February 2021 Security Updates
Security Update
secure@microsoft.com
The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc.
2021-Feb
2021-Feb
Final
1.0
332
2026-02-19T01:09:06
February 2021 Security Updates
2021-02-09T08:00:00
2026-02-19T01:09:06
<h2>Updates this Month</h2>
<p>This release consists of security updates for the following products, features and roles.</p>
<ul>
<li>.NET Core</li>
<li>.NET Framework</li>
<li>Azure IoT</li>
<li>Developer Tools</li>
<li>Microsoft Azure Kubernetes Service</li>
<li>Microsoft Dynamics</li>
<li>Microsoft Edge for Android</li>
<li>Microsoft Exchange Server</li>
<li>Microsoft Graphics Component</li>
<li>Microsoft Office Excel</li>
<li>Microsoft Office SharePoint</li>
<li>Microsoft Windows Codecs Library</li>
<li>Role: DNS Server</li>
<li>Role: Hyper-V</li>
<li>Role: Windows Fax Service</li>
<li>Skype for Business</li>
<li>SysInternals</li>
<li>System Center</li>
<li>Visual Studio</li>
<li>Windows Address Book</li>
<li>Windows Backup Engine</li>
<li>Windows Console Driver</li>
<li>Windows Defender</li>
<li>Windows DirectX</li>
<li>Windows Event Tracing</li>
<li>Windows Installer</li>
<li>Windows Kernel</li>
<li>Windows Mobile Device Management</li>
<li>Windows Network File System</li>
<li>Windows PFX Encryption</li>
<li>Windows PKU2U</li>
<li>Windows PowerShell</li>
<li>Windows Print Spooler Components</li>
<li>Windows Remote Procedure Call</li>
<li>Windows TCP/IP</li>
<li>Windows Trust Verification API</li>
</ul>
<h2>Security Update Guide Blog Posts</h2>
<table>
<thead>
<tr>
<th>Date</th>
<th>Blog Post</th>
</tr>
</thead>
<tbody>
<tr>
<td>February 9, 2021</td>
<td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td>
</tr>
<tr>
<td>January 13, 2021</td>
<td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td>
</tr>
<tr>
<td>December 8, 2020</td>
<td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td>
</tr>
<tr>
<td>November 9, 2020</td>
<td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td>
</tr>
</tbody>
</table>
<h2>Relevant Information</h2>
<ul>
<li>Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li>
<li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li>
<li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li>
<li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li>
<li>Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li>
</ul>
<h2>FAQs, Mitigations, and Workarounds</h2>
<p>The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting <strong>FAQs</strong>, <strong>Mitigations</strong> and <strong>Workarounds</strong> columns in the <strong>Edit Columns</strong> panel.</p>
<ul>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1722">CVE-2021-1722</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1726">CVE-2021-1726</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1728">CVE-2021-1728</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1730">CVE-2021-1730</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1731">CVE-2021-1731</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1733">CVE-2021-1733</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1734">CVE-2021-1734</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24066">CVE-2021-24066</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24067">CVE-2021-24067</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24068">CVE-2021-24068</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24069">CVE-2021-24069</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24070">CVE-2021-24070</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24071">CVE-2021-24071</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24074">CVE-2021-24074</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24076">CVE-2021-24076</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24077">CVE-2021-24077</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24078">CVE-2021-24078</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24079">CVE-2021-24079</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24084">CVE-2021-24084</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24085">CVE-2021-24085</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24086">CVE-2021-24086</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24087">CVE-2021-24087</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24092">CVE-2021-24092</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24093">CVE-2021-24093</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24094">CVE-2021-24094</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24098">CVE-2021-24098</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24100">CVE-2021-24100</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24101">CVE-2021-24101</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24105">CVE-2021-24105</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24106">CVE-2021-24106</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24109">CVE-2021-24109</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24112">CVE-2021-24112</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24114">CVE-2021-24114</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-25195">CVE-2021-25195</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26700">CVE-2021-26700</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26701">CVE-2021-26701</a></li>
</ul>
<h2>Known Issues</h2>
<p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p>
<p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p>
<table>
<thead>
<tr>
<th>KB Article</th>
<th>Applies To</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://support.microsoft.com/help/4493194">4493194</a></td>
<td>SharePoint Server 2019</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4493195">4493195</a></td>
<td>SharePoint Enterprise Server 2016</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4493210">4493210</a></td>
<td>SharePoint Foundation 2013</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4493223">4493223</a></td>
<td>SharePoint Foundation 2010</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4571787">4571787</a></td>
<td>Exchange Server 2019</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4600944">4600944</a></td>
<td>Security and Quality Rollup for .NET Framework 4.8 for Windows 7 SP1 and Windows Server 2008 R2 SP1</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4600945">4600945</a></td>
<td>Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 SP1 and Windows Server 2008 R2 SP1 and Windows Server 2008 SP2</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4600957">4600957</a></td>
<td>Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4601048">4601048</a></td>
<td>Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1, RT 8.1, and Windows Server 2012 R2</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4601050">4601050</a></td>
<td>Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 2004, Windows Server, version 2004, Windows 10, version 20H2, and Windows Server, version 20H2</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4601051">4601051</a></td>
<td>Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server, version 2016</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4601052">4601052</a></td>
<td>Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4601054">4601054</a></td>
<td>Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1803</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4601055">4601055</a></td>
<td>Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 1809 and Windows Server, version 2019</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4601056">4601056</a></td>
<td>Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 1909, and Windows Server, version 1909</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4601057">4601057</a></td>
<td>Security and Quality Rollup for .NET Framework 4.8 for Windows Server 2012</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4601058">4601058</a></td>
<td>Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1, RT 8.1, and Windows Server 2012 R2</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4601060">4601060</a></td>
<td>Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10, version 1809 and Windows Server, version 2019</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4601315">4601315</a></td>
<td>Windows 10, Version 1909, Windows Server, Version 1909</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4601318">4601318</a></td>
<td>Windows 10, Version 1607, Windows Server 2016</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4601319">4601319</a></td>
<td>Windows 10, version 2004</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4601345">4601345</a></td>
<td>Windows 10, Version 1809, Windows Server 2019</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4601347">4601347</a></td>
<td>Windows 7, Windows Server 2008 R2 (Monthly Rollup)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4601348">4601348</a></td>
<td>Windows Server 2012 (Monthly Rollup)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4601349">4601349</a></td>
<td>Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Security-only update)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4601357">4601357</a></td>
<td>Windows Server 2012 (Security-only update)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4601360">4601360</a></td>
<td>Windows Server 2008 (Monthly Rollup)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4601363">4601363</a></td>
<td>Windows 7, Windows Server 2008 R2 (Security-only update)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4601366">4601366</a></td>
<td>Windows Server 2008 (Security-only update)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4601384">4601384</a></td>
<td>Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Monthly Rollup)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4601887">4601887</a></td>
<td>Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10, version 1809 and Windows Server, version 2019</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4602269">4602269</a></td>
<td>Exchange Server 2019, Exchange Server 2016</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4603002">4603002</a></td>
<td>Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1 and Windows Server 2008 R2 SP1</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4603003">4603003</a></td>
<td>Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4603004">4603004</a></td>
<td>Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1, RT 8.1, and Windows Server 2012 R2</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/4603005">4603005</a></td>
<td>Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008 SP2</td>
</tr>
</tbody>
</table>
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Microsoft Visual Studio 2019 version 16.8
Visual Studio Code
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)
PowerShell Core 7.1
PowerShell Core 7.0
.NET Core 2.1
.NET Core 3.1
.NET 5.0
PsExec
Visual Studio 2019 for Mac
Mono 6.12.0
Visual Studio Code - npm-script Extension
Microsoft Visual Studio 2019 version 16.8 (includes 16.0 - 16.7)
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)
Package Manager Configurations
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for 32-bit Systems
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for x64-based systems
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2
Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1
Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows RT 8.1
Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for x64-based Systems
Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)
Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems
Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1
Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems
Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems
Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1
Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1
Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems
Microsoft .NET Framework 4.8 on Windows Server 2012
Microsoft .NET Framework 4.8 on Windows Server 2016
Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft .NET Framework 4.8 on Windows RT 8.1
Microsoft .NET Framework 4.8 on Windows Server 2012 R2
Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)
Microsoft .NET Framework 4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2
Microsoft .NET Framework 4.6 on Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft .NET Framework 4.8 on Windows 10 Version 20H2 for 32-bit Systems
Microsoft .NET Framework 4.8 on Windows Server, version 2004 (Server Core installation)
Microsoft .NET Framework 4.8 on Windows 10 Version 2004 for x64-based Systems
Microsoft .NET Framework 4.8 on Windows Server, version 20H2 (Server Core Installation)
Microsoft .NET Framework 4.8 on Windows 10 Version 20H2 for ARM64-based Systems
Microsoft .NET Framework 4.8 on Windows 10 Version 2004 for ARM64-based Systems
Microsoft .NET Framework 4.8 on Windows 10 Version 2004 for 32-bit Systems
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1803 for x64-based Systems
Microsoft .NET Framework 4.7.2 on Windows Server 2019 (Server Core installation)
Microsoft .NET Framework 4.7.2 on Windows Server 2019
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1803 for 32-bit Systems
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1803 for ARM64-based Systems
Microsoft .NET Framework 4.8 on Windows Server 2019 (Server Core installation)
Microsoft .NET Framework 4.8 on Windows Server 2019
Microsoft .NET Framework 4.8 on Windows 10 Version 1909 for x64-based Systems
Microsoft .NET Framework 4.8 on Windows Server, version 1909 (Server Core installation)
Microsoft .NET Framework 4.8 on Windows 10 Version 1909 for ARM64-based Systems
Microsoft .NET Framework 4.8 on Windows 10 Version 1909 for 32-bit Systems
Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)
Microsoft Dynamics NAV 2018
Microsoft Dynamics 365 Business Central 2020 Release Wave 1
Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)
Microsoft Dynamics NAV 2017
Microsoft Dynamics 365 Business Central 2020 Release Wave 2
Microsoft Dynamics NAV 2015
Microsoft Dynamics NAV 2016
Microsoft Dynamics 365 (on-premises) version 8.2
Microsoft Dynamics 365 (on-premises) version 9.0
System Center 2019 Operations Manager
Microsoft Endpoint Protection
Microsoft System Center Endpoint Protection
Microsoft System Center 2012 R2 Endpoint Protection
Microsoft Security Essentials
Microsoft System Center 2012 Endpoint Protection
Windows Defender on Windows 10 Version 1803 for 32-bit Systems
Windows Defender on Windows 10 Version 1803 for x64-based Systems
Windows Defender on Windows 10 Version 1803 for ARM64-based Systems
Windows Defender on Windows 10 Version 1809 for 32-bit Systems
Windows Defender on Windows 10 Version 1809 for x64-based Systems
Windows Defender on Windows 10 Version 1809 for ARM64-based Systems
Windows Defender on Windows Server 2019
Windows Defender on Windows Server 2019 (Server Core installation)
Windows Defender on Windows 10 Version 1909 for 32-bit Systems
Windows Defender on Windows 10 Version 1909 for x64-based Systems
Windows Defender on Windows 10 Version 1909 for ARM64-based Systems
Windows Defender on Windows Server, version 1909 (Server Core installation)
Windows Defender on Windows 10 Version 1903 for 32-bit Systems
Windows Defender on Windows 10 Version 1903 for x64-based Systems
Windows Defender on Windows 10 Version 1903 for ARM64-based Systems
Windows Defender on Windows Server, version 1903 (Server Core installation)
Windows Defender on Windows 10 Version 2004 for 32-bit Systems
Windows Defender on Windows 10 Version 2004 for ARM64-based Systems
Windows Defender on Windows 10 Version 2004 for x64-based Systems
Windows Defender on Windows Server, version 2004 (Server Core installation)
Windows Defender on Windows 10 Version 20H2 for 32-bit Systems
Windows Defender on Windows 10 Version 20H2 for ARM64-based Systems
Windows Defender on Windows Server, version 20H2 (Server Core Installation)
Windows Defender on Windows 10 for 32-bit Systems
Windows Defender on Windows 10 for x64-based Systems
Windows Defender on Windows 10 Version 1607 for 32-bit Systems
Windows Defender on Windows 10 Version 1607 for x64-based Systems
Windows Defender on Windows Server 2016
Windows Defender on Windows Server 2016 (Server Core installation)
Windows Defender on Windows 7 for 32-bit Systems Service Pack 1
Windows Defender on Windows 7 for x64-based Systems Service Pack 1
Windows Defender on Windows 8.1 for 32-bit systems
Windows Defender on Windows 8.1 for x64-based systems
Windows Defender on Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Defender on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Defender on Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Defender on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Defender on Windows Server 2012
Windows Defender on Windows Server 2012 (Server Core installation)
Windows Defender on Windows Server 2012 R2
Windows Defender on Windows Server 2012 R2 (Server Core installation)
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows Server, version 1903 (Server Core installation)
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Microsoft Exchange Server 2019 Cumulative Update 8
Microsoft Exchange Server 2016 Cumulative Update 19
Microsoft Exchange Server 2019 Cumulative Update 7
Microsoft Exchange Server 2016 Cumulative Update 18
azure-iot-cli-extension
Microsoft Azure Kubernetes Service
Microsoft Edge for Android
Microsoft Edge (Chromium-based)
Microsoft Teams for iOS
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2019
Microsoft SharePoint Foundation 2010 Service Pack 2
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft Office Web Apps Server 2013 Service Pack 1
Office Online Server
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2019 for Mac
Microsoft Office Online Server
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Skype for Business Server 2015 CU 8
Microsoft Lync Server 2013
