC)
1.0
2021-08-10T07:00:00
<p>Information published.</p>
Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability
<p><strong>What should I do to be protected against this vulnerability?</strong></p>
<p>In addition to applying the updates in this CVE, you will need to disable NTLM as per the guidance as follows:</p>
<p>For Azure Active Directory Connect, see <a href="https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-prerequisites#harden-your-azure-ad-connect-server">Prerequisites for Azure AD Connect</a>
For Azure Active Directory Connect Provisioning Agent, see <a href="https://docs.microsoft.com/en-us/azure/active-directory/cloud-sync/how-to-prerequisites">Prerequisites for Azure AD Connect cloud sync</a></p>
<p><strong>What must an attacker do to exploit this vulnerability</strong></p>
<p>The attacker must be able to establish Man-in-the-middle between your Azure AD Connect server and a domain controller. The attacker also needs to possess domain user credentials to be able to exploit this vulnerability.</p>
Microsoft Azure Active Directory Connect
Microsoft
CVE-2021-36949
11920
11922
11919
Elevation of Privilege
11920
Elevation of Privilege
11922
Elevation of Privilege
11919
Important
11920
Important
11922
Important
11919
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.1
6.4
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11920
7.1
6.4
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11922
7.1
6.4
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11919
Release Notes
https://www.microsoft.com/en-us/download/details.aspx?id=103336
11920
Maybe
Security Update
1.6.11.3
Release Notes
https://download.msappproxy.net/Subscription/d3c8b69d-6bf7-42be-a529-3fe9c2e70c90/Connector/provisioningAgentInstaller
11922
Maybe
Security Update
1.1.582.0
Release Notes
https://www.microsoft.com/en-us/download/details.aspx?id=47594
11919
Maybe
Security Update
2.0.8.0
Sagi Sheinfeld with <a href="https://www.crowdstrike.com/">Crowdstrike</a>
Eyal Karni with <a href="https://www.crowdstrike.com/">Crowdstrike</a>
<a href="https://twitter.com/yaronzi">Yaron Zinar</a> with <a href="https://www.crowdstrike.com/">CrowdStrike</a>
1.0
2021-08-10T07:00:00
<p>Information published.</p>
2.0
2021-08-10T07:00:00
<p>The following revisions have been made: 1) In the Security Updates table, added Azure Active Directory Connect Provisioning Agent as it is also affected by this vulnerability 2) Updated FAQs.</p>
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
Microsoft Dynamics
Microsoft
CVE-2021-36950
11664
Spoofing
11664
Important
11664
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
5.4
4.9
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C
11664
5005239
https://www.microsoft.com/en-us/download/details.aspx?id=103313
11664
Maybe
Security Update
9.0.30.2
1.0
2021-08-10T07:00:00
<p>Information published.</p>
Windows Print Spooler Remote Code Execution Vulnerability
<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>
<p><strong>When will Microsoft release a security update for this vulnerability?</strong></p>
<p>Update: September 14, 2021 - We have completed the investigation and have released the September 2021 security updates to address this vulnerability. Please see the Security Updates table.</p>
<p><strong>What versions of Windows are affected by this vulnerability?</strong></p>
<p>Update: September 14, 2021 - The September 2021 security updates are now available to address this vulnerability. Please see the Security Updates table for the versions of Windows that are affected.</p>
Windows Print Spooler Components
Microsoft
CVE-2021-36958
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11712
Remote Code Execution
11713
Remote Code Execution
11714
Remote Code Execution
11896
Remote Code Execution
11897
Remote Code Execution
11898
Remote Code Execution
11766
Remote Code Execution
11767
Remote Code Execution
11768
Remote Code Execution
11769
Remote Code Execution
11800
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11803
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10047
Remote Code Execution
10048
Remote Code Execution
10481
Remote Code Execution
10482
Remote Code Execution
10484
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11766
Important
11767
Important
11768
Important
11769
Important
11800
Important
11801
Important
11802
Important
11803
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11568
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11569
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11570
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11571
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11572
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11712
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11713
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11714
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11896
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11897
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11898
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11766
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11767
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11768
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11769
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11800
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11801
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11802
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11803
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10729
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10735
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10852
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10853
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10816
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10855
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10047
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10048
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10481
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10482
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10484
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9312
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10287
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9318
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9344
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10051
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10049
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10378
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10379
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10483
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10543
5005568
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005568
5005030
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2183
5005568
https://support.microsoft.com/help/5005568
11568
11569
11570
11571
11572
5005566
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005566
5005031
11712
11713
11714
Yes
Security Update
10.0.18363.1801
5005565
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005565
5005033
11896
11897
11898
Yes
Security Update
10.0.19043.1237
5005565
https://support.microsoft.com/help/5005565
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
5005565
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005565
5005033
11766
11767
11768
11769
Yes
Security Update
10.0.19041.1237
5005565
https://support.microsoft.com/help/5005565
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
5005565
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005565
5005033
11800
11801
11802
11803
Yes
Security Update
10.0.19042.1237
5005565
https://support.microsoft.com/help/5005565
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
5005569
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005569
5005040
10729
10735
Yes
Security Update
10.0.10240.19060
5005573
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005573
5005043
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4651
5005633
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005633
5005088
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.25712
5005633
https://support.microsoft.com/help/5005633
10047
10048
10051
10049
5005615
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005615
10047
10048
10051
10049
Yes
Security Only
6.1.7601.25712
5005615
https://support.microsoft.com/help/5005615
10047
10048
10051
10049
5005613
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005613
5005076
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20120
5005613
https://support.microsoft.com/help/5005613
10481
10482
10484
10483
10543
5005627
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005627
10481
10482
10483
10543
Yes
Security Only
6.3.9600.20120
5005627
https://support.microsoft.com/help/5005627
10481
10482
10483
10543
5005613
5005076
10484
Yes
Monthly Rollup
6.3.9600.20120
5005613
https://support.microsoft.com/help/5005613
10481
10482
10484
10483
10543
5005606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005606
5005090
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21218
5005606
https://support.microsoft.com/help/5005606
9312
10287
9318
9344
5005618
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005618
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21218
5005618
https://support.microsoft.com/help/5005618
9312
10287
9318
9344
5005623
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005623
5005094
10378
10379
Yes
Monthly Rollup
6.2.9200.23462
5005623
https://support.microsoft.com/help/5005623
10378
10379
5005607