Skype for Business Server 2019 CU2
CBL Mariner 1.0 x64
CBL Mariner 1.0 ARM
CBL Mariner 2.0 x64
CBL Mariner 2.0 ARM
Microsoft Security Essentials
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Microsoft System Center 2012 Endpoint Protection
Windows Server 2012
Windows Server 2012 (Server Core installation)
Microsoft Lync Server 2013
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows Server 2012 R2
Windows RT 8.1
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft SharePoint Foundation 2010 Service Pack 2
Windows Server 2012 R2 (Server Core installation)
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2013 RT Service Pack 1
Microsoft .NET Framework 4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2
Microsoft .NET Framework 4.6 on Windows Server 2008 for x64-based Systems Service Pack 2
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Windows Server 2016
Office Online Server
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016 (Server Core installation)
Microsoft SharePoint Enterprise Server 2016
Microsoft Endpoint Protection
Microsoft System Center Endpoint Protection
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Microsoft System Center 2012 R2 Endpoint Protection
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for x64-based systems
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows RT 8.1
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)
Windows 10 Version 1803 for ARM64-based Systems
.NET Core 2.1
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2019 for Mac
Microsoft SharePoint Server 2019
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft Dynamics NAV 2016
Microsoft Dynamics NAV 2017
Microsoft Office Online Server
Skype for Business Server 2015 CU 8
Visual Studio Code
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows Server, version 1903 (Server Core installation)
Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1
Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1
Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1
Microsoft .NET Framework 4.8 on Windows Server 2012
Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)
Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems
Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems
Microsoft .NET Framework 4.8 on Windows Server 2012 R2
Microsoft .NET Framework 4.8 on Windows RT 8.1
Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)
Microsoft .NET Framework 4.8 on Windows Server 2016
Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems
Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems
Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)
Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems
Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems
Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for 32-bit Systems
Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for x64-based Systems
Microsoft .NET Framework 4.8 on Windows Server 2019
Microsoft .NET Framework 4.8 on Windows Server 2019 (Server Core installation)
Microsoft .NET Framework 4.8 on Windows 10 Version 1909 for 32-bit Systems
Microsoft .NET Framework 4.8 on Windows 10 Version 1909 for x64-based Systems
Microsoft .NET Framework 4.8 on Windows 10 Version 1909 for ARM64-based Systems
Microsoft .NET Framework 4.8 on Windows Server, version 1909 (Server Core installation)
Microsoft .NET Framework 4.8 on Windows 10 Version 2004 for 32-bit Systems
Microsoft .NET Framework 4.8 on Windows 10 Version 2004 for ARM64-based Systems
Microsoft .NET Framework 4.8 on Windows 10 Version 2004 for x64-based Systems
Microsoft .NET Framework 4.8 on Windows Server, version 2004 (Server Core installation)
Microsoft .NET Framework 4.8 on Windows 10 Version 20H2 for 32-bit Systems
Microsoft .NET Framework 4.8 on Windows 10 Version 20H2 for ARM64-based Systems
Microsoft .NET Framework 4.8 on Windows Server, version 20H2 (Server Core Installation)
Microsoft Edge (Chromium-based)
Microsoft Dynamics 365 (on-premises) version 8.2
Microsoft Dynamics 365 (on-premises) version 9.0
Microsoft Azure Kubernetes Service
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows Server, version 1909 (Server Core installation)
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Skype for Business Server 2019 CU2
.NET Core 3.1
Microsoft Dynamics NAV 2018
Microsoft Dynamics NAV 2015
Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)
.NET 5.0
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)
Microsoft Exchange Server 2019 Cumulative Update 7
Microsoft Exchange Server 2016 Cumulative Update 18
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Microsoft Visual Studio 2019 version 16.8
Microsoft Edge for Android
azure-iot-cli-extension
PsExec
System Center 2019 Operations Manager
Package Manager Configurations
Microsoft Exchange Server 2016 Cumulative Update 19
Microsoft Exchange Server 2019 Cumulative Update 8
Microsoft Teams for iOS
Microsoft Dynamics 365 Business Central 2020 Release Wave 2
Microsoft Dynamics 365 Business Central 2020 Release Wave 1
Visual Studio Code - npm-script Extension
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1803 for 32-bit Systems
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1803 for x64-based Systems
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1803 for ARM64-based Systems
Microsoft .NET Framework 4.7.2 on Windows Server 2019
Microsoft .NET Framework 4.7.2 on Windows Server 2019 (Server Core installation)
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)
PowerShell Core 7.1
PowerShell Core 7.0
Microsoft Visual Studio 2019 version 16.8 (includes 16.0 - 16.7)
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)
Visual Studio 2019 for Mac
Mono 6.12.0
CBL Mariner 1.0 x64
CBL Mariner 1.0 ARM
CBL Mariner 2.0 x64
CBL Mariner 2.0 ARM
python3-3.7.10-3.cm1.x86_64.rpm on CBL Mariner 1.0 x64
python3-libs-3.7.10-3.cm1.x86_64.rpm on CBL Mariner 1.0 x64
python3-xml-3.7.10-3.cm1.x86_64.rpm on CBL Mariner 1.0 x64
python3-curses-3.7.10-3.cm1.x86_64.rpm on CBL Mariner 1.0 x64
python3-devel-3.7.10-3.cm1.x86_64.rpm on CBL Mariner 1.0 x64
python3-tools-3.7.10-3.cm1.x86_64.rpm on CBL Mariner 1.0 x64
python3-pip-3.7.10-3.cm1.noarch.rpm on CBL Mariner 1.0 x64
python3-pip-3.7.10-3.cm1.noarch.rpm on CBL Mariner 1.0 ARM
python3-setuptools-3.7.10-3.cm1.noarch.rpm on CBL Mariner 1.0 x64
python3-setuptools-3.7.10-3.cm1.noarch.rpm on CBL Mariner 1.0 ARM
python3-test-3.7.10-3.cm1.x86_64.rpm on CBL Mariner 1.0 x64
python3-debuginfo-3.7.10-3.cm1.x86_64.rpm on CBL Mariner 1.0 x64
python3-3.7.10-3.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
python3-libs-3.7.10-3.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
python3-xml-3.7.10-3.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
python3-curses-3.7.10-3.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
python3-devel-3.7.10-3.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
python3-tools-3.7.10-3.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
python3-test-3.7.10-3.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
python3-debuginfo-3.7.10-3.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
python2-2.7.18-6.cm1.x86_64.rpm on CBL Mariner 1.0 x64
python2-libs-2.7.18-6.cm1.x86_64.rpm on CBL Mariner 1.0 x64
python-xml-2.7.18-6.cm1.x86_64.rpm on CBL Mariner 1.0 x64
python-curses-2.7.18-6.cm1.x86_64.rpm on CBL Mariner 1.0 x64
python2-devel-2.7.18-6.cm1.x86_64.rpm on CBL Mariner 1.0 x64
python2-tools-2.7.18-6.cm1.x86_64.rpm on CBL Mariner 1.0 x64
python2-test-2.7.18-6.cm1.x86_64.rpm on CBL Mariner 1.0 x64
python2-debuginfo-2.7.18-6.cm1.x86_64.rpm on CBL Mariner 1.0 x64
python2-2.7.18-6.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
python2-libs-2.7.18-6.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
python-xml-2.7.18-6.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
python-curses-2.7.18-6.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
python2-devel-2.7.18-6.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
python2-tools-2.7.18-6.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
python2-test-2.7.18-6.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
python2-debuginfo-2.7.18-6.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
wpa_supplicant-2.10-1.cm2.x86_64.rpm on CBL Mariner 2.0 x64
wpa_supplicant-debuginfo-2.10-1.cm2.x86_64.rpm on CBL Mariner 2.0 x64
wpa_supplicant-2.10-1.cm2.aarch64.rpm on CBL Mariner 2.0 ARM
wpa_supplicant-debuginfo-2.10-1.cm2.aarch64.rpm on CBL Mariner 2.0 ARM
redis-6.2.6-1.cm2.x86_64.rpm on CBL Mariner 2.0 x64
redis-debuginfo-6.2.6-1.cm2.x86_64.rpm on CBL Mariner 2.0 x64
redis-6.2.6-1.cm2.aarch64.rpm on CBL Mariner 2.0 ARM
redis-debuginfo-6.2.6-1.cm2.aarch64.rpm on CBL Mariner 2.0 ARM
postgresql-12.7-1.cm1.x86_64.rpm on CBL Mariner 1.0 x64
postgresql-libs-12.7-1.cm1.x86_64.rpm on CBL Mariner 1.0 x64
postgresql-devel-12.7-1.cm1.x86_64.rpm on CBL Mariner 1.0 x64
postgresql-debuginfo-12.7-1.cm1.x86_64.rpm on CBL Mariner 1.0 x64
postgresql-12.7-1.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
postgresql-libs-12.7-1.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
postgresql-devel-12.7-1.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
postgresql-debuginfo-12.7-1.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
openldap-2.4.57-2.cm1.x86_64.rpm on CBL Mariner 1.0 x64
openldap-debuginfo-2.4.57-2.cm1.x86_64.rpm on CBL Mariner 1.0 x64
openldap-2.4.57-2.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
openldap-debuginfo-2.4.57-2.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
openldap-2.4.57-6.cm2.x86_64.rpm on CBL Mariner 2.0 x64
openldap-debuginfo-2.4.57-6.cm2.x86_64.rpm on CBL Mariner 2.0 x64
openldap-2.4.57-6.cm2.aarch64.rpm on CBL Mariner 2.0 ARM
openldap-debuginfo-2.4.57-6.cm2.aarch64.rpm on CBL Mariner 2.0 ARM
kernel-5.10.57.1-1.cm1.x86_64.rpm on CBL Mariner 1.0 x64
kernel-devel-5.10.57.1-1.cm1.x86_64.rpm on CBL Mariner 1.0 x64
kernel-drivers-accessibility-5.10.57.1-1.cm1.x86_64.rpm on CBL Mariner 1.0 x64
kernel-drivers-sound-5.10.57.1-1.cm1.x86_64.rpm on CBL Mariner 1.0 x64
kernel-docs-5.10.57.1-1.cm1.x86_64.rpm on CBL Mariner 1.0 x64
kernel-oprofile-5.10.57.1-1.cm1.x86_64.rpm on CBL Mariner 1.0 x64
kernel-tools-5.10.57.1-1.cm1.x86_64.rpm on CBL Mariner 1.0 x64
kernel-debuginfo-5.10.57.1-1.cm1.x86_64.rpm on CBL Mariner 1.0 x64
kernel-5.10.57.1-1.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
kernel-devel-5.10.57.1-1.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
kernel-drivers-accessibility-5.10.57.1-1.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
kernel-drivers-sound-5.10.57.1-1.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
kernel-docs-5.10.57.1-1.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
kernel-tools-5.10.57.1-1.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
kernel-dtb-5.10.57.1-1.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
kernel-debuginfo-5.10.57.1-1.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
qemu-kvm-4.2.0-27.cm1.x86_64.rpm on CBL Mariner 1.0 x64
qemu-img-4.2.0-27.cm1.x86_64.rpm on CBL Mariner 1.0 x64
qemu-kvm-4.2.0-27.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
qemu-img-4.2.0-27.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
wpa_supplicant-2.9-3.cm1.x86_64.rpm on CBL Mariner 1.0 x64
wpa_supplicant-debuginfo-2.9-3.cm1.x86_64.rpm on CBL Mariner 1.0 x64
wpa_supplicant-2.9-3.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
wpa_supplicant-debuginfo-2.9-3.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
redis-5.0.5-6.cm1.x86_64.rpm on CBL Mariner 1.0 x64
redis-debuginfo-5.0.5-6.cm1.x86_64.rpm on CBL Mariner 1.0 x64
redis-5.0.5-6.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
redis-debuginfo-5.0.5-6.cm1.aarch64.rpm on CBL Mariner 1.0 ARM
cm1 moby-buildx 0.4.1+azure-3 on CBL Mariner 1.0
cbl2 avahi 0.8-1 on CBL Mariner 2.0
cbl2 php 7.4.14-3 on CBL Mariner 2.0
cm1 kernel 5.10.60.1-1 on CBL Mariner 1.0
cbl2 kernel 5.10.78.1-1 on CBL Mariner 2.0
azl3 nodejs 20.14.0-1 on Azure Linux 3.0
cbl2 glib 2.60.1-5 on CBL Mariner 2.0
azl3 shim-unsigned-x64 15.8-5 on Azure Linux 3.0
azl3 shim-unsigned-aarch64 15.8-5 on Azure Linux 3.0
cm1 cyrus-sasl 2.1.27-4 on CBL Mariner 1.0
cbl2 cyrus-sasl 2.1.27-10 on CBL Mariner 2.0
azl3 kernel 6.6.35.1-4 on Azure Linux 3.0
azl3 avahi 0.8-5 on Azure Linux 3.0
cbl2 screen 4.9.1-1 on CBL Mariner 2.0
cbl2 kernel 5.15.26.1-1 on CBL Mariner 2.0
azl3 librsvg2 2.58.1-1 on Azure Linux 3.0
cm1 rubygem-elasticsearch 8.2.0-1 on CBL Mariner 1.0
cm1 helm 3.4.1-4 on CBL Mariner 1.0
cbl2 helm 3.4.1-4 on CBL Mariner 2.0
cm1 moby-engine 19.03.15+azure-2 on CBL Mariner 1.0
cm1 moby-cli 19.03.15+azure-2 on CBL Mariner 1.0
cbl2 jasper 2.0.32-2 on CBL Mariner 2.0
azl3 avahi 0.8-1 on Azure Linux 3.0
azl3 shim-unsigned-x64 1.1.1-1 on Azure Linux 3.0
cm1 python-jinja2 2.11.3-1 on CBL Mariner 1.0
cm1 tpm2-tss 2.4.6-1 on CBL Mariner 1.0
cbl2 tpm2-tss 2.4.6-1 on CBL Mariner 2.0
cm1 glibc 2.28-18 on CBL Mariner 1.0
cm1 bind 9.16.3-3 on CBL Mariner 1.0
cm1 openvswitch 2.12.0-3 on CBL Mariner 1.0
cm1 python-cryptography 3.3.2-1 on CBL Mariner 1.0
cbl2 PyYAML 5.4.1-1 on CBL Mariner 2.0
cbl2 xterm 372-1 on CBL Mariner 2.0
cbl2 stunnel 5.70-1 on CBL Mariner 2.0
cbl2 podman 4.1.1-1 on CBL Mariner 2.0
azl3 kernel 6.6.92.2-1 on Azure Linux 3.0
azl3 nodejs 20.14.0-8 on Azure Linux 3.0
cbl2 php on CBL Mariner 2.0
cbl2 bolt on CBL Mariner 2.0
azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0
azl3 librsvg2 2.50.3-4 on Azure Linux 3.0
Windows Defender on Windows 7 for 32-bit Systems Service Pack 1
Windows Defender on Windows 7 for x64-based Systems Service Pack 1
Windows Defender on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Defender on Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Defender on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Defender on Windows Server 2012
Windows Defender on Windows Server 2012 (Server Core installation)
Windows Defender on Windows 8.1 for 32-bit systems
Windows Defender on Windows 8.1 for x64-based systems
Windows Defender on Windows Server 2012 R2
Windows Defender on Windows Server 2012 R2 (Server Core installation)
Windows Defender on Windows 10 for 32-bit Systems
Windows Defender on Windows 10 for x64-based Systems
Windows Defender on Windows Server 2016
Windows Defender on Windows 10 Version 1607 for 32-bit Systems
Windows Defender on Windows 10 Version 1607 for x64-based Systems
Windows Defender on Windows Server 2016 (Server Core installation)
Windows Defender on Windows 10 Version 1803 for 32-bit Systems
Windows Defender on Windows 10 Version 1803 for x64-based Systems
Windows Defender on Windows 10 Version 1803 for ARM64-based Systems
Windows Defender on Windows 10 Version 1809 for 32-bit Systems
Windows Defender on Windows 10 Version 1809 for x64-based Systems
Windows Defender on Windows 10 Version 1809 for ARM64-based Systems
Windows Defender on Windows Server 2019
Windows Defender on Windows Server 2019 (Server Core installation)
Windows Defender on Windows 10 Version 1903 for 32-bit Systems
Windows Defender on Windows 10 Version 1903 for x64-based Systems
Windows Defender on Windows 10 Version 1903 for ARM64-based Systems
Windows Defender on Windows Server, version 1903 (Server Core installation)
Windows Defender on Windows 10 Version 1909 for 32-bit Systems
Windows Defender on Windows 10 Version 1909 for x64-based Systems
Windows Defender on Windows 10 Version 1909 for ARM64-based Systems
Windows Defender on Windows Server, version 1909 (Server Core installation)
Windows Defender on Windows 10 Version 2004 for 32-bit Systems
Windows Defender on Windows 10 Version 2004 for ARM64-based Systems
Windows Defender on Windows 10 Version 2004 for x64-based Systems
Windows Defender on Windows Server, version 2004 (Server Core installation)
Windows Defender on Windows 10 Version 20H2 for 32-bit Systems
Windows Defender on Windows 10 Version 20H2 for ARM64-based Systems
Windows Defender on Windows Server, version 20H2 (Server Core Installation)
Windows Defender on Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y CONFIG_BPF=y CONFIG_CGROUPS=y CONFIG_CGROUP_BPF=y CONFIG_HARDENED_USERCOPY not set and BPF hook to getsockopt is registered). As result of BPF execution the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2021-20194
Improper Input Validation
18781-16823
17065-17084
19529-17084
18781-16823
17065-17084
19529-17084
Important
18781-16823
Important
17065-17084
Important
19529-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18781-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17065-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19529-17084
CBL-Mariner Releases
18781-16823
No
Security Update
5.15.26.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18781-16823
CBL-Mariner Releases
CBL-Mariner Releases
17065-17084
19529-17084
No
Security Update
6.6.35.1-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17065-17084
19529-17084
CBL-Mariner Releases
1.2
2026-02-19T01:09:06
<p>Information published.</p>
1.0
2021-02-27T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added kernel to CBL-Mariner 2.0</p>
An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2021-20203
Integer Overflow or Wraparound
14239-12137
14240-12137
14241-12138
14242-12138
14239-12137
14240-12137
14241-12138
14242-12138
14239-12137
14240-12137
14241-12138
14242-12138
3.2
3.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
14239-12137
3.2
3.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
14240-12137
3.2
3.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
14241-12138
3.2
3.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
14242-12138
CBL-Mariner Releases
14239-12137
14240-12137
14241-12138
14242-12138
No
Security Update
4.2.0-27
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
14239-12137
14240-12137
14241-12138
14242-12138
CBL-Mariner Releases
1.0
2021-03-04T00:00:00
<p>Information published.</p>