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005607
10378
10379
Yes
Security Only
6.2.9200.23462
5005607
https://support.microsoft.com/help/5005607
10378
10379
<a href="https://twitter.com/offenseindepth">Victor Mata</a> of FusionX, Accenture Security
1.0
2021-08-11T07:00:00
<p>Information published.</p>
2.0
2021-09-14T07:00:00
<p>CVE updated to announce that Microsoft is releasing the September 2021 security updates for all affected versions of Windows to address this vulnerability. Additionally, other information has been updated, including the following: 1) Executive Summary has been updated. 2) Workarounds have been removed as they are no longer applicable. 3) FAQs have been updated to reflect the release of the September 2021 security updates. 4) CVSS Vector String has been updated.</p>
Microsoft Windows Defender Elevation of Privilege Vulnerability
<table>
<thead>
<tr>
<th>References</th>
<th>Identification</th>
</tr>
</thead>
<tbody>
<tr>
<td>First version of the Microsoft Malware Protection Engine with this vulnerability addressed</td>
<td>Version 1.1.18400.4</td>
</tr>
</tbody>
</table>
<p>See <a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus">Manage Updates Baselines Microsoft Defender Antivirus</a> for more information.</p>
<p><strong>Microsoft Defender is disabled in my environment, why are vulnerability scanners showing that I am vulnerable to this issue?</strong></p>
<p>Vulnerability scanners are looking for specific binaries and version numbers on devices. Microsoft Defender files are still on disk even when disabled. Systems that have disabled Microsoft Defender are not in an exploitable state.</p>
<p><strong>Why is no action required to install this update?</strong></p>
<p>In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner.</p>
<p>For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Microsoft Malware Protection Engine are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating.</p>
<p>Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Microsoft Malware Protection Engine updates and malware definitions, is working as expected in their environment.</p>
<p><strong>How often are the Microsoft Malware Protection Engine and malware definitions updated?</strong></p>
<p>Microsoft typically releases an update for the Microsoft Malware Protection Engine once a month or as needed to protect against new threats. Microsoft also typically updates the malware definitions three times daily and can increase the frequency when needed.</p>
<p>Depending on which Microsoft antimalware software is used and how it is configured, the software may search for engine and definition updates every day when connected to the Internet, up to multiple times daily. Customers can also choose to manually check for updates at any time.</p>
<p><strong>What is the Microsoft Malware Protection Engine?</strong></p>
<p>The Microsoft Malware Protection Engine, mpengine.dll, provides the scanning, detection, and cleaning capabilities for Microsoft antivirus and antispyware software.</p>
<p><strong>Windows Defender uses the Microsoft Malware Protection Engine. On which products is Defender installed and active by default?</strong></p>
<p>Defender runs on all supported version of Windows.</p>
<p><strong>Are there other products that use the Microsoft Malware Protection Engine?</strong></p>
<p>Yes, Microsoft System Center Endpoint Protection, Microsoft System Center 2012 R2 Endpoint Protection, Microsoft System Center 2012 Endpoint Protection and Microsoft Security Essentials.</p>
<p><strong>Does this update contain any additional security-related changes to functionality?</strong></p>
<p>Yes. In addition to the changes that are listed for this vulnerability, this update includes defense-in-depth updates to help improve security-related features.</p>
<h2>Suggested Actions</h2>
<p><strong>Verify that the update is installed</strong></p>
<p>Customers should verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded and installed for their Microsoft antimalware products.</p>
<ol>
<li>Open the Windows Security program. For example, type Security in the Search bar, and select the Windows Security program.</li>
<li>In the navigation pane, select Virus & threat protection.</li>
<li>Under Virus & threat protection updates in the main window, select Check for updates</li>
<li>Select Check for updates again.</li>
<li>In the navigation pane, select Settings, and then select About.</li>
<li>Examine the Engine Version number. The update was successfully installed if the Malware Protection Engine version number or the signature package version number matches or exceeds the version number that you are trying to verify as installed.</li>
</ol>
<p>For affected software, verify that the Microsoft Malware Protection Engine version is 1.1.18400.4 or later.</p>
<p><strong>If necessary, install the update</strong></p>
<p>Administrators of enterprise antimalware deployments should ensure that their update management software is configured to automatically approve and distribute engine updates and new malware definitions. Enterprise administrators should also verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded, approved and deployed in their environment.</p>
<p>For end-users, the affected software provides built-in mechanisms for the automatic detection and deployment of this update. For these customers, the update will be applied within 48 hours of its availability. The exact time frame depends on the software used, Internet connection, and infrastructure configuration.</p>
<p>End users that do not wish to wait can manually update their antimalware software.</p>
Windows Defender
Microsoft
CVE-2021-34471
11902
Elevation of Privilege
11902
Important
11902
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11902
Abdelhamid Naceri (halov) working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
1.0
2021-08-10T07:00:00
<p>Information published.</p>
Windows Graphics Component Remote Code Execution Vulnerability
Microsoft Graphics Component
Microsoft
CVE-2021-34530
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
10729
10735
10852
10853
10816
10855
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11712
Remote Code Execution
11713
Remote Code Execution
11714
Remote Code Execution
11896
Remote Code Execution
11897
Remote Code Execution
11898
Remote Code Execution
11766
Remote Code Execution
11767
Remote Code Execution
11768
Remote Code Execution
11769
Remote Code Execution
11800
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11803
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Critical
11568
Critical
11569
Critical
11570
Critical
11571
Critical
11572
Critical
11712
Critical
11713
Critical
11714
Critical
11896
Critical
11897
Critical
11898
Critical
11766
Critical
11767
Critical
11768
Critical
11769
Critical
11800
Critical
11801
Critical
11802
Critical
11803
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11896
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11897
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11898
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11766
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11767
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11768
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11769
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11800
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5005030
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030
5004244
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2114
5005030
https://support.microsoft.com/help/5005030
11568
11569
11570
11571
11572
5005031
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005031
5004245
11712
11713
11714
Yes
Security Update
10.0.18363.1734
5005031
https://support.microsoft.com/help/5005031
11712
11713
11714
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11896
11897
11898
Yes
Security Update
10.0.19043.1165
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11766
11767
11768
11769
Yes
Security Update
10.0.19041.1165
5005033
https://support.microsoft.com/help/5005033
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11800
11801
11802
11803
Yes
Security Update
10.0.19042.1165
5005040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005040
5004249
10729
10735
Yes
Security Update
10.0.10240.19022
5005040
https://support.microsoft.com/help/5005040
10729
10735
5005043
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005043
5004238
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4583
Zhihua Yao of KunLun Lab
1.0
2021-08-10T07:00:00
<p>Information published.</p>
ASP.NET Core and Visual Studio Information Disclosure Vulnerability
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is data inside the targeted website like IDs, tokens, nonces, and other sensitive information.</p>
ASP.NET Core & Visual Studio
Microsoft
CVE-2021-34532
11564
11728
11846
11720
11785
11872
11900
11901
Information Disclosure
11564
Information Disclosure
11728
Information Disclosure
11846
Information Disclosure
11720
Information Disclosure
11785
Information Disclosure
11872
Information Disclosure
11900
Information Disclosure
11901
Important
11564
Important
11728
Important
11846
Important
11720
Important
11785
Important
11872
Important
11900
Important
11901
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
5.5
4.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11564
5.5
4.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11728
5.5
4.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11846
5.5
4.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11720
5.5