A flaw was found in stunnel before 5.57 where it improperly validates client certificates when it is configured to use both redirect and verifyChain options. This flaw allows an attacker with a certificate signed by a Certificate Authority which is not the one accepted by the stunnel server to access the tunneled service instead of being redirected to the address specified in the redirect option. The highest threat from this vulnerability is to confidentiality.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2021-20230
Improper Certificate Validation
19476-16823
19476-16823
Important
19476-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
19476-16823
CBL-Mariner Releases
19476-16823
No
Security Update
5.70-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19476-16823
CBL-Mariner Releases
1.0
2022-01-19T00:00:00
<p>Information published.</p>
Docker daemon crash during image pull of malicious image
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2021-21285
Improper Check for Unusual or Exceptional Conditions
19029-16820
19030-16820
16833-16820
19029-16820
19030-16820
16833-16820
Moderate
19029-16820
Moderate
19030-16820
Moderate
16833-16820
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
19029-16820
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
19030-16820
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
16833-16820
CBL-Mariner Releases
19029-16820
19030-16820
16833-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19029-16820
19030-16820
16833-16820
CBL-Mariner Releases
1.0
2021-07-16T00:00:00
<p>Information published.</p>
1.1
2021-07-27T00:00:00
<p>Added moby-engine to CBL-Mariner 1.0</p>
Injection attack in Helm
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2021-21303
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
18994-16820
18995-16823
18994-16820
18995-16823
Moderate
18994-16820
Moderate
18995-16823
6.8
6.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
18994-16820
6.8
6.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
18995-16823
CBL-Mariner Releases
18994-16820
18995-16823
No
Security Update
3.4.1-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18994-16820
18995-16823
CBL-Mariner Releases
1.0
2021-09-27T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added helm to CBL-Mariner 2.0</p>
Web Cache Poisoning
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
snyk
Yes
CVE-2021-23336
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
12651-12137
12652-12137
12653-12137
12654-12137
12655-12137
12656-12137
12657-12137
12658-12137
12633-12137
12634-12137
12635-12137
12636-12137
12637-12137
12638-12137
12639-12137
12640-12137
12641-12137
12642-12137
12659-12138
12660-12138
12661-12138
12662-12138
12663-12138
12664-12138
12665-12138
12666-12138
12643-12138
12644-12138
12645-12138
12646-12138
12647-12138
12648-12138
12639-12138
12640-12138
12649-12138
12650-12138
12651-12137
12652-12137
12653-12137
12654-12137
12655-12137
12656-12137
12657-12137
12658-12137
12633-12137
12634-12137
12635-12137
12636-12137
12637-12137
12638-12137
12639-12137
12640-12137
12641-12137
12642-12137
12659-12138
12660-12138
12661-12138
12662-12138
12663-12138
12664-12138
12665-12138
12666-12138
12643-12138
12644-12138
12645-12138
12646-12138
12647-12138
12648-12138
12639-12138
12640-12138
12649-12138
12650-12138
12651-12137
12652-12137
12653-12137
12654-12137
12655-12137
12656-12137
12657-12137
12658-12137
12633-12137
12634-12137
12635-12137
12636-12137
12637-12137
12638-12137
12639-12137
12640-12137
12641-12137
12642-12137
12659-12138
12660-12138
12661-12138
12662-12138
12663-12138
12664-12138
12665-12138
12666-12138
12643-12138
12644-12138
12645-12138
12646-12138
12647-12138
12648-12138
12639-12138
12640-12138
12649-12138
12650-12138
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12651-12137
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12652-12137
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12653-12137
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12654-12137
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12655-12137
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12656-12137
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12657-12137
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12658-12137
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12633-12137
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12634-12137
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12635-12137
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12636-12137
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12637-12137
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12638-12137
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12639-12137
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12640-12137
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12641-12137
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12642-12137
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12659-12138
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12660-12138
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12661-12138
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12662-12138
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12663-12138
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12664-12138
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12665-12138
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12666-12138
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12643-12138
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12644-12138
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12645-12138
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12646-12138
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12647-12138
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12648-12138
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12639-12138
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12640-12138
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12649-12138
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
12650-12138
CBL-Mariner Releases
12651-12137
12652-12137
12653-12137
12654-12137
12655-12137
12656-12137
12657-12137
12658-12137
12659-12138
12660-12138
12661-12138
12662-12138
12663-12138
12664-12138
12665-12138
12666-12138
No
Security Update
2.7.18-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
12651-12137
12652-12137
12653-12137
12654-12137
12655-12137
12656-12137
12657-12137
12658-12137
12659-12138
12660-12138
12661-12138
12662-12138
12663-12138
12664-12138
12665-12138
12666-12138
CBL-Mariner Releases
CBL-Mariner Releases
12633-12137
12634-12137
12635-12137
12636-12137
12637-12137
12638-12137
12639-12137
12640-12137
12641-12137
12642-12137
12643-12138
12644-12138
12645-12138
12646-12138
12647-12138
12648-12138
12639-12138
12640-12138
12649-12138
12650-12138
No
Security Update
3.7.10-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
12633-12137
12634-12137
12635-12137
12636-12137
12637-12137
12638-12137
12639-12137
12640-12137
12641-12137
12642-12137
12643-12138
12644-12138
12645-12138
12646-12138
12647-12138
12648-12138
12639-12138
12640-12138
12649-12138
12650-12138
CBL-Mariner Releases
8.7
2024-09-26T00:00:00
<p>Information published.</p>
8.9
2024-09-28T00:00:00
<p>Information published.</p>
9.0
2024-09-29T00:00:00
<p>Information published.</p>
10.0
2024-10-09T00:00:00
<p>Information published.</p>
10.6
2024-10-15T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
11.1
2024-10-20T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
11.4
2024-10-23T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
11.5
2024-10-24T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
11.7
2024-10-26T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
12.1
2024-10-30T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
12.5
2024-11-04T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
12.6
2024-11-05T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
12.7
2024-11-06T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
12.9
2024-11-08T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
13.0
2024-11-09T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
13.1
2024-11-10T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
13.2
2024-11-11T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
13.4
2024-11-13T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
13.6
2024-11-15T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
13.7
2024-11-16T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
14.0
2024-11-19T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
14.1
2024-11-20T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
14.4
2024-11-24T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
14.6
2024-11-26T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
14.7
2024-11-27T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
14.9
2024-11-29T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
15.1
2024-12-01T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
15.3
2024-12-03T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
15.6
2024-12-07T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
15.8
2024-12-09T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
16.0
2024-12-11T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
16.5
2024-12-16T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
16.6
2024-12-17T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
16.7
2024-12-18T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
16.8
2024-12-19T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
17.1
2024-12-22T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
17.9
2024-12-30T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
18.2
2025-01-02T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
18.4
2025-01-04T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
18.5
2025-01-05T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
18.6
2025-01-06T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
18.7
2025-01-07T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
18.9
2025-01-09T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
19.3
2025-01-13T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
19.4
2025-01-15T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
19.6
2025-01-17T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
19.7
2025-01-18T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
19.8
2025-01-19T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
19.9
2025-01-20T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
20.1
2025-01-22T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
20.2
2025-01-23T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
20.4
2025-01-25T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
20.5
2025-01-27T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
20.6
2025-01-28T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
20.7
2025-01-29T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
20.8
2025-01-30T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
20.9
2025-02-01T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
21.0
2025-02-02T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
21.1
2025-02-03T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
21.3
2025-02-05T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
21.4
2025-02-07T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
21.5
2025-02-08T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
21.8
2025-02-11T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
21.9
2025-02-12T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
22.0
2025-02-13T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
22.5
2025-02-18T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
22.6
2025-02-19T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
23.0
2025-02-23T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
23.1
2025-02-24T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
23.3
2025-02-26T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
23.5
2025-02-28T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
23.6
2025-03-01T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
23.7
2025-03-02T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
23.8
2025-03-03T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
24.0
2025-03-05T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
24.1
2025-03-06T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
24.2
2025-03-08T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
24.6
2025-03-12T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
24.7
2025-03-13T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
24.8
2025-03-14T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
25.3
2025-03-19T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
25.5
2025-03-21T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
25.6
2025-03-22T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
25.7
2025-03-23T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
26.1
2025-03-27T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
26.2
2025-03-28T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
26.4
2025-03-30T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
26.5
2025-03-31T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
26.6
2025-04-01T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
26.8
2025-04-04T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
27.0
2025-04-06T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
27.2
2025-04-08T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
27.3
2025-04-09T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
27.6
2025-04-13T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
27.8
2025-04-15T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
28.0
2025-04-17T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
28.4
2025-04-21T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
28.5
2025-04-25T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
28.6
2025-04-26T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
28.7
2025-04-28T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
28.8
2025-04-29T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
28.9
2025-04-30T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
29.4
2025-05-05T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
29.5
2025-05-06T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
29.6
2025-05-07T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
29.9
2025-05-10T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
30.0
2025-05-11T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
30.3
2025-05-14T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
30.4
2025-05-15T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
30.5
2025-05-16T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
30.9
2025-05-20T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
31.0
2025-05-21T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
31.3
2025-05-24T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
31.5
2025-05-26T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
1.0
2021-02-27T00:00:00
<p>Information published.</p>
1.6
2024-06-30T07:00:00
<p>Information published.</p>
1.7
2024-07-08T00:00:00
<p>Information published.</p>
1.8
2024-07-09T00:00:00
<p>Information published.</p>
1.9
2024-07-10T00:00:00
<p>Information published.</p>
2.0
2024-07-12T00:00:00
<p>Information published.</p>
2.1
2024-07-13T00:00:00
<p>Information published.</p>
2.2
2024-07-14T00:00:00
<p>Information published.</p>
2.3
2024-07-15T00:00:00
<p>Information published.</p>
2.4
2024-07-16T00:00:00
<p>Information published.</p>
2.5
2024-07-17T00:00:00
<p>Information published.</p>
2.6
2024-07-19T00:00:00
<p>Information published.</p>
2.7
2024-07-20T00:00:00
<p>Information published.</p>
2.8
2024-07-21T00:00:00
<p>Information published.</p>
2.9
2024-07-22T00:00:00
<p>Information published.</p>
3.0
2024-07-23T00:00:00
<p>Information published.</p>
3.1
2024-07-24T00:00:00
<p>Information published.</p>
3.2
2024-07-25T00:00:00
<p>Information published.</p>
3.3
2024-07-26T00:00:00
<p>Information published.</p>
3.4
2024-07-27T00:00:00
<p>Information published.</p>
3.5
2024-07-28T00:00:00
<p>Information published.</p>
3.6
2024-07-29T00:00:00
<p>Information published.</p>
3.7
2024-08-02T00:00:00
<p>Information published.</p>
3.8
2024-08-03T00:00:00
<p>Information published.</p>
3.9
2024-08-04T00:00:00
<p>Information published.</p>
4.0
2024-08-05T00:00:00
<p>Information published.</p>
4.1
2024-08-06T00:00:00
<p>Information published.</p>
4.2
2024-08-07T00:00:00
<p>Information published.</p>
4.3
2024-08-08T00:00:00
<p>Information published.</p>
4.4
2024-08-09T00:00:00
<p>Information published.</p>
4.5
2024-08-10T00:00:00
<p>Information published.</p>
4.6
2024-08-11T00:00:00
<p>Information published.</p>
4.7
2024-08-12T00:00:00
<p>Information published.</p>
4.8
2024-08-15T00:00:00
<p>Information published.</p>
4.9
2024-08-16T00:00:00
<p>Information published.</p>
5.0
2024-08-17T00:00:00
<p>Information published.</p>
5.1
2024-08-18T00:00:00
<p>Information published.</p>
5.2
2024-08-19T00:00:00
<p>Information published.</p>
5.3
2024-08-20T00:00:00
<p>Information published.</p>
5.4
2024-08-21T00:00:00
<p>Information published.</p>
5.5
2024-08-22T00:00:00
<p>Information published.</p>
5.6
2024-08-23T00:00:00
<p>Information published.</p>
5.7
2024-08-24T00:00:00
<p>Information published.</p>
5.8
2024-08-25T00:00:00
<p>Information published.</p>
5.9
2024-08-26T00:00:00
<p>Information published.</p>
6.0
2024-08-27T00:00:00
<p>Information published.</p>
6.1
2024-08-28T00:00:00
<p>Information published.</p>
6.2
2024-08-29T00:00:00
<p>Information published.</p>
6.3
2024-08-30T00:00:00
<p>Information published.</p>
6.4
2024-08-31T00:00:00
<p>Information published.</p>
6.5
2024-09-01T00:00:00
<p>Information published.</p>
6.6
2024-09-02T00:00:00
<p>Information published.</p>
6.7
2024-09-03T00:00:00
<p>Information published.</p>
6.8
2024-09-05T00:00:00
<p>Information published.</p>
6.9
2024-09-06T00:00:00
<p>Information published.</p>
7.0
2024-09-07T00:00:00
<p>Information published.</p>
7.1
2024-09-08T00:00:00
<p>Information published.</p>
7.2
2024-09-11T00:00:00
<p>Information published.</p>
7.3
2024-09-12T00:00:00
<p>Information published.</p>
7.4
2024-09-13T00:00:00
<p>Information published.</p>
7.5
2024-09-14T00:00:00
<p>Information published.</p>
7.6
2024-09-15T00:00:00
<p>Information published.</p>
7.7
2024-09-16T00:00:00
<p>Information published.</p>
7.8
2024-09-17T00:00:00
<p>Information published.</p>
7.9
2024-09-18T00:00:00
<p>Information published.</p>
8.0
2024-09-19T00:00:00
<p>Information published.</p>
8.1
2024-09-20T00:00:00
<p>Information published.</p>
8.2
2024-09-21T00:00:00
<p>Information published.</p>
8.3
2024-09-22T00:00:00
<p>Information published.</p>
8.4
2024-09-23T00:00:00
<p>Information published.</p>
8.5
2024-09-24T00:00:00
<p>Information published.</p>
8.6
2024-09-25T00:00:00
<p>Information published.</p>
8.8
2024-09-27T00:00:00
<p>Information published.</p>
9.1
2024-09-30T00:00:00
<p>Information published.</p>
9.2
2024-10-01T00:00:00
<p>Information published.</p>
9.3
2024-10-02T00:00:00
<p>Information published.</p>
9.4
2024-10-03T00:00:00
<p>Information published.</p>
9.5
2024-10-04T00:00:00
<p>Information published.</p>
9.6
2024-10-05T00:00:00
<p>Information published.</p>
9.7
2024-10-06T00:00:00
<p>Information published.</p>
9.8
2024-10-07T00:00:00
<p>Information published.</p>
9.9
2024-10-08T00:00:00
<p>Information published.</p>
10.1
2024-10-10T00:00:00
<p>Information published.</p>
10.2
2024-10-11T00:00:00
<p>Information published.</p>
10.3
2024-10-12T00:00:00
<p>Information published.</p>
10.4
2024-10-13T00:00:00
<p>Information published.</p>
10.5
2024-10-14T00:00:00
<p>Information published.</p>
10.7
2024-10-16T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
10.8
2024-10-17T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
10.9
2024-10-18T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
11.0
2024-10-19T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
11.2
2024-10-21T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
11.3
2024-10-22T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
11.6
2024-10-25T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
11.8
2024-10-27T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
11.9
2024-10-28T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
12.0
2024-10-29T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
12.2
2024-10-31T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
12.3
2024-11-01T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
12.4
2024-11-02T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
12.8
2024-11-07T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
13.3
2024-11-12T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
13.5
2024-11-14T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
13.8
2024-11-17T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
13.9
2024-11-18T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
14.2
2024-11-21T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
14.3
2024-11-23T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
14.5
2024-11-25T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
14.8
2024-11-28T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
15.0
2024-11-30T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
15.2
2024-12-02T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
15.4
2024-12-04T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
15.5
2024-12-05T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
15.7
2024-12-08T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
15.9
2024-12-10T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
16.1
2024-12-12T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
16.2
2024-12-13T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
16.3
2024-12-14T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
16.4
2024-12-15T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
16.9
2024-12-20T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
17.0
2024-12-21T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
17.2
2024-12-23T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
17.3
2024-12-24T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
17.4
2024-12-25T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
17.5
2024-12-26T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
17.6
2024-12-27T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
17.7
2024-12-28T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
17.8
2024-12-29T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
18.0
2024-12-31T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
18.1
2025-01-01T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
18.3
2025-01-03T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
18.8
2025-01-08T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
19.0
2025-01-10T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
19.1
2025-01-11T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
19.2
2025-01-12T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
19.5
2025-01-16T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
20.0
2025-01-21T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
20.3
2025-01-24T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
21.2
2025-02-04T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
21.6
2025-02-09T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
21.7
2025-02-10T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
22.1
2025-02-14T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
22.2
2025-02-15T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
22.3
2025-02-16T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
22.4
2025-02-17T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
22.7
2025-02-20T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
22.8
2025-02-21T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
22.9
2025-02-22T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
23.2
2025-02-25T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
23.4
2025-02-27T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
23.9
2025-03-04T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
24.3
2025-03-09T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
24.4
2025-03-10T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
24.5
2025-03-11T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
24.9
2025-03-15T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
25.0
2025-03-16T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
25.1
2025-03-17T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
25.2
2025-03-18T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
25.4
2025-03-20T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
25.8
2025-03-24T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
25.9
2025-03-25T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
26.0
2025-03-26T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
26.3
2025-03-29T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
26.7
2025-04-03T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
26.9
2025-04-05T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
27.1
2025-04-07T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
27.4
2025-04-11T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
27.5
2025-04-12T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
27.7
2025-04-14T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
27.9
2025-04-16T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
28.1
2025-04-18T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
28.2
2025-04-19T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
28.3
2025-04-20T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
29.0
2025-05-01T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
29.1
2025-05-02T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
29.2
2025-05-03T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
29.3
2025-05-04T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
29.7
2025-05-08T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
29.8
2025-05-09T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
30.1
2025-05-12T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
30.2
2025-05-13T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
30.6
2025-05-17T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
30.7
2025-05-18T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
30.8
2025-05-19T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
31.1
2025-05-22T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
31.2
2025-05-23T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
31.4
2025-05-25T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
31.6
2025-05-27T00:00:00
<p>Added python2 to CBL-Mariner 1.0
Added python3 to CBL-Mariner 1.0</p>
A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2021-26926
Out-of-bounds Read
19070-16823
19070-16823
Important
19070-16823
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
19070-16823
CBL-Mariner Releases
19070-16823
No
Security Update
2.0.32-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19070-16823
CBL-Mariner Releases
1.0
2021-12-16T00:00:00
<p>Information published.</p>
A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2021-26927
NULL Pointer Dereference
19070-16823
19070-16823
Moderate
19070-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
19070-16823
CBL-Mariner Releases
19070-16823
No
Security Update
2.0.32-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19070-16823
CBL-Mariner Releases
1.0
2021-12-16T00:00:00
<p>Information published.</p>
An issue was discovered in the Linux kernel 2.6.39 through 5.10.16 as used in Xen. Block net and SCSI backends consider certain errors a plain bug deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions) it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-26931
Allocation of Resources Without Limits or Throttling
13851-12137
13852-12137
13853-12137
13854-12137
13855-12137
13856-12137
13857-12137
13858-12137
13859-12138
13860-12138
13861-12138
13862-12138
13863-12138
13864-12138
13865-12138
13866-12138
13851-12137
13852-12137
13853-12137
13854-12137
13855-12137
13856-12137
13857-12137
13858-12137
13859-12138
13860-12138
13861-12138
13862-12138
13863-12138
13864-12138
13865-12138
13866-12138
13851-12137
13852-12137
13853-12137
13854-12137
13855-12137
13856-12137
13857-12137
13858-12137
13859-12138
13860-12138
13861-12138
13862-12138
13863-12138
13864-12138
13865-12138
13866-12138
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
13851-12137
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
13852-12137
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
13853-12137
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
13854-12137
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
13855-12137
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
13856-12137
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
13857-12137
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
13858-12137
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
13859-12138
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
13860-12138
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
13861-12138
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
13862-12138
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
13863-12138
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
13864-12138
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
13865-12138
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
13866-12138
CBL-Mariner Releases
13851-12137
13852-12137
13853-12137
13854-12137
13855-12137
13856-12137
13857-12137
13858-12137
13859-12138
13860-12138
13861-12138
13862-12138
13863-12138
13864-12138
13865-12138
13866-12138
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
13851-12137
13852-12137
13853-12137
13854-12137
13855-12137
13856-12137
13857-12137
13858-12137
13859-12138
13860-12138
13861-12138
13862-12138
13863-12138
13864-12138
13865-12138
13866-12138
CBL-Mariner Releases
1.0
2021-02-25T00:00:00
<p>Information published.</p>
An issue was discovered in the Linux kernel 3.2 through 5.10.16 as used by Xen. Grant mapping operations often occur in batch hypercalls where a number of operations are done in a single hypercall the success or failure of each one is reported to the backend driver and the backend driver then loops over the results performing follow-up actions based on the success or failure of each operation. Unfortunately when running in PV mode the Linux backend drivers mishandle this: Some errors are ignored effectively implying their success from the success of related batch elements. In other cases errors resulting from one batch element lead to further batch elements not being inspected and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-26932
13851-12137
13852-12137
13853-12137
13854-12137
13855-12137
13856-12137
13857-12137
13858-12137
13859-12138
13860-12138
13861-12138
13862-12138
13863-12138
13864-12138
13865-12138
13866-12138
13851-12137
13852-12137
13853-12137
13854-12137
13855-12137
13856-12137
13857-12137
13858-12137
13859-12138
13860-12138
13861-12138
13862-12138
13863-12138
13864-12138
13865-12138
13866-12138
13851-12137
13852-12137
13853-12137
13854-12137
13855-12137
13856-12137
13857-12137
13858-12137
13859-12138
13860-12138
13861-12138
13862-12138
13863-12138
13864-12138
13865-12138
13866-12138
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
13851-12137
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
13852-12137
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
13853-12137
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
13854-12137
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
13855-12137
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
13856-12137
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
13857-12137
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
13858-12137
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
13859-12138
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
13860-12138
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
13861-12138
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
13862-12138
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
13863-12138
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
13864-12138
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
13865-12138
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
13866-12138
CBL-Mariner Releases
13851-12137
13852-12137
13853-12137
13854-12137
13855-12137
13856-12137
13857-12137
13858-12137
13859-12138
13860-12138
13861-12138
13862-12138
13863-12138
13864-12138
13865-12138
13866-12138
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
13851-12137
13852-12137
13853-12137
13854-12137
13855-12137
13856-12137
13857-12137
13858-12137
13859-12138
13860-12138
13861-12138
13862-12138
13863-12138
13864-12138
13865-12138
13866-12138
CBL-Mariner Releases
1.0
2021-02-26T00:00:00
<p>Information published.</p>
An issue was discovered in the Linux kernel 4.18 through 5.10.16 as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration but this wasn't stated accordingly in its support status entry.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-26934
13851-12137
13852-12137
13853-12137
13854-12137
13855-12137
13856-12137
13857-12137
13858-12137
13859-12138
13860-12138
13861-12138
13862-12138
13863-12138
13864-12138
13865-12138
13866-12138
13851-12137
13852-12137
13853-12137
13854-12137
13855-12137
13856-12137
13857-12137
13858-12137
13859-12138
13860-12138
13861-12138
13862-12138
13863-12138
13864-12138
13865-12138
13866-12138
13851-12137
13852-12137
13853-12137
13854-12137
13855-12137
13856-12137
13857-12137
13858-12137
13859-12138
13860-12138
13861-12138
13862-12138
13863-12138
13864-12138
13865-12138
13866-12138
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13851-12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13852-12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13853-12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13854-12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13855-12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13856-12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13857-12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13858-12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13859-12138
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13860-12138
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13861-12138
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13862-12138
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13863-12138
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13864-12138
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13865-12138
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13866-12138
CBL-Mariner Releases
13851-12137
13852-12137
13853-12137
13854-12137
13855-12137
13856-12137
13857-12137
13858-12137
13859-12138
13860-12138
13861-12138
13862-12138
13863-12138
13864-12138
13865-12138
13866-12138
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
13851-12137
13852-12137
13853-12137
13854-12137
13855-12137
13856-12137
13857-12137
13858-12137
13859-12138
13860-12138
13861-12138
13862-12138
13863-12138
13864-12138
13865-12138
13866-12138
CBL-Mariner Releases
1.0
2021-02-25T00:00:00
<p>Information published.</p>
In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-27212
Reachable Assertion
13462-12137
13463-12137
13464-12138
13465-12138
13466-12139
13467-12139
13468-12140
13469-12140
13462-12137
13463-12137
13464-12138
13465-12138
13466-12139
13467-12139
13468-12140
13469-12140
13462-12137
13463-12137
13464-12138
13465-12138
13466-12139
13467-12139
13468-12140
13469-12140
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
13462-12137
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
13463-12137
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
13464-12138
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
13465-12138
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
13466-12139
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
13467-12139
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
13468-12140
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
13469-12140
CBL-Mariner Releases
13462-12137
13463-12137
13464-12138
13465-12138
No
Security Update