4.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11785
5.5
4.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11872
5.5
4.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11900
5.5
4.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11901
Release Notes
https://dotnet.microsoft.com/download/dotnet-core/2.1
11564
Maybe
Security Update
2.1.29
Release Notes
https://dotnet.microsoft.com/download/dotnet-core/3.1
11728
Maybe
Security Update
3.1.18
Release Notes
https://dotnet.microsoft.com/download/dotnet/5.0
11846
Maybe
Security Update
5.0.9
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.4
11720
Maybe
Security Update
16.4.25
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.7
11785
Maybe
Security Update
16.7.18
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.9
11872
Maybe
Security Update
16.9.10
Release Notes
http://aka.ms/vs/16/release/latest
11900
Maybe
Security Update
16.10.5
Release Notes
https://visualstudio.microsoft.com/vs/mac/
11901
Maybe
Security Update
8.10.7
1.1
2021-08-10T07:00:00
<p>In the Security Updates table, added links to the Release Notes. This is an informational change only.</p>
1.0
2021-08-10T07:00:00
<p>Information published.</p>
Windows Graphics Component Font Parsing Remote Code Execution Vulnerability
Microsoft Graphics Component
Microsoft
CVE-2021-34533
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11712
Remote Code Execution
11713
Remote Code Execution
11714
Remote Code Execution
11896
Remote Code Execution
11897
Remote Code Execution
11898
Remote Code Execution
11766
Remote Code Execution
11767
Remote Code Execution
11768
Remote Code Execution
11769
Remote Code Execution
11800
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11803
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10047
Remote Code Execution
10048
Remote Code Execution
10481
Remote Code Execution
10482
Remote Code Execution
10484
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11766
Important
11767
Important
11768
Important
11769
Important
11800
Important
11801
Important
11802
Important
11803
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11896
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11897
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11898
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11766
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11767
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11768
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11769
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11800
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5005030
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030
5004244
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2114
5005030
https://support.microsoft.com/help/5005030
11568
11569
11570
11571
11572
5005031
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005031
5004245
11712
11713
11714
Yes
Security Update
10.0.18363.1734
5005031
https://support.microsoft.com/help/5005031
11712
11713
11714
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11896
11897
11898
Yes
Security Update
10.0.19043.1165
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11766
11767
11768
11769
Yes
Security Update
10.0.19041.1165
5005033
https://support.microsoft.com/help/5005033
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11800
11801
11802
11803
Yes
Security Update
10.0.19042.1165
5005040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005040
5004249
10729
10735
Yes
Security Update
10.0.10240.19022
5005040
https://support.microsoft.com/help/5005040
10729
10735
5005043
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005043
5004238
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4583
5005088
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005088
5004289
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.25685
5005088
https://support.microsoft.com/help/5005088
10047
10048
10051
10049
5005089
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005089
10047
10048
10051
10049
Yes
Security Only
6.1.7601.25685
5005089
https://support.microsoft.com/help/5005089
10047
10048
10051
10049
5005076
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005076
5004298
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
10543
5005106
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005106
10481
10482
10483
10543
Yes
Security Only
6.3.9600.20094
5005106
https://support.microsoft.com/help/5005106
10481
10482
10483
10543
5005076
5004298
10484
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
10543
5005090
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005090
5004305
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21192
5005090
https://support.microsoft.com/help/5005090
9312
10287
9318
9344
5005095
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005095
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21192
5005095
https://support.microsoft.com/help/5005095
9312
10287
9318
9344
5005099
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005099
5004294
10378
10379
Yes
Monthly Rollup
6.2.9200.23435
5005099
https://support.microsoft.com/help/5005099
10378
10379
5005094
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005094
10378
10379
Yes
Security Only
6.2.9200.23435
5005094
https://support.microsoft.com/help/5005094
10378
10379
HAO LI of VenusTech ADLab
1.0
2021-08-10T07:00:00
<p>Information published.</p>
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Components
Microsoft
CVE-2021-34483
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11712
Elevation of Privilege
11713
Elevation of Privilege
11714
Elevation of Privilege
11896
Elevation of Privilege
11897
Elevation of Privilege
11898
Elevation of Privilege
11766
Elevation of Privilege
11767
Elevation of Privilege
11768
Elevation of Privilege
11769
Elevation of Privilege
11800
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11803
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11766
Important
11767
Important
11768
Important
11769
Important
11800
Important
11801
Important
11802
Important
11803
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11568
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11569
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11570
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11571
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11572
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11712
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11713
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11714
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11896
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11897
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11898
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11766
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11767
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11768
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11769
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11800
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11801
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11802
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11803
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10729
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10735
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10852
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10853
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10816
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10855
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10047
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10048
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10481
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10482
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10484
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9312
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10287
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9318
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9344
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10051
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10049
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10378
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10379
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10483
7.8
7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10543
5005030
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030
5004244
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2114
5005030
https://support.microsoft.com/help/5005030
11568
11569
11570
11571
11572
5005031
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005031
5004245
11712
11713
11714
Yes
Security Update
10.0.18363.1734
5005031
https://support.microsoft.com/help/5005031
11712
11713
11714
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11896
11897
11898
Yes
Security Update
10.0.19043.1165
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11766
11767
11768
11769
Yes
Security Update
10.0.19041.1165
5005033
https://support.microsoft.com/help/5005033
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11800
11801
11802
11803
Yes
Security Update
10.0.19042.1165
5005040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005040
5004249
10729
10735
Yes
Security Update
10.0.10240.19022
5005040
https://support.microsoft.com/help/5005040
10729
10735
5005043
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005043
5004238
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4583
5005088
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005088
5004289
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.25685
5005088
https://support.microsoft.com/help/5005088
10047
10048
10051
10049
5005089
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005089
10047
10048
10051
10049
Yes
Security Only
6.1.7601.25685
5005089
https://support.microsoft.com/help/5005089
10047
10048
10051
10049
5005076
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005076
5004298
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
10543
5005106
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005106
10481
10482
10483
10543
Yes
Security Only
6.3.9600.20094
5005106
https://support.microsoft.com/help/5005106
10481
10482
10483
10543
5005076
5004298
10484
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
10543
5005090
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005090
5004305
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21192
5005090
https://support.microsoft.com/help/5005090
9312
10287
9318
9344
5005095
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005095
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21192
5005095
https://support.microsoft.com/help/5005095
9312
10287
9318
9344
5005099
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005099
5004294
10378
10379
Yes
Monthly Rollup
6.2.9200.23435
5005099
https://support.microsoft.com/help/5005099
10378
10379
5005094
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005094
10378
10379
Yes
Security Only
6.2.9200.23435
5005094
https://support.microsoft.com/help/5005094
10378
10379
Thibault van Geluwe
[Victor Mata](https://twitter.com/offenseindepth) of FusionX, Accenture Security
1.0
2021-08-10T07:00:00
<p>Information published.</p>
Windows User Profile Service Elevation of Privilege Vulnerability
Windows User Profile Service
Microsoft
CVE-2021-34484
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11712
Elevation of Privilege
11713
Elevation of Privilege
11714
Elevation of Privilege
11896
Elevation of Privilege
11897
Elevation of Privilege
11898
Elevation of Privilege
11766
Elevation of Privilege
11767
Elevation of Privilege
11768
Elevation of Privilege
11769
Elevation of Privilege
11800
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11803
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11766
Important
11767
Important
11768
Important
11769
Important
11800
Important
11801
Important
11802
Important
11803
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11896
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11897
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11898
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11766
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11767
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11768
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11769
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11800
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5005030
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030
5004244
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2114
5005030
https://support.microsoft.com/help/5005030
11568
11569
11570
11571
11572
5005031
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005031
5004245
11712
11713
11714
Yes
Security Update
10.0.18363.1734
5005031
https://support.microsoft.com/help/5005031
11712
11713
11714
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11896
11897
11898
Yes
Security Update
10.0.19043.1165
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11766
11767
11768
11769
Yes
Security Update
10.0.19041.1165
5005033
https://support.microsoft.com/help/5005033
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11800
11801
11802
11803
Yes
Security Update
10.0.19042.1165
5005040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005040
5004249
10729
10735
Yes
Security Update
10.0.10240.19022
5005040
https://support.microsoft.com/help/5005040
10729
10735
5005043
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005043
5004238
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4583
5005088
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005088
5004289
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.25685
5005088
https://support.microsoft.com/help/5005088
10047
10048
10051
10049
5005089
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005089
10047
10048
10051
10049
Yes
Security Only
6.1.7601.25685
5005089
https://support.microsoft.com/help/5005089
10047
10048
10051
10049
5005076
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005076
5004298
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
10543
5005106
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005106
10481
10482
10483
10543
Yes
Security Only
6.3.9600.20094
5005106
https://support.microsoft.com/help/5005106
10481
10482
10483
10543
5005076
5004298
10484
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
10543
5005090
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005090
5004305
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21192
5005090
https://support.microsoft.com/help/5005090
9312
10287
9318
9344
5005095
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005095
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21192
5005095
https://support.microsoft.com/help/5005095
9312
10287
9318
9344
5005099
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005099
5004294
10378
10379
Yes
Monthly Rollup
6.2.9200.23435
5005099
https://support.microsoft.com/help/5005099
10378
10379
5005094
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005094
10378
10379
Yes
Security Only
6.2.9200.23435
5005094
https://support.microsoft.com/help/5005094
10378
10379
Abdelhamid Naceri (halov) working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
1.0
2021-08-10T07:00:00
<p>Information published.</p>
.NET Core and Visual Studio Information Disclosure Vulnerability
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of a specific dump file. The attacker needs to have local access to the target system and the dump file needs to be created in a specific way by a target on that same system.</p>
.NET Core & Visual Studio
Microsoft
CVE-2021-34485
11600
11720
11785
11872
11900
11925
11745
11565
11730
11761
Information Disclosure
11600
Information Disclosure
11720
Information Disclosure
11785
Information Disclosure
11872
Information Disclosure
11900
Information Disclosure
11925
Information Disclosure
11745
Information Disclosure
11565
Information Disclosure
11730
Information Disclosure
11761
Important
11600
Important
11720
Important
11785
Important
11872
Important
11900
Important
11925
Important
11745
Important
11565
Important
11730
Important
11761
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
5.0
4.4
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11600
5.0
4.4
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11720
5.0
4.4
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11785
5.0
4.4
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11872
5.0
4.4
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11900
5.0
4.4
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11925
5.0
4.4
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11745
5.0
4.4
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11565
5.0
4.4
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11730
5.0
4.4
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11761
Release Notes
http://aka.ms/vs/15/release/latest
11600
Maybe
Security Update
15.9.38
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.4
11720
Maybe
Security Update
16.4.25
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.7
11785
Maybe
Security Update
16.7.18
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.9
11872
Maybe
Security Update
16.9.10
Release Notes
http://aka.ms/vs/16/release/latest
11900
Maybe
Security Update
16.10.5
Release Notes
https://github.com/PowerShell/PowerShell#get-powershell
11925
Maybe
Security Update
7.1.4
Release Notes
https://github.com/PowerShell/PowerShell#get-powershell
11745
Maybe
Security Update
7.0.7
Release Notes
https://dotnet.microsoft.com/download/dotnet-core/2.1
11565
Maybe
Security Update
2.1.30
Release Notes
https://dotnet.microsoft.com/download/dotnet-core/3.1
11730
Maybe
Security Update
3.1.18
Release Notes
https://dotnet.microsoft.com/download/dotnet/5.0
11761
Maybe
Security Update
5.0.9
1.0
2021-08-10T07:00:00
<p>Information published.</p>
1.1
2021-08-10T07:00:00
<p>In the Security Updates table, added links to the Release Notes. This is an informational change only.</p>
2.0
2021-08-12T07:00:00
<p>Revised the Security Updates table to include PowerShell 7.0 and PowerShell 7.1 because these versions of PowerShell 7 incorporate the versions of .NET Core that are affected by this vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/24">https://github.com/PowerShell/Announcements/issues/24</a> for more information.</p>
3.0
2021-08-19T07:00:00
<p>To comprehensively address this vulnerability, Microsoft has released .NET Core 2.1 Build Number 2.1.30. Customers who have downloaded Build 2.1.29 should download and install Build 2.1.30 to be fully protected from this vulnerability.</p>
Remote Desktop Client Remote Code Execution Vulnerability
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.</p>
<p>In the case of Hyper-V, a malicious program running in a guest VM could trigger guest-to-host RCE by exploiting this vulnerability in the Hyper-V Viewer when a victim running on the host connects to the attacking Hyper-V guest.</p>
Remote Desktop Client
Microsoft
CVE-2021-34535
11568
11569
11570
11571
11712
11713
11714
11849
11896
11897
11898
11766
11767
11768
11800
11801
11802