2.4.57-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
13462-12137
13463-12137
13464-12138
13465-12138
CBL-Mariner Releases
CBL-Mariner Releases
13466-12139
13467-12139
13468-12140
13469-12140
No
Security Update
2.4.57-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
13466-12139
13467-12139
13468-12140
13469-12140
CBL-Mariner Releases
1.0
2021-02-24T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added openldap to CBL-Mariner 2.0</p>
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform the length would be truncated modulo 2**32 causing unintended length truncation.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-27218
Incorrect Conversion between Numeric Types
16998-16823
16998-16823
Important
16998-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
16998-16823
CBL-Mariner Releases
16998-16823
No
Security Update
2.60.1-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16998-16823
CBL-Mariner Releases
1.0
2021-02-25T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added glib to CBL-Mariner 2.0</p>
An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because read_u32_into and read_u64_into mishandle certain buffer-length checks a random number generator may be seeded with too little data.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-27378
Incorrect Calculation of Buffer Size
19743-17084
18817-17084
19693-17084
19743-17084
18817-17084
19693-17084
Critical
19743-17084
Critical
18817-17084
Critical
19693-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19743-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18817-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19693-17084
CBL-Mariner Releases
19743-17084
18817-17084
No
Security Update
2.58.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19743-17084
18817-17084
CBL-Mariner Releases
1.1
2026-02-18T14:32:42
<p>Information published.</p>
1.0
2024-06-30T07:00:00
<p>Information published.</p>
nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup aka CID-b98e762e3d71.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-3348
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
13851-12137
13852-12137
13853-12137
13854-12137
13855-12137
13856-12137
13857-12137
13858-12137
13859-12138
13860-12138
13861-12138
13862-12138
13863-12138
13864-12138
13865-12138
13866-12138
13851-12137
13852-12137
13853-12137
13854-12137
13855-12137
13856-12137
13857-12137
13858-12137
13859-12138
13860-12138
13861-12138
13862-12138
13863-12138
13864-12138
13865-12138
13866-12138
13851-12137
13852-12137
13853-12137
13854-12137
13855-12137
13856-12137
13857-12137
13858-12137
13859-12138
13860-12138
13861-12138
13862-12138
13863-12138
13864-12138
13865-12138
13866-12138
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
13851-12137
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
13852-12137
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
13853-12137
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
13854-12137
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
13855-12137
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
13856-12137
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
13857-12137
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
13858-12137
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
13859-12138
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
13860-12138
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
13861-12138
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
13862-12138
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
13863-12138
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
13864-12138
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
13865-12138
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
13866-12138
CBL-Mariner Releases
13851-12137
13852-12137
13853-12137
13854-12137
13855-12137
13856-12137
13857-12137
13858-12137
13859-12138
13860-12138
13861-12138
13862-12138
13863-12138
13864-12138
13865-12138
13866-12138
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
13851-12137
13852-12137
13853-12137
13854-12137
13855-12137
13856-12137
13857-12137
13858-12137
13859-12138
13860-12138
13861-12138
13862-12138
13863-12138
13864-12138
13865-12138
13866-12138
CBL-Mariner Releases
1.0
2021-02-06T00:00:00
<p>Information published.</p>
Unprivileged overlay + shiftfs read access
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
canonical
Yes
CVE-2020-16120
Incorrect Privilege Assignment
16919-16820
16920-16823
16919-16820
16920-16823
Moderate
16919-16820
Moderate
16920-16823
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
16919-16820
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
16920-16823
CBL-Mariner Releases
16919-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16919-16820
CBL-Mariner Releases
CBL-Mariner Releases
16920-16823
No
Security Update
5.10.78.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16920-16823
CBL-Mariner Releases
1.0
2021-02-19T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added kernel to CBL-Mariner 2.0</p>
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier when processing invalid multi-byte input sequences in IBM1364 IBM1371 IBM1388 IBM1390 and IBM1399 encodings fails to advance the input state which could lead to an infinite loop in applications resulting in a denial of service a different vulnerability from CVE-2016-10228.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2020-27618
Loop with Unreachable Exit Condition ('Infinite Loop')
19132-16820
19132-16820
Moderate
19132-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19132-16820
CBL-Mariner Releases
19132-16820
No
Security Update
2.28-18
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19132-16820
CBL-Mariner Releases
1.0
2021-03-05T00:00:00
<p>Information published.</p>
A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection when using BT_SNDMTU/BT_RCVMTU for SCO sockets. This could allow a local attacker with a special user privilege to crash the system (DOS) or leak kernel internal information.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2020-35499
NULL Pointer Dereference
16919-16820
16920-16823
16919-16820
16920-16823
Moderate
16919-16820
Moderate
16920-16823
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
16919-16820
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
16920-16823
CBL-Mariner Releases
16919-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16919-16820
CBL-Mariner Releases
CBL-Mariner Releases
16920-16823
No
Security Update
5.10.78.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16920-16823
CBL-Mariner Releases
1.0
2021-02-26T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added kernel to CBL-Mariner 2.0</p>
In the cryptography package before 3.3.2 for Python certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow as demonstrated by the Fernet class.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2020-36242
Out-of-bounds Write
19135-16820
19135-16820
Critical
19135-16820
9.1
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
19135-16820
CBL-Mariner Releases
19135-16820
No
Security Update
3.3.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19135-16820
CBL-Mariner Releases
1.0
2021-02-10T00:00:00
<p>Information published.</p>
Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
elastic
Yes
CVE-2020-7021
Insertion of Sensitive Information into Log File
18957-16820
18957-16820
Moderate
18957-16820
4.9
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
18957-16820
CBL-Mariner Releases
18957-16820
No
Security Update
8.2.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18957-16820
CBL-Mariner Releases
1.0
2021-12-01T00:00:00
<p>Information published.</p>
Local privilege escalation to root due to insecure tmp file usage
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
suse
Yes
CVE-2020-8032
Insecure Temporary File
17039-16820
17040-16823
17039-16820
17040-16823
Important
17039-16820
Important
17040-16823
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
17039-16820
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
17040-16823
CBL-Mariner Releases
17039-16820
No
Security Update
2.1.27-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17039-16820
CBL-Mariner Releases
CBL-Mariner Releases
17040-16823
No
Security Update
2.1.27-10
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17040-16823
CBL-Mariner Releases
1.0
2021-03-04T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added cyrus-sasl to CBL-Mariner 2.0</p>
A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
isc
Yes
CVE-2020-8625
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
19133-16820
19133-16820
Important
19133-16820
8.1
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
19133-16820
CBL-Mariner Releases
19133-16820
No
Security Update
9.16.3-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19133-16820
CBL-Mariner Releases
1.0
2021-02-27T00:00:00
<p>Information published.</p>
FILTER_VALIDATE_URL accepts URLs with invalid userinfo
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
php
Yes
CVE-2020-7071
Improper Input Validation
16917-16823
16917-16823
Moderate
16917-16823
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
16917-16823
CBL-Mariner Releases
16917-16823
No
Security Update
7.4.14-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16917-16823
CBL-Mariner Releases
1.0
2025-10-01T23:11:07
<p>Information published.</p>
Null Dereference in SoapClient
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
php
Yes
CVE-2021-21702
NULL Pointer Dereference
19641-16823
19641-16823
Important
19641-16823
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
19641-16823
CBL-Mariner Releases
19641-16823
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19641-16823
CBL-Mariner Releases
1.0
2025-10-01T23:11:07
<p>Information published.</p>
Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-27367
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
19642-16823
19642-16823
Important
19642-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
19642-16823
CBL-Mariner Releases
19642-16823
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19642-16823
CBL-Mariner Releases
1.0
2025-10-01T23:11:09
<p>Information published.</p>
Integer overflow in CipherUpdate
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
openssl
Yes
CVE-2021-23840
Integer Overflow or Wraparound
17012-17084
19079-17084
17013-17084
17012-17084
19079-17084
17013-17084
Important
17012-17084
Important
19079-17084
Important
17013-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17012-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19079-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17013-17084
CBL-Mariner Releases
19079-17084
No
Security Update
1.1.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19079-17084
CBL-Mariner Releases
1.0
2025-09-03T20:05:49
<p>Information published.</p>
1.1
2026-02-18T01:19:03
<p>Information published.</p>
Null pointer deref in X509_issuer_and_serial_hash()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
openssl
Yes
CVE-2021-23841
NULL Pointer Dereference
17013-17084
17012-17084
17013-17084
17012-17084
Moderate
17013-17084
Moderate
17012-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
17013-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
17012-17084
CBL-Mariner Releases
17013-17084
17012-17084
No
Security Update
15.8-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17013-17084
17012-17084
CBL-Mariner Releases
1.0
2025-09-03T22:33:59
<p>Information published.</p>
Rootless containers run with Podman receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2021-20199
Origin Validation Error
19477-16823
19477-16823
Moderate
19477-16823
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
19477-16823
CBL-Mariner Releases
19477-16823
No
Security Update
4.1.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19477-16823
CBL-Mariner Releases
1.0
2022-01-19T00:00:00
<p>Information published.</p>
A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2021-20229
Incorrect Authorization
13064-12137
13065-12137
13066-12137
13067-12137
13068-12138
13069-12138
13070-12138
13071-12138
13064-12137
13065-12137
13066-12137
13067-12137
13068-12138
13069-12138
13070-12138
13071-12138
13064-12137
13065-12137
13066-12137
13067-12137
13068-12138
13069-12138
13070-12138
13071-12138
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
13064-12137
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
13065-12137
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
13066-12137
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
13067-12137
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
13068-12138
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
13069-12138
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
13070-12138
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
13071-12138
CBL-Mariner Releases
13064-12137
13065-12137
13066-12137
13067-12137
13068-12138
13069-12138
13070-12138
13071-12138
No
Security Update
12.7-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
13064-12137
13065-12137
13066-12137
13067-12137
13068-12138
13069-12138
13070-12138
13071-12138
CBL-Mariner Releases
1.0
2021-02-27T00:00:00
<p>Information published.</p>
privilege escalation in Moby
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2021-21284
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
19029-16820
19030-16820
16833-16820
19029-16820
19030-16820
16833-16820
Moderate
19029-16820
Moderate
19030-16820
Moderate
16833-16820
6.8
6.8
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
19029-16820
6.8
6.8
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
19030-16820
6.8
6.8
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
16833-16820
CBL-Mariner Releases
19029-16820
19030-16820
16833-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19029-16820
19030-16820
16833-16820
CBL-Mariner Releases
1.0
2021-07-16T00:00:00
<p>Information published.</p>
1.1
2021-07-27T00:00:00
<p>Added moby-engine to CBL-Mariner 1.0</p>
Integer overflow on 32-bit systems
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2021-21309
Integer Overflow or Wraparound
14267-12137
14268-12137
14269-12138
14270-12138
13035-12139
13036-12139
13037-12140
13038-12140
14267-12137
14268-12137
14269-12138
14270-12138
13035-12139
13036-12139
13037-12140
13038-12140
14267-12137
14268-12137
14269-12138
14270-12138
13035-12139
13036-12139
13037-12140
13038-12140
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
14267-12137
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
14268-12137
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
14269-12138
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
14270-12138
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13035-12139
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13036-12139
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13037-12140
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13038-12140
CBL-Mariner Releases
14267-12137
14268-12137
14269-12138
14270-12138
No
Security Update
5.0.5-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
14267-12137
14268-12137
14269-12138
14270-12138
CBL-Mariner Releases
CBL-Mariner Releases
13035-12139
13036-12139
13037-12140
13038-12140
No
Security Update
6.2.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
13035-12139
13036-12139
13037-12140
13038-12140
CBL-Mariner Releases
1.0
2021-03-09T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added redis to CBL-Mariner 2.0</p>
A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-26708
Improper Locking
13851-12137
13852-12137
13853-12137
13854-12137
13855-12137
13856-12137
13857-12137
13858-12137
13859-12138
13860-12138
13861-12138
13862-12138
13863-12138
13864-12138
13865-12138
13866-12138
13851-12137
13852-12137
13853-12137
13854-12137
13855-12137
13856-12137
13857-12137
13858-12137
13859-12138
13860-12138
13861-12138
13862-12138
13863-12138
13864-12138
13865-12138
13866-12138
13851-12137
13852-12137
13853-12137
13854-12137
13855-12137
13856-12137
13857-12137
13858-12137
13859-12138
13860-12138
13861-12138
13862-12138
13863-12138
13864-12138
13865-12138
13866-12138
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
13851-12137
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
13852-12137
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
13853-12137
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
13854-12137
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
13855-12137
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
13856-12137
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
13857-12137
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
13858-12137
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
13859-12138
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
13860-12138
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
13861-12138
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
13862-12138
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
13863-12138
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
13864-12138
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
13865-12138
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
13866-12138
CBL-Mariner Releases
13851-12137
13852-12137
13853-12137
13854-12137
13855-12137
13856-12137
13857-12137
13858-12137
13859-12138
13860-12138
13861-12138
13862-12138
13863-12138
13864-12138
13865-12138
13866-12138
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
13851-12137
13852-12137
13853-12137
13854-12137
13855-12137
13856-12137
13857-12137
13858-12137
13859-12138
13860-12138
13861-12138
13862-12138
13863-12138
13864-12138
13865-12138
13866-12138
CBL-Mariner Releases
1.0
2021-02-11T00:00:00
<p>Information published.</p>
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE) not the upstream Avahi product.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-26720
Improper Link Resolution Before File Access ('Link Following')
17556-17084
16915-16823
19075-17084
17556-17084
16915-16823
19075-17084
Important
17556-17084
Important
16915-16823
Important
19075-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17556-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