10729
10735
10852
10853
10816
10047
10048
10481
10482
10484
10051
10378
10483
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11712
Remote Code Execution
11713
Remote Code Execution
11714
Remote Code Execution
11849
Remote Code Execution
11896
Remote Code Execution
11897
Remote Code Execution
11898
Remote Code Execution
11766
Remote Code Execution
11767
Remote Code Execution
11768
Remote Code Execution
11800
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10047
Remote Code Execution
10048
Remote Code Execution
10481
Remote Code Execution
10482
Remote Code Execution
10484
Remote Code Execution
10051
Remote Code Execution
10378
Remote Code Execution
10483
Critical
11568
Critical
11569
Critical
11570
Critical
11571
Critical
11712
Critical
11713
Critical
11714
Critical
11849
Critical
11896
Critical
11897
Critical
11898
Critical
11766
Critical
11767
Critical
11768
Critical
11800
Critical
11801
Critical
11802
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10047
Critical
10048
Critical
10481
Critical
10482
Critical
10484
Critical
10051
Critical
10378
Critical
10483
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A
8.8
7.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11568
8.8
7.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11569
8.8
7.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11570
8.8
7.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11571
8.8
7.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11712
8.8
7.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11713
8.8
7.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11714
8.8
7.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11849
8.8
7.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11896
8.8
7.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11897
8.8
7.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11898
8.8
7.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11766
8.8
7.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11767
8.8
7.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11768
8.8
7.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11800
8.8
7.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11801
8.8
7.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11802
8.8
7.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10729
8.8
7.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10735
8.8
7.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10852
8.8
7.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10853
8.8
7.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10816
8.8
7.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10047
8.8
7.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10048
8.8
7.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10481
8.8
7.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10482
8.8
7.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10484
8.8
7.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10051
8.8
7.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10378
8.8
7.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10483
5005030
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030
5004244
11568
11569
11570
11571
Yes
Security Update
10.0.17763.2114
5005030
https://support.microsoft.com/help/5005030
11568
11569
11570
11571
5005031
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005031
5004245
11712
11713
11714
Yes
Security Update
10.0.18363.1734
5005031
https://support.microsoft.com/help/5005031
11712
11713
11714
Release Notes
https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop-whatsnew
11849
Maybe
Security Update
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11896
11897
11898
Yes
Security Update
10.0.19043.1165
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11766
11767
11768
Yes
Security Update
10.0.19041.1165
5005033
https://support.microsoft.com/help/5005033
11896
11897
11898
11766
11767
11768
11800
11801
11802
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11800
11801
11802
Yes
Security Update
10.0.19042.1165
5005040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005040
5004249
10729
10735
Yes
Security Update
10.0.10240.19022
5005040
https://support.microsoft.com/help/5005040
10729
10735
5005043
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005043
5004238
10852
10853
10816
Yes
Security Update
10.0.14393.4583
5005088
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005088
5004289
10047
10048
10051
Yes
Monthly Rollup
6.1.7601.25685
5005088
https://support.microsoft.com/help/5005088
10047
10048
10051
5005089
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005089
10047
10048
10051
Yes
Security Only
6.1.7601.25685
5005089
https://support.microsoft.com/help/5005089
10047
10048
10051
5005076
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005076
5004298
10481
10482
10483
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
5005106
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005106
10481
10482
10483
Yes
Security Only
6.3.9600.20094
5005106
https://support.microsoft.com/help/5005106
10481
10482
10483
5005076
5004298
10484
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
5005099
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005099
5004294
10378
Yes
Monthly Rollup
6.2.9200.23435
5005099
https://support.microsoft.com/help/5005099
10378
5005094
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005094
10378
Yes
Security Only
6.2.9200.23435
5005094
https://support.microsoft.com/help/5005094
10378
Malcolm Stagg
1.1
2021-08-10T07:00:00
<p>Updated links to security updates. This is an informational change only.</p>
1.0
2021-08-10T07:00:00
<p>Information published.</p>
Windows Recovery Environment Agent Elevation of Privilege Vulnerability
Windows Update Assistant
Microsoft
CVE-2021-26431
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
Elevation of Privilege
11896
Elevation of Privilege
11897
Elevation of Privilege
11898
Elevation of Privilege
11766
Elevation of Privilege
11767
Elevation of Privilege
11768
Elevation of Privilege
11769
Elevation of Privilege
11800
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11803
Important
11896
Important
11897
Important
11898
Important
11766
Important
11767
Important
11768
Important
11769
Important
11800
Important
11801
Important
11802
Important
11803
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11896
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11897
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11898
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11766
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11767
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11768
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11769
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11800
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11896
11897
11898
Yes
Security Update
10.0.19043.1165
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11766
11767
11768
11769
Yes
Security Update
10.0.19041.1165
5005033
https://support.microsoft.com/help/5005033
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11800
11801
11802
11803
Yes
Security Update
10.0.19042.1165
Abdelhamid Naceri (halov) working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
1.0
2021-08-10T07:00:00
<p>Information published.</p>
Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability
<p><strong>What system configurations would expose this vulnerability?</strong></p>
<p>Servers that have <a href="https://docs.microsoft.com/en-us/windows-server/storage/nfs/deploy-nfs#install-network-file-system-on-the-server-with-windows-powershell">installed the Network File System</a> are exposed to this vulnerability in <code>rpcxdr.sys</code>.</p>
<p>An attacker would require read or write permission to any file on an NFS share on the victim system. If NFS is configured to allow anonymous access, then the victim system would be vulnerable to unauthenticated attackers.</p>
<p><strong>Does this security update apply to non-server systems?</strong></p>
<p>Yes. While servers are much more likely to be exposed to this vulnerability, the security update to <code>rpcxdr.sys</code> applies to all Windows editions in the Security Updates table.</p>
Windows Services for NFS ONCRPC XDR Driver
Microsoft
CVE-2021-26432
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
10729
10735
10852
10853
10816
10855
10481
10482
10484
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11712
Remote Code Execution
11713
Remote Code Execution
11714
Remote Code Execution
11896
Remote Code Execution
11897
Remote Code Execution
11898
Remote Code Execution
11766
Remote Code Execution
11767
Remote Code Execution
11768
Remote Code Execution
11769
Remote Code Execution
11800
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11803
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10481
Remote Code Execution
10482
Remote Code Execution
10484
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
11568
Critical
11569
Critical
11570
Critical
11571
Critical
11572
Critical
11712
Critical
11713
Critical
11714
Critical
11896
Critical
11897
Critical
11898
Critical
11766
Critical
11767
Critical
11768
Critical
11769
Critical
11800
Critical
11801
Critical
11802
Critical
11803
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
10481
Critical
10482
Critical
10484
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A
9.8
8.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
9.8
8.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
9.8
8.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
9.8
8.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
9.8
8.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
9.8
8.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
9.8
8.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
9.8
8.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
9.8
8.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11896
9.8
8.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11897
9.8
8.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11898
9.8
8.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11766
9.8
8.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11767
9.8
8.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11768
9.8
8.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11769
9.8
8.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11800
9.8
8.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
9.8
8.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
9.8
8.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
9.8
8.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
9.8
8.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
9.8
8.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
9.8
8.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
9.8
8.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
9.8
8.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
9.8
8.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
9.8
8.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
9.8
8.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
9.8
8.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
9.8
8.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
9.8
8.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
9.8
8.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5005030
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030
5004244
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2114
5005030
https://support.microsoft.com/help/5005030
11568
11569
11570
11571
11572
5005031
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005031
5004245
11712
11713
11714
Yes
Security Update
10.0.18363.1734
5005031
https://support.microsoft.com/help/5005031
11712
11713
11714
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11896
11897
11898
Yes
Security Update
10.0.19043.1165
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11766
11767
11768
11769
Yes
Security Update
10.0.19041.1165
5005033
https://support.microsoft.com/help/5005033
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11800
11801
11802
11803
Yes
Security Update
10.0.19042.1165
5005040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005040
5004249
10729
10735
Yes
Security Update
10.0.10240.19022
5005040
https://support.microsoft.com/help/5005040
10729
10735
5005043
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005043
5004238
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4583
5005076
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005076
5004298
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
10543
5005106
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005106
10481
10482
10483
10543
Yes
Security Only
6.3.9600.20094
5005106
https://support.microsoft.com/help/5005106
10481
10482
10483
10543
5005076
5004298
10484
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
10543
5005099
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005099
5004294
10378
10379
Yes
Monthly Rollup
6.2.9200.23435
5005099
https://support.microsoft.com/help/5005099
10378
10379
5005094
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005094
10378
10379
Yes
Security Only
6.2.9200.23435
5005094
https://support.microsoft.com/help/5005094
10378
10379
Liubenjin from Codesafe Team of Legendsec at Qi'anxin Group
1.1
2021-08-12T07:00:00
<p>Added FAQ to provide further vulnerability details. This is an informational change only.</p>
1.0
2021-08-10T07:00:00
<p>Information published.</p>
Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.</p>
Windows Services for NFS ONCRPC XDR Driver
Microsoft
CVE-2021-26433
11568
11569
11570
11572
11712
11713
11714
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
10729
10735
10852
10853
10816
10855
10481
10482
10484
10378
10379
10483
10543
11571
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11570
Information Disclosure
11572
Information Disclosure
11712
Information Disclosure
11713
Information Disclosure
11714
Information Disclosure
11896
Information Disclosure
11897
Information Disclosure
11898
Information Disclosure
11766
Information Disclosure
11767
Information Disclosure
11768
Information Disclosure
11769
Information Disclosure
11800
Information Disclosure
11801
Information Disclosure
11802
Information Disclosure
11803
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
10481
Information Disclosure
10482
Information Disclosure
10484
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Information Disclosure
11571
Important
11568
Important
11569
Important
11570
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11766
Important
11767
Important
11768
Important
11769
Important
11800
Important
11801
Important
11802
Important
11803
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10481
Important
10482
Important
10484
Important
10378
Important
10379
Important
10483
Important
10543
Important
11571
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11570
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11712
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11713
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11714
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11896
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11897
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11898
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11766
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11767
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11768
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11769
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11800
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11801
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11802
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11803
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10481
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10482
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10484
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5005030
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030
5004244
11568
11569
11570
11572
11571
Yes
Security Update
10.0.17763.2114
5005030
https://support.microsoft.com/help/5005030
11568
11569
11570
11572
11571
5005031
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005031
5004245
11712
11713
11714
Yes
Security Update
10.0.18363.1734
5005031
https://support.microsoft.com/help/5005031
11712
11713
11714
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11896
11897
11898
Yes
Security Update
10.0.19043.1165
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11766
11767
11768
11769
Yes
Security Update
10.0.19041.1165
5005033
https://support.microsoft.com/help/5005033
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11800
11801
11802
11803
Yes
Security Update
10.0.19042.1165
5005040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005040
5004249
10729
10735
Yes
Security Update
10.0.10240.19022
5005040
https://support.microsoft.com/help/5005040
10729
10735
5005043
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005043
5004238
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4583
5005076
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005076
5004298
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
10543
5005106
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005106
10481
10482
10483
10543
Yes
Security Only
6.3.9600.20094
5005106
https://support.microsoft.com/help/5005106
10481
10482
10483
10543
5005076
5004298
10484
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
10543
5005099
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005099
5004294
10378
10379
Yes
Monthly Rollup
6.2.9200.23435
5005099
https://support.microsoft.com/help/5005099
10378
10379
5005094
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005094
10378
10379
Yes
Security Only
6.2.9200.23435
5005094
https://support.microsoft.com/help/5005094
10378
10379
Liubenjin from Codesafe Team of Legendsec at Qi'anxin Group
1.0
2021-08-10T07:00:00
<p>Information published.</p>
Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.</p>
Windows Services for NFS ONCRPC XDR Driver
Microsoft
CVE-2021-36926
11568
11569
11571
11572
11712
11713
11714
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
10729
10735
10852
10853
10816
10855
10481
10482
10484
10378
10379
10483
10543
11570
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11712
Information Disclosure
11713
Information Disclosure
11714
Information Disclosure
11896
Information Disclosure
11897
Information Disclosure
11898
Information Disclosure
11766
Information Disclosure
11767
Information Disclosure
11768
Information Disclosure
11769
Information Disclosure
11800
Information Disclosure
11801
Information Disclosure
11802
Information Disclosure
11803
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
10481
Information Disclosure
10482
Information Disclosure
10484
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Information Disclosure
11570
Important
11568
Important
11569
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11766
Important
11767
Important
11768
Important
11769
Important
11800
Important
11801
Important
11802
Important
11803
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10481
Important