16915-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19075-17084
CBL-Mariner Releases
17556-17084
16915-16823
19075-17084
No
Security Update
0.8-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17556-17084
16915-16823
19075-17084
CBL-Mariner Releases
1.2
2026-02-18T14:58:37
<p>Information published.</p>
1.0
2021-12-16T00:00:00
<p>Information published.</p>
1.1
2024-06-30T07:00:00
<p>Information published.</p>
An issue was discovered in the Linux kernel 3.11 through 5.10.16 as used by Xen. To service requests to the PV backend the driver maps grant references provided by the frontend. In this process errors may be encountered. In one case an error encountered earlier might be discarded by later processing resulting in the caller assuming successful mapping and hence subsequent operations trying to access space that wasn't mapped. In another case internal state would be insufficiently updated preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-26930
13851-12137
13852-12137
13853-12137
13854-12137
13855-12137
13856-12137
13857-12137
13858-12137
13859-12138
13860-12138
13861-12138
13862-12138
13863-12138
13864-12138
13865-12138
13866-12138
13851-12137
13852-12137
13853-12137
13854-12137
13855-12137
13856-12137
13857-12137
13858-12137
13859-12138
13860-12138
13861-12138
13862-12138
13863-12138
13864-12138
13865-12138
13866-12138
13851-12137
13852-12137
13853-12137
13854-12137
13855-12137
13856-12137
13857-12137
13858-12137
13859-12138
13860-12138
13861-12138
13862-12138
13863-12138
13864-12138
13865-12138
13866-12138
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13851-12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13852-12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13853-12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13854-12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13855-12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13856-12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13857-12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13858-12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13859-12138
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13860-12138
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13861-12138
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13862-12138
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13863-12138
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13864-12138
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13865-12138
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13866-12138
CBL-Mariner Releases
13851-12137
13852-12137
13853-12137
13854-12137
13855-12137
13856-12137
13857-12137
13858-12137
13859-12138
13860-12138
13861-12138
13862-12138
13863-12138
13864-12138
13865-12138
13866-12138
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
13851-12137
13852-12137
13853-12137
13854-12137
13855-12137
13856-12137
13857-12137
13858-12137
13859-12138
13860-12138
13861-12138
13862-12138
13863-12138
13864-12138
13865-12138
13866-12138
CBL-Mariner Releases
1.0
2021-02-25T00:00:00
<p>Information published.</p>
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-26937
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
18382-16823
18382-16823
Critical
18382-16823
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18382-16823
CBL-Mariner Releases
18382-16823
No
Security Update
4.9.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18382-16823
CBL-Mariner Releases
1.0
2022-01-19T00:00:00
<p>Information published.</p>
xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-27135
19475-16823
19475-16823
Critical
19475-16823
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19475-16823
CBL-Mariner Releases
19475-16823
No
Security Update
372-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19475-16823
CBL-Mariner Releases
1.0
2022-01-19T00:00:00
<p>Information published.</p>
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-27219
Incorrect Conversion between Numeric Types
16998-16823
16998-16823
Important
16998-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
16998-16823
CBL-Mariner Releases
16998-16823
No
Security Update
2.60.1-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16998-16823
CBL-Mariner Releases
1.0
2021-02-25T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added glib to CBL-Mariner 2.0</p>
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code) for an attacker within radio range.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-27803
14257-12137
14258-12137
14259-12138
14260-12138
12863-12139
12864-12139
12865-12140
12866-12140
14257-12137
14258-12137
14259-12138
14260-12138
12863-12139
12864-12139
12865-12140
12866-12140
14257-12137
14258-12137
14259-12138
14260-12138
12863-12139
12864-12139
12865-12140
12866-12140
7.5
7.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
14257-12137
7.5
7.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
14258-12137
7.5
7.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
14259-12138
7.5
7.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
14260-12138
7.5
7.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
12863-12139
7.5
7.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
12864-12139
7.5
7.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
12865-12140
7.5
7.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
12866-12140
CBL-Mariner Releases
14257-12137
14258-12137
14259-12138
14260-12138
No
Security Update
2.9-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
14257-12137
14258-12137
14259-12138
14260-12138
CBL-Mariner Releases
CBL-Mariner Releases
12863-12139
12864-12139
12865-12140
12866-12140
No
Security Update
2.10-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
12863-12139
12864-12139
12865-12140
12866-12140
CBL-Mariner Releases
1.0
2021-03-06T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added wpa_supplicant to CBL-Mariner 2.0</p>
A vulnerability was discovered in the PyYAML library in versions before 5.4 where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2020-14343
Improper Input Validation
19186-16823
19186-16823
Critical
19186-16823
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19186-16823
CBL-Mariner Releases
19186-16823
No
Security Update
5.4.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19186-16823
CBL-Mariner Releases
1.0
2023-11-07T00:00:00
<p>Information published.</p>
Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.4.3.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
intel
Yes
CVE-2020-24455
Missing Initialization of Resource
19112-16820
19113-16823
19112-16820
19113-16823
Moderate
19112-16820
Moderate
19113-16823
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
19112-16820
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
19113-16823
CBL-Mariner Releases
19112-16820
19113-16823
No
Security Update
2.4.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19112-16820
19113-16823
CBL-Mariner Releases
1.0
2021-07-30T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added tpm2-tss to CBL-Mariner 2.0</p>
Regular Expression Denial of Service (ReDoS)
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
snyk
Yes
CVE-2020-28493
Uncontrolled Resource Consumption
19608-17084
19095-16820
16990-17084
19608-17084
19095-16820
16990-17084
Moderate
19608-17084
Moderate
19095-16820
Moderate
16990-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
19608-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
19095-16820
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
16990-17084
CBL-Mariner Releases
19608-17084
16990-17084
No
Security Update
20.14.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19608-17084
16990-17084
CBL-Mariner Releases
CBL-Mariner Releases
19095-16820
No
Security Update
2.11.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19095-16820
CBL-Mariner Releases
1.2
2026-02-18T14:01:45
<p>Information published.</p>
1.0
2022-06-09T00:00:00
<p>Information published.</p>
1.1
2025-04-19T00:00:00
<p>Added nodejs to Azure Linux 3.0
Added python-jinja2 to CBL-Mariner 1.0</p>
A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide potentially causing a denial of service. The highest threat from this vulnerability is to system availability.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2020-35498
Uncontrolled Resource Consumption
19134-16820
19134-16820
Important
19134-16820
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19134-16820
CBL-Mariner Releases
19134-16820
No
Security Update
2.12.0-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19134-16820
CBL-Mariner Releases
1.0
2021-02-18T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2021-3114
https://nvd.nist.gov/vuln/detail/CVE-2021-3114
https://nvd.nist.gov/vuln/detail/CVE-2021-3114
Mariner
cve@mitre.org
CVE-2021-3114
12137
12138
12137
12138
12137
12138
12137
12138
12137
12138
DOS:N/A
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
12137
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
12138
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
12137
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
12138
golang
12137
12138
CBL-Mariner
1.15.13-1
golang
12137
golang-1.15.13-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
1.15.13-1
golang
12138
golang-1.15.13-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
1.15.13-1
1.0
2021-02-03T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2021-3326
https://nvd.nist.gov/vuln/detail/CVE-2021-3326
https://nvd.nist.gov/vuln/detail/CVE-2021-3326
Mariner
cve@mitre.org
CVE-2021-3326
12137
12138
12137
12138
12137
12138
12137
12138
12137
12138
DOS:N/A
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
12137
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
12138
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
12137
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
12138
glibc
12137
12138
CBL-Mariner
2.28-17
glibc
12137
glibc-2.28-17.cm1.x86_64.rpm
0001-01-01T00:00:00
glibc-devel-2.28-17.cm1.x86_64.rpm
0001-01-01T00:00:00
glibc-lang-2.28-17.cm1.x86_64.rpm
0001-01-01T00:00:00
glibc-i18n-2.28-17.cm1.x86_64.rpm
0001-01-01T00:00:00
glibc-iconv-2.28-17.cm1.x86_64.rpm
0001-01-01T00:00:00
glibc-tools-2.28-17.cm1.x86_64.rpm
0001-01-01T00:00:00
glibc-nscd-2.28-17.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
2.28-17
glibc
12138
glibc-2.28-17.cm1.aarch64.rpm
0001-01-01T00:00:00
glibc-devel-2.28-17.cm1.aarch64.rpm
0001-01-01T00:00:00
glibc-lang-2.28-17.cm1.aarch64.rpm
0001-01-01T00:00:00
glibc-i18n-2.28-17.cm1.aarch64.rpm
0001-01-01T00:00:00
glibc-iconv-2.28-17.cm1.aarch64.rpm
0001-01-01T00:00:00
glibc-tools-2.28-17.cm1.aarch64.rpm
0001-01-01T00:00:00
glibc-nscd-2.28-17.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
2.28-17
1.0
2021-02-04T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2021-3347
https://nvd.nist.gov/vuln/detail/CVE-2021-3347
https://nvd.nist.gov/vuln/detail/CVE-2021-3347
Mariner
cve@mitre.org
CVE-2021-3347
12137
12138
12137
12138
12137
12138
12137
12138
12137
12138
DOS:N/A
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12138
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12138
kernel
12137
12138
CBL-Mariner
5.10.57.1-1
kernel
12137
kernel-5.10.57.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.57.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.57.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.57.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.57.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-oprofile-5.10.57.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.57.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.57.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.57.1-1
kernel
12138
kernel-5.10.57.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.57.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.57.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.57.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.57.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.57.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.10.57.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.57.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.57.1-1
1.0
2021-02-05T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2020-17380
https://nvd.nist.gov/vuln/detail/CVE-2020-17380
https://nvd.nist.gov/vuln/detail/CVE-2020-17380
Mariner
cve@mitre.org
CVE-2020-17380
12137
12138
12137
12138
12137
12138
12137
12138
12137
12138
DOS:N/A
6.3
6.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
12137
6.3
6.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
12138
6.3
6.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
12137
6.3
6.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
12138
qemu-kvm
12137
12138
CBL-Mariner
4.2.0-25
qemu-kvm
12137
qemu-kvm-4.2.0-25.cm1.x86_64.rpm
0001-01-01T00:00:00
qemu-img-4.2.0-25.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
4.2.0-25
qemu-kvm
12138
qemu-kvm-4.2.0-25.cm1.aarch64.rpm
0001-01-01T00:00:00
qemu-img-4.2.0-25.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
4.2.0-25
1.0
2021-02-06T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2020-15358
https://nvd.nist.gov/vuln/detail/CVE-2020-15358
https://nvd.nist.gov/vuln/detail/CVE-2020-15358
Mariner
cve@mitre.org
CVE-2020-15358
12137
12138
12137
12138
12137
12138
12137
12138
12137
12138
DOS:N/A
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12137
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12138
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12137
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12138
mysql
12137
12138
CBL-Mariner
8.0.26-1
mysql
12137
mysql-8.0.26-1.cm1.x86_64.rpm
0001-01-01T00:00:00
mysql-devel-8.0.26-1.cm1.x86_64.rpm
0001-01-01T00:00:00
mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.0.26-1
mysql
12138
mysql-8.0.26-1.cm1.aarch64.rpm
0001-01-01T00:00:00
mysql-devel-8.0.26-1.cm1.aarch64.rpm
0001-01-01T00:00:00
mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.0.26-1
1.0
2021-02-11T00:00:00
<p>Information published.</p>
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio
Microsoft
CVE-2021-1639
11809
11622
11600
11720
11785
Remote Code Execution
11809
Remote Code Execution
11622
Remote Code Execution
11600
Remote Code Execution
11720
Remote Code Execution
11785
Important
11809
Important
11622
Important
11600
Important
11720
Important
11785
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11809
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11622
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11600
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11720
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11785
Release Notes
http://aka.ms/vs/16/release/latest
11809
Maybe
Security Update
Release Notes
https://code.visualstudio.com/Download
11622
Maybe
Security Update
Release Notes
http://aka.ms/vs/15/release/latest
11600
Maybe
Security Update
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.4
11720
Maybe
Security Update
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.7
11785
Maybe
Security Update
<a href="https://daviddworken.com/">David Dworken</a>
1.0
2021-02-09T08:00:00
<p>Information published.</p>
.NET Core and Visual Studio Denial of Service Vulnerability
Developer Tools
Microsoft
CVE-2021-1721
11785
11864
11865
11565
11730
11761
11720
11809
11600
Denial of Service
11785
Denial of Service
11864
Denial of Service
11865
Denial of Service
11565
Denial of Service
11730
Denial of Service
11761
Denial of Service
11720
Denial of Service
11809
Denial of Service
11600
Important
11785
Important
11864
Important
11865
Important
11565
Important
11730
Important
11761
Important
11720
Important
11809
Important
11600
Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
6.5
5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
11785
6.5
5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
11864
6.5
5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
11865
6.5
5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
11565
6.5
5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
11730
6.5
5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
11761
6.5
5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
11720
6.5
5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
11809
6.5
5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
11600
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.7
11785
Maybe
Security Update
Release Notes
https://github.com/PowerShell/PowerShell#get-powershell
11864
11865
Maybe
Security Update
Release Notes
https://dotnet.microsoft.com/download/dotnet-core/2.1
11565
Maybe
Security Update
Release Notes
https://dotnet.microsoft.com/download/dotnet-core/3.1
11730
Maybe
Security Update
Release Notes
https://dotnet.microsoft.com/download/dotnet/5.0
11761
Maybe
Security Update
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.4
11720
Maybe
Security Update
Release Notes
http://aka.ms/vs/16/release/latest
11809
Maybe
Security Update
Release Notes
http://aka.ms/vs/15/release/latest
11600
Maybe
Security Update
1.0
2021-02-09T08:00:00
<p>Information published.</p>
2.0
2021-02-11T08:00:00
<p>Revised the Security Updates table to include PowerShell Core 7.0 and PowerShell Core 7.1 because these version of PowerShell Core are also affected by the vulnerability. See https://github.com/PowerShell/Announcements-Internal/issues/22 for more information.</p>
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
Microsoft Dynamics
Microsoft
CVE-2021-1724
11746
11860
11751
11603
11859
11747
11602
Spoofing
11746
Spoofing
11860
Spoofing
11751
Spoofing
11603
Spoofing
11859
Spoofing
11747
Spoofing
11602
Important
11746
Important
11860
Important
11751
Important
11603
Important
11859
Important
11747
Important
11602
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
6.1
5.5
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C
11746
6.1
5.5
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C
11860
6.1
5.5
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C
11751
6.1
5.5
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C
11603
6.1
5.5
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C
11859
6.1
5.5
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C