10482
Important
10484
Important
10378
Important
10379
Important
10483
Important
10543
Important
11570
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11712
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11713
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11714
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11896
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11897
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11898
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11766
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11767
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11768
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11769
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11800
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11801
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11802
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11803
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10481
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10482
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10484
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11570
5005030
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030
5004244
11568
11569
11571
11572
11570
Yes
Security Update
10.0.17763.2114
5005030
https://support.microsoft.com/help/5005030
11568
11569
11571
11572
11570
5005031
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005031
5004245
11712
11713
11714
Yes
Security Update
10.0.18363.1734
5005031
https://support.microsoft.com/help/5005031
11712
11713
11714
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11896
11897
11898
Yes
Security Update
10.0.19043.1165
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11766
11767
11768
11769
Yes
Security Update
10.0.19041.1165
5005033
https://support.microsoft.com/help/5005033
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11800
11801
11802
11803
Yes
Security Update
10.0.19042.1165
5005040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005040
5004249
10729
10735
Yes
Security Update
10.0.10240.19022
5005040
https://support.microsoft.com/help/5005040
10729
10735
5005043
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005043
5004238
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4583
5005076
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005076
5004298
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
10543
5005106
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005106
10481
10482
10483
10543
Yes
Security Only
6.3.9600.20094
5005106
https://support.microsoft.com/help/5005106
10481
10482
10483
10543
5005076
5004298
10484
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
10543
5005099
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005099
5004294
10378
10379
Yes
Monthly Rollup
6.2.9200.23435
5005099
https://support.microsoft.com/help/5005099
10378
10379
5005094
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005094
10378
10379
Yes
Security Only
6.2.9200.23435
5005094
https://support.microsoft.com/help/5005094
10378
10379
Liubenjin from Codesafe Team of Legendsec at Qi'anxin Group
1.0
2021-08-10T07:00:00
<p>Information published.</p>
Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability
Windows Media
Microsoft
CVE-2021-36927
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5011552
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011552
5010404
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.25898
5011552
https://support.microsoft.com/help/5011552
10047
10048
10051
10049
5011529
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011529
10047
10048
10051
10049
Yes
Security Only
6.1.7601.25898
5011529
https://support.microsoft.com/help/5011529
10047
10048
10051
10049
5011564
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011564
5010419
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20303
5011564
https://support.microsoft.com/help/5011564
10481
10482
10484
10483
10543
5011560
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011560
10481
10482
10483
10543
Yes
Security Only
6.3.9600.20303
5011560
https://support.microsoft.com/help/5011560
10481
10482
10483
10543
5011564
5010419
10484
Yes
Monthly Rollup
6.3.9600.20296
5011564
https://support.microsoft.com/help/5011564
10481
10482
10484
10483
10543
5011534
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011534
5010384
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21416
5011534
https://support.microsoft.com/help/5011534
9312
10287
9318
9344
5011525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011525
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21416
5011525
https://support.microsoft.com/help/5011525
9312
10287
9318
9344
5011535
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011535
5010392
10378
10379
Yes
Monthly Rollup
6.2.9200.23645
5011535
https://support.microsoft.com/help/5011535
10378
10379
5011527
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011527
10378
10379
Yes
Security Only
6.2.9200.23639
5011527
https://support.microsoft.com/help/5011527
10378
10379
JIWO Technology Co., Ltd
<a href="https://www.ncsc.gov.uk">The UK's National Cyber Security Centre (NCSC)</a>
2.0
2022-03-08T08:00:00
<p>To comprehensively address CVE-2021-36927, Microsoft has released March 2022 security updates for all affected versions of Microsoft Windows. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p>
2.1
2022-03-25T07:00:00
<p>Affected software updated with new package information.</p>
1.0
2021-08-10T07:00:00
<p>Information published.</p>
Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.</p>
Windows Services for NFS ONCRPC XDR Driver
Microsoft
CVE-2021-36932
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
10729
10735
10852
10853
10816
10855
10481
10482
10484
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11570
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11712
Information Disclosure
11713
Information Disclosure
11714
Information Disclosure
11896
Information Disclosure
11897
Information Disclosure
11898
Information Disclosure
11766
Information Disclosure
11767
Information Disclosure
11768
Information Disclosure
11769
Information Disclosure
11800
Information Disclosure
11801
Information Disclosure
11802
Information Disclosure
11803
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
10481
Information Disclosure
10482
Information Disclosure
10484
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11766
Important
11767
Important
11768
Important
11769
Important
11800
Important
11801
Important
11802
Important
11803
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10481
Important
10482
Important
10484
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11570
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11712
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11713
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11714
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11896
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11897
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11898
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11766
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11767
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11768
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11769
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11800
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11801
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11802
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11803
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10481
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10482
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10484
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5005030
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030
5004244
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2114
5005030
https://support.microsoft.com/help/5005030
11568
11569
11570
11571
11572
5005031
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005031
5004245
11712
11713
11714
Yes
Security Update
10.0.18363.1734
5005031
https://support.microsoft.com/help/5005031
11712
11713
11714
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11896
11897
11898
Yes
Security Update
10.0.19043.1165
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11766
11767
11768
11769
Yes
Security Update
10.0.19041.1165
5005033
https://support.microsoft.com/help/5005033
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11800
11801
11802
11803
Yes
Security Update
10.0.19042.1165
5005040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005040
5004249
10729
10735
Yes
Security Update
10.0.10240.19022
5005040
https://support.microsoft.com/help/5005040
10729
10735
5005043
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005043
5004238
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4583
5005076
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005076
5004298
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
10543
5005106
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005106
10481
10482
10483
10543
Yes
Security Only
6.3.9600.20094
5005106
https://support.microsoft.com/help/5005106
10481
10482
10483
10543
5005076
5004298
10484
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
10543
5005099
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005099
5004294
10378
10379
Yes
Monthly Rollup
6.2.9200.23435
5005099
https://support.microsoft.com/help/5005099
10378
10379
5005094
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005094
10378
10379
Yes
Security Only
6.2.9200.23435
5005094