11747
6.1
5.5
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C
11602
4602915
https://www.microsoft.com/en-us/download/details.aspx?id=102675
11746
Maybe
Security Update
4602915
https://www.microsoft.com/en-us/download/details.aspx?id=102678
11860
Maybe
Security Update
4602915
https://www.microsoft.com/en-us/download/details.aspx?id=102676
11751
Maybe
Security Update
4602915
https://www.microsoft.com/en-us/download/details.aspx?id=102674
11603
Maybe
Security Update
4602915
https://www.microsoft.com/en-us/download/details.aspx?id=102679
11859
Maybe
Security Update
4602915
https://www.microsoft.com/en-us/download/details.aspx?id=102681
11747
Maybe
Security Update
4602915
https://www.microsoft.com/en-us/download/details.aspx?id=102673
11602
Maybe
Security Update
Piotr Cielas@EY
1.0
2021-02-09T08:00:00
<p>Information published.</p>
System Center Operations Manager Elevation of Privilege Vulnerability
<p><strong>In what instances do I need to install the security update for this vulnerability?</strong></p>
<p>This vulnerability only affects machines that have any of the following System Center 2019 - Operations Manager (SCOM) components installed:</p>
<ul>
<li>Management Server</li>
<li>Microsoft Monitoring Agent</li>
<li>Gateway</li>
</ul>
<p><strong>Is there a prerequisite for installing the security update?</strong></p>
<p>Yes. To apply this update, you must have <a href="https://support.microsoft.com/en-us/topic/update-rollup-2-for-system-center-operations-manager-2019-a45a936d-204b-b92b-da36-2f321f93f08e">Update Rollup 2 for System Center Operations Manager 2019</a> installed. See the <strong>How to obtain Update Rollup 2 for System Center Operations Manager 2019</strong> section for instructions.</p>
<p><strong>Do I need to install the update if I do not have "Enable Service log on" feature enabled?</strong></p>
<p>No. This update is required if “Service Log on” or “Interactive Log on” is enabled for customers on System Center 2019 – Operations Manager.</p>
System Center
Microsoft
CVE-2021-1728
11854
Elevation of Privilege
11854
Important
11854
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11854
4601269
https://support.microsoft.com/help/4601269
11854
Maybe
Security Update
1.0
2021-02-09T08:00:00
<p>Information published.</p>
PFX Encryption Security Feature Bypass Vulnerability
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>When exporting a SID-protected PFX file, keys encrypted using AES are not properly protected. Any SID-protected PFX files using AES for key encryption should be regenerated and exported after this update is installed.</p>
Windows PFX Encryption
Microsoft
CVE-2021-1731
11801
11802
11803
11497
11498
11563
11568
11569
11570
11571
11572
11712
11713
11714
11715
11766
11767
11768
11769
Security Feature Bypass
11801
Security Feature Bypass
11802
Security Feature Bypass
11803
Security Feature Bypass
11497
Security Feature Bypass
11498
Security Feature Bypass
11563
Security Feature Bypass
11568
Security Feature Bypass
11569
Security Feature Bypass
11570
Security Feature Bypass
11571
Security Feature Bypass
11572
Security Feature Bypass
11712
Security Feature Bypass
11713
Security Feature Bypass
11714
Security Feature Bypass
11715
Security Feature Bypass
11766
Security Feature Bypass
11767
Security Feature Bypass
11768
Security Feature Bypass
11769
Important
11801
Important
11802
Important
11803
Important
11497
Important
11498
Important
11563
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11715
Important
11766
Important
11767
Important
11768
Important
11769
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11801
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11802
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11803
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11497
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11498
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11563
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11570
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11712
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11713
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11714
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11715
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11766
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11767
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11768
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11769
4601319
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601319
4598242
11801
11802
11803
11766
11767
11768
11769
Yes
Security Update
4601319
https://support.microsoft.com/help/4601319
11801
11802
11803
11766
11767
11768
11769
4601354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601354
4598245
11497
11498
11563
Yes
Security Update
4601345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601345
4598230
11568
11569
11570
11571
11572
Yes
Security Update
4601345
https://support.microsoft.com/help/4601345
11568
11569
11570
11571
11572
4601315
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601315
4598229
11712
11713
11714
11715
Yes
Security Update
4601315
https://support.microsoft.com/help/4601315
11712
11713
11714
11715
Michael J. Lyons of the Xbox Console OS team
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Windows Win32k Elevation of Privilege Vulnerability
Windows Kernel
Microsoft
CVE-2021-1732
11497
11498
11563
11568
11569
11570
11571
11572
11712
11713
11714
11715
11766
11767
11768
11769
11801
11802
11803
Elevation of Privilege
11497
Elevation of Privilege
11498
Elevation of Privilege
11563
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11712
Elevation of Privilege
11713
Elevation of Privilege
11714
Elevation of Privilege
11715
Elevation of Privilege
11766
Elevation of Privilege
11767
Elevation of Privilege
11768
Elevation of Privilege
11769
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11803
Important
11497
Important
11498
Important
11563
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11715
Important
11766
Important
11767
Important
11768
Important
11769
Important
11801
Important
11802
Important
11803
Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;Older Software Release:Exploitation Detected;DOS:N/A
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11497
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11498
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11563
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11568
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11569
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11570
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11571
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11572
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11712
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11713
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11714
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11715
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11766
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11767
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11768
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11769
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11801
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11802
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11803
4601354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601354
4598245
11497
11498
11563
Yes
Security Update
4601345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601345
4598230
11568
11569
11570
11571
11572
Yes
Security Update
4601345
https://support.microsoft.com/help/4601345
11568
11569
11570
11571
11572
4601315
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601315
4598229
11712
11713
11714
11715
Yes
Security Update
4601315
https://support.microsoft.com/help/4601315
11712
11713
11714
11715
4601319
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601319
4598242
11766
11767
11768
11769
11801
11802
11803
Yes
Security Update
4601319
https://support.microsoft.com/help/4601319
11766
11767
11768
11769
11801
11802
11803
YanZiShuang(<a href="https://twitter.com/madongze">@madongze</a>) of Big CJTeam and Gcow Team
JinQuan, MaDongZe, TuXiaoYi, and LiHao of DBAPPSecurity Co., Ltd
1.0
2021-02-09T08:00:00
<p>Information published.</p>
1.1
2021-04-06T07:00:00
<p>Added acknowledgements. This is an informational change only.</p>
Sysinternals PsExec Elevation of Privilege Vulnerability
<p><strong>What version of PSExec contains the update to resolve this vulnerability?</strong></p>
<p>PsExec v2.32 is not longer affected by this vulneratiblity.</p>
SysInternals
Microsoft
CVE-2021-1733
11853
Elevation of Privilege
11853
Important
11853
Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11853
Release Notes
https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
11853
Maybe
Security Update
David Wells (<a href="https://twitter.com/CE2Wells">@CE2Wells</a>) of Tenable
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Windows Remote Procedure Call Information Disclosure Vulnerability
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p>
Windows Remote Procedure Call
Microsoft
CVE-2021-1734
11801
11802
11803
11497
11498
11563
11568
11569
11570
11571
11572
11712
11713
11714
11715
11766
11767
11768
11769
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Information Disclosure
11801
Information Disclosure
11802
Information Disclosure
11803
Information Disclosure
11497
Information Disclosure
11498
Information Disclosure
11563
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11570
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11712
Information Disclosure
11713
Information Disclosure
11714
Information Disclosure
11715
Information Disclosure
11766
Information Disclosure
11767
Information Disclosure
11768
Information Disclosure
11769
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
10047
Information Disclosure
10048
Information Disclosure
10481
Information Disclosure
10482
Information Disclosure
10484
Information Disclosure
9312
Information Disclosure
10287
Information Disclosure
9318
Information Disclosure
9344
Information Disclosure
10051
Information Disclosure
10049
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11801
Important
11802
Important
11803
Important
11497
Important
11498
Important
11563
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11715
Important
11766
Important
11767
Important
11768
Important
11769
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11801
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11802
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11803
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11497
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11498
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11563
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11570
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11712
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11713
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11714
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11715
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11766
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11767
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11768
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11769
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10047
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10048
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10481
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10482
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10484
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9312
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10287
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9318
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9344
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10051
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10049
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
4601319
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601319
4598242
11801
11802
11803
11766
11767
11768
11769
Yes
Security Update
4601319
https://support.microsoft.com/help/4601319
11801
11802
11803
11766
11767
11768
11769
4601354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601354
4598245
11497
11498
11563
Yes
Security Update
4601345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601345
4598230
11568
11569
11570
11571
11572
Yes
Security Update
4601345
https://support.microsoft.com/help/4601345
11568
11569
11570
11571
11572
4601315
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601315
4598229
11712
11713
11714
11715
Yes
Security Update
4601315
https://support.microsoft.com/help/4601315
11712
11713
11714
11715
4601331
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601331
4598231
10729
10735
Yes
Security Update
4601318
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601318
4598243
10852
10853
10816
10855
Yes
Security Update
4601318
https://support.microsoft.com/help/4601318
10852
10853
10816
10855
4601347
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601347
4598279
10047
10048
10051
10049
;dns.exe;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601347
https://support.microsoft.com/help/4601347
10047
10048
10051
10049
4601363
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601363
10047
10048
10051
10049
;dns.exe;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601363
https://support.microsoft.com/help/4601363
10047
10048
10051
10049
4601384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601384
4598285
10481
10482
10483
10543
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601384
https://support.microsoft.com/help/4601384
10481
10482
10484
10483
10543
4601349
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601349
10481
10482
10483
10543
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601349
https://support.microsoft.com/help/4601349
10481
10482
10483
10543
4601384
4598285
10484
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601360
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601360
4598288
9312
10287
9318
9344
dns.exe;fxssvc.exe;localspl.dll;msi.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;tcpip.sys;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601360
https://support.microsoft.com/help/4601360
9312
10287
9318
9344
4601366
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601366
9312
10287
9318
9344
dns.exe;fxssvc.exe;localspl.dll;msi.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;tcpip.sys;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601366
https://support.microsoft.com/help/4601366
9312
10287
9318
9344
4601348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601348
4598278
10378
10379
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601348
https://support.microsoft.com/help/4601348
10378
10379
4601357
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601357
10378
10379
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601357
https://support.microsoft.com/help/4601357
10378
10379
Yuki Chen
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Windows Win32k Elevation of Privilege Vulnerability
Windows Kernel
Microsoft
CVE-2021-1698
11801
11802
11803
11497
11498
11563
11568
11569
11570
11571
11572
11712
11713
11714
11715
11766
11767
11768
11769
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11803
Elevation of Privilege
11497
Elevation of Privilege
11498
Elevation of Privilege
11563
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11712
Elevation of Privilege
11713
Elevation of Privilege
11714
Elevation of Privilege
11715
Elevation of Privilege
11766
Elevation of Privilege
11767
Elevation of Privilege
11768
Elevation of Privilege
11769
Important
11801
Important
11802
Important
11803
Important
11497
Important
11498
Important
11563
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11715
Important
11766
Important
11767
Important
11768
Important
11769
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11497
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11498
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11563
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11715
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11766
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11767
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11768
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11769
4601319
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601319
4598242
11801
11802
11803
11766
11767
11768
11769
Yes
Security Update
4601319
https://support.microsoft.com/help/4601319
11801
11802
11803
11766
11767
11768
11769
4601354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601354
4598245
11497
11498
11563
Yes
Security Update
4601345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601345
4598230
11568
11569
11570
11571
11572
Yes
Security Update
4601345
https://support.microsoft.com/help/4601345
11568
11569
11570
11571
11572
4601315
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601315
4598229
11712
11713
11714
11715
Yes
Security Update
4601315
https://support.microsoft.com/help/4601315
11712
11713
11714
11715
Jarvis_1oop of Pinduoduo Security Research Lab
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Windows Fax Service Remote Code Execution Vulnerability
<p><strong>In what scenarios is my computer vulnerable?</strong></p>
<p>For Windows 11 and Windows 10 the FAX service is not installed by default. For the vulnerability to be exploitable, the Windows Fax and Scan feature needs to be enabled, and the Fax service needs to be running. Systems that do not have the Fax service running are not vulnerable.</p>
<p><strong>How can I verify whether the Fax service is running?</strong></p>
<ol>
<li>Hold the <strong>Windows key</strong> and press <strong>R</strong> on your keyboard. This will open the Run dialog.</li>
<li>Type <em>services.msc</em> and press <strong>Enter</strong> to open the Services window.</li>
<li>Scroll through the list and locate the <strong>Fax</strong> service.