https://support.microsoft.com/help/5005094
10378
10379
Liubenjin with Codesafe Team of Legendsec at Qi'anxin Group
1.0
2021-08-10T07:00:00
<p>Information published.</p>
Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.</p>
Windows Services for NFS ONCRPC XDR Driver
Microsoft
CVE-2021-36933
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
10729
10735
10852
10853
10816
10855
10481
10482
10484
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11570
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11712
Information Disclosure
11713
Information Disclosure
11714
Information Disclosure
11896
Information Disclosure
11897
Information Disclosure
11898
Information Disclosure
11766
Information Disclosure
11767
Information Disclosure
11768
Information Disclosure
11769
Information Disclosure
11800
Information Disclosure
11801
Information Disclosure
11802
Information Disclosure
11803
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
10481
Information Disclosure
10482
Information Disclosure
10484
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11766
Important
11767
Important
11768
Important
11769
Important
11800
Important
11801
Important
11802
Important
11803
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10481
Important
10482
Important
10484
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11570
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11712
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11713
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11714
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11896
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11897
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11898
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11766
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11767
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11768
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11769
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11800
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11801
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11802
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11803
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10481
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10482
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10484
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5005030
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030
5004244
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2114
5005030
https://support.microsoft.com/help/5005030
11568
11569
11570
11571
11572
5005031
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005031
5004245
11712
11713
11714
Yes
Security Update
10.0.18363.1734
5005031
https://support.microsoft.com/help/5005031
11712
11713
11714
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11896
11897
11898
Yes
Security Update
10.0.19043.1165
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11766
11767
11768
11769
Yes
Security Update
10.0.19041.1165
5005033
https://support.microsoft.com/help/5005033
11896
11897
11898
11766
11767
11768
11769
11800
11801
11802
11803
5005033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
5004237
11800
11801
11802
11803
Yes
Security Update
10.0.19042.1165
5005040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005040
5004249
10729
10735
Yes
Security Update
10.0.10240.19022
5005040
https://support.microsoft.com/help/5005040
10729
10735
5005043
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005043
5004238
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4583
5005076
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005076
5004298
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
10543
5005106
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005106
10481
10482
10483
10543
Yes
Security Only
6.3.9600.20094
5005106
https://support.microsoft.com/help/5005106
10481
10482
10483
10543
5005076
5004298
10484
Yes
Monthly Rollup
6.3.9600.20094
5005076
https://support.microsoft.com/help/5005076
10481
10482
10484
10483
10543
5005099
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005099
5004294
10378
10379
Yes
Monthly Rollup
6.2.9200.23435
5005099
https://support.microsoft.com/help/5005099
10378
10379
5005094
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005094
10378
10379
Yes
Security Only
6.2.9200.23435
5005094
https://support.microsoft.com/help/5005094
10378
10379
Liubenjin with Codesafe Team of Legendsec at Qi'anxin Group
1.0
2021-08-10T07:00:00
<p>Information published.</p>
Azure CycleCloud Elevation of Privilege Vulnerability
Azure
Microsoft
CVE-2021-36943
11905
Elevation of Privilege
11905
Important
11905
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
4.0
3.5
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11905
Release Notes
https://docs.microsoft.com/en-us/azure/cyclecloud/packages?view=cyclecloud-8
11905
Maybe
Security Update
8.2.0
Michael Taggart of <a href="https://www.uclahealth.org/">UCLA Health Sciences</a>
1.0
2021-08-10T07:00:00
<p>Information published.</p>
Chromium: CVE-2021-30590 Heap buffer overflow in Bookmarks
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>92.0.902.67</td>
<td>8/5/2021</td>
<td>92.0.4515.131</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
CVE-2021-30590
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
92.0.902.67
1.0
2021-08-05T07:00:00
<p>Information published.</p>
Chromium: CVE-2021-30591 Use after free in File System API
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>92.0.902.67</td>
<td>8/5/2021</td>
<td>92.0.4515.131</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
CVE-2021-30591
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
92.0.902.67
1.0
2021-08-05T07:00:00
<p>Information published.</p>
Chromium: CVE-2021-30592 Out of bounds write in Tab Groups
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>92.0.902.67</td>
<td>8/5/2021</td>
<td>92.0.4515.131</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
CVE-2021-30592
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
92.0.902.67
1.0
2021-08-05T07:00:00
<p>Information published.</p>
Chromium: CVE-2021-30593 Out of bounds read in Tab Strip
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>92.0.902.67</td>
<td>8/5/2021</td>
<td>92.0.4515.131</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
CVE-2021-30593
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
92.0.902.67
1.0
2021-08-05T07:00:00
<p>Information published.</p>
Chromium: CVE-2021-30594 Use after free in Page Info UI
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>92.0.902.67</td>
<td>8/5/2021</td>
<td>92.0.4515.131</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
CVE-2021-30594
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
92.0.902.67
1.0
2021-08-05T07:00:00
<p>Information published.</p>
Chromium: CVE-2021-30596 Incorrect security UI in Navigation
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>92.0.902.67</td>
<td>8/5/2021</td>
<td>92.0.4515.131</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
CVE-2021-30596
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
92.0.902.67
1.0
2021-08-05T07:00:00
<p>Information published.</p>
Chromium: CVE-2021-30597 Use after free in Browser UI
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>92.0.902.67</td>
<td>8/5/2021</td>
<td>92.0.4515.131</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
CVE-2021-30597
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
92.0.902.67
1.0
2021-08-05T07:00:00
<p>Information published.</p>
Chromium: CVE-2021-30598 Type Confusion in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>92.0.902.78</td>
<td>8/19/2021</td>
<td>92.0.4515.159</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
CVE-2021-30598
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
92.0.902.78
1.0
2021-08-19T07:00:00
<p>Information published.</p>
Chromium: CVE-2021-30599 Type Confusion in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>92.0.902.78</td>
<td>8/19/2021</td>
<td>92.0.4515.159</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
CVE-2021-30599
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
92.0.902.78
1.0
2021-08-19T07:00:00
<p>Information published.</p>
Chromium: CVE-2021-30601 Use after free in Extensions API
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>92.0.902.78</td>
<td>8/19/2021</td>
<td>92.0.4515.159</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
CVE-2021-30601
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
92.0.902.78
1.0
2021-08-19T07:00:00
<p>Information published.</p>
Chromium: CVE-2021-30602 Use after free in WebRTC
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>92.0.902.78</td>
<td>8/19/2021</td>
<td>92.0.4515.159</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
CVE-2021-30602
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
92.0.902.78
1.0
2021-08-19T07:00:00
<p>Information published.</p>
Chromium: CVE-2021-30603 Race in WebAudio
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>92.0.902.78</td>
<td>8/19/2021</td>
<td>92.0.4515.159</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
CVE-2021-30603
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
92.0.902.78
1.0
2021-08-19T07:00:00
<p>Information published.</p>
Chromium: CVE-2021-30604 Use after free in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>92.0.902.78</td>
<td>8/19/2021</td>
<td>92.0.4515.159</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
CVE-2021-30604
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
92.0.902.78
1.0
2021-08-19T07:00:00
<p>Information published.</p>