<ul>
<li>If the Fax service is not listed, Windows Fax and Scan is not enabled and the system is not vulnerable.</li>
<li>If the Fax service is listed but the status is not <em>Running</em>, then the system is not vulnerable at the time, but could be targeted if the service was started. The update should be installed as soon as possible or the Fax service should be removed if not needed.</li>
</ul>
</li>
</ol>
Role: Windows Fax Service
Microsoft
CVE-2021-1722
11497
11498
11563
11568
11569
11570
11571
11572
11712
11713
11714
11715
11766
11767
11768
11769
11801
11802
11803
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11497
Remote Code Execution
11498
Remote Code Execution
11563
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11712
Remote Code Execution
11713
Remote Code Execution
11714
Remote Code Execution
11715
Remote Code Execution
11766
Remote Code Execution
11767
Remote Code Execution
11768
Remote Code Execution
11769
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11803
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10047
Remote Code Execution
10048
Remote Code Execution
10481
Remote Code Execution
10482
Remote Code Execution
10484
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
11497
Critical
11498
Critical
11563
Critical
11568
Critical
11569
Critical
11570
Critical
11571
Critical
11572
Critical
11712
Critical
11713
Critical
11714
Critical
11715
Critical
11766
Critical
11767
Critical
11768
Critical
11769
Critical
11801
Critical
11802
Critical
11803
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
10047
Critical
10048
Critical
10481
Critical
10482
Critical
10484
Critical
9312
Critical
10287
Critical
9318
Critical
9344
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11497
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11498
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11563
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11715
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11766
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11767
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11768
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11769
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
4601354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601354
4598245
11497
11498
11563
Yes
Security Update
4601345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601345
4598230
11568
11569
11570
11571
11572
Yes
Security Update
4601345
https://support.microsoft.com/help/4601345
11568
11569
11570
11571
11572
4601315
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601315
4598229
11712
11713
11714
11715
Yes
Security Update
4601315
https://support.microsoft.com/help/4601315
11712
11713
11714
11715
4601319
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601319
4598242
11766
11767
11768
11769
11801
11802
11803
Yes
Security Update
4601319
https://support.microsoft.com/help/4601319
11766
11767
11768
11769
11801
11802
11803
4601331
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601331
4598231
10729
10735
Yes
Security Update
4601318
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601318
4598243
10852
10853
10816
10855
Yes
Security Update
4601318
https://support.microsoft.com/help/4601318
10852
10853
10816
10855
4601347
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601347
4598279
10047
10048
10051
10049
;dns.exe;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601347
https://support.microsoft.com/help/4601347
10047
10048
10051
10049
4601363
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601363
10047
10048
10051
10049
;dns.exe;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601363
https://support.microsoft.com/help/4601363
10047
10048
10051
10049
4601384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601384
4598285
10481
10482
10483
10543
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601384
https://support.microsoft.com/help/4601384
10481
10482
10484
10483
10543
4601349
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601349
10481
10482
10483
10543
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601349
https://support.microsoft.com/help/4601349
10481
10482
10483
10543
4601384
4598285
10484
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601360
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601360
4598288
9312
10287
9318
9344
dns.exe;fxssvc.exe;localspl.dll;msi.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;tcpip.sys;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601360
https://support.microsoft.com/help/4601360
9312
10287
9318
9344
4601366
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601366
9312
10287
9318
9344
dns.exe;fxssvc.exe;localspl.dll;msi.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;tcpip.sys;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601366
https://support.microsoft.com/help/4601366
9312
10287
9318
9344
4601348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601348
4598278
10378
10379
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601348
https://support.microsoft.com/help/4601348
10378
10379
4601357
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601357
10378
10379
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601357
https://support.microsoft.com/help/4601357
10378
10379
<p>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">workaround</a> might be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as possible even if you plan to leave this workaround in place:</p>
<p><strong>Uninstall the Windows Fax and Scan feature</strong></p>
<ol>
<li>Click <strong>Start</strong>, click <strong>Settings</strong> or <strong>Control Panel</strong> depending on your version of Windows.</li>
<li>For Windows 7 and 8.1, select <strong>Programs</strong>. For Windows 10, select <strong>Apps</strong>.</li>
<li>Select <strong>Turn Windows features on or off</strong> on Windows 7 and 8.1. Select <strong>Optional Features</strong> on Windows 10.</li>
<li>Uncheck the <strong>Windows Fax and Scan</strong> feature.</li>
<li>Restart the computer.</li>
</ol>
<p><strong>Impact of Workaround</strong></p>
<p>Removing the Windows Fax and Scan service will prevent the computer from sending or receiving faxes.</p>
<p><strong>How to undo the workaround</strong></p>
<p>Follow the preceding steps, but check the box next to <strong>Windows Fax and Scan</strong> in step 4.</p>
Xuefeng Li (<a href="https://twitter.com/lxf02942370">@lxf02942370</a>) of <a href="https://www.sangfor.com/">Sangfor</a> & Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>)
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Windows PKU2U Elevation of Privilege Vulnerability
<p><strong>What is PKU2U?</strong></p>
<p>PKU2U is a peer-to-peer authentication protocol. This setting prevents online identities from authenticating to domain-joined systems. Authentication will be centrally managed with Windows user accounts.</p>
<p><strong>How do I know if my servers are exploitable by this vulnerability?</strong></p>
<p>If your servers are not configured to allow the use of PKU2U authentication, they would not be vulnerable. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as possible even if you do not use PKU2U authentication. Please see <a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities">Network security Allow PKU2U authentication requests to this computer to use online identities</a> for more information.</p>
Windows PKU2U
Microsoft
CVE-2021-25195
11801
11802
11803
11497
11498
11563
11568
11569
11570
11571
11572
11712
11713
11714
11715
11766
11767
11768
11769
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11803
Elevation of Privilege
11497
Elevation of Privilege
11498
Elevation of Privilege
11563
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11712
Elevation of Privilege
11713
Elevation of Privilege
11714
Elevation of Privilege
11715
Elevation of Privilege
11766
Elevation of Privilege
11767
Elevation of Privilege
11768
Elevation of Privilege
11769
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11801
Important
11802
Important
11803
Important
11497
Important
11498
Important
11563
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11715
Important
11766
Important
11767
Important
11768
Important
11769
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11497
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11498
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11563
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11715
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11766
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11767
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11768
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11769
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
4601319
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601319
4598242
11801
11802
11803
11766
11767
11768
11769
Yes
Security Update
4601319
https://support.microsoft.com/help/4601319
11801
11802
11803
11766
11767
11768
11769
4601354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601354
4598245
11497
11498
11563
Yes
Security Update
4601345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601345
4598230
11568
11569
11570
11571
11572
Yes
Security Update
4601345
https://support.microsoft.com/help/4601345
11568
11569
11570
11571
11572
4601315
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601315
4598229
11712
11713
11714
11715
Yes
Security Update
4601315
https://support.microsoft.com/help/4601315
11712
11713
11714
11715
4601331
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601331
4598231
10729
10735
Yes
Security Update
4601318
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601318
4598243
10852
10853
10816
10855
Yes
Security Update
4601318
https://support.microsoft.com/help/4601318
10852
10853
10816
10855
4601347
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601347
4598279
10047
10048
10051
10049
;dns.exe;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601347
https://support.microsoft.com/help/4601347
10047
10048
10051
10049
4601363
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601363
10047
10048
10051
10049
;dns.exe;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601363
https://support.microsoft.com/help/4601363
10047
10048
10051
10049
4601384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601384
4598285
10481
10482
10483
10543
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601384
https://support.microsoft.com/help/4601384
10481
10482
10484
10483
10543
4601349
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601349
10481
10482
10483
10543
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601349
https://support.microsoft.com/help/4601349
10481
10482
10483
10543
4601384
4598285
10484
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601348
4598278
10378
10379
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601348
https://support.microsoft.com/help/4601348
10378
10379
4601357
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601357
10378
10379
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601357
https://support.microsoft.com/help/4601357
10378
10379
Maxwell Whitaker of Microsoft’s Security Assurance and Vulnerability Research team
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Microsoft Exchange Server Spoofing Vulnerability
<p><strong>What is the nature of the spoofing?</strong></p>
<p>An authenticated attacker can leak a cert file which results in a CSRF token to be generated.</p>
Microsoft Exchange Server
Microsoft
CVE-2021-24085
11857
11856
11792
11793
Spoofing
11857
Spoofing
11856
Spoofing
11792
Spoofing
11793
Important
11857
Important
11856
Important
11792
Important
11793
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C
11857
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C
11856
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C
11792
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C
11793
4602269
https://www.microsoft.com/download/details.aspx?familyid=1a27365b-3ef6-4755-a2de-9733c1107efc
4593465
11857
Maybe
Security Update
4602269
https://support.microsoft.com/help/4602269
11857
11856
11792
11793
4602269
http://www.microsoft.com/download/details.aspx?familyid=7dd6bd46-9bf2-4b1b-a7ed-69221f8225a9
4593465
11856
11792
Maybe
Security Update
4602269
http://www.microsoft.com/download/details.aspx?familyid=543dff06-10b4-4c99-b8ab-17cecbd95c33
4593465
11793
Maybe
Security Update
Steven Seeley (mr_me) of Source Incite <a href="https://srcincite.io/">Source Incite</a>
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Azure IoT CLI extension Elevation of Privilege Vulnerability
<p><strong>What can an attacker do with this vulnerability?</strong></p>
<p>An elevation of privilege vulnerability exists in the way Azure CLI and Azure IoT CLI extension generates new symmetric keys for encryption, allowing an attacker to predict the randomness of the key. An attacker could derive the keys from the way they are generated and use them to access a user's IoT hub.</p>
<p><strong>How do I know if I need to install the update?</strong></p>
<p>This update addresses the vulnerability by randomizing the key generation within Azure IoT CLI extension.
https://github.com/Azure/azure-iot-cli-extension/pull/279/files
https://docs.microsoft.com/en-us/cli/azure/release-notes-azure-cli?tabs=azure-cli#december-29-2020</p>
<p><strong>Which versions are affected?</strong></p>
<p>IoT extension versions affected are 0.10.2 – 0.10.6
All versions before 2.17.0 in Azure CLI are affected</p>
Azure IoT
Microsoft
CVE-2021-24087
11851
Elevation of Privilege
11851
Important
11851
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11851
Pull Request
https://github.com/Azure/azure-iot-cli-extension/pull/279/files
11851
Maybe
Security Update
Cristian Pop of Azure IoT
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Windows Graphics Component Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p>
Microsoft Graphics Component
Microsoft
CVE-2021-24093
11497
11498
11563
11568
11569
11570
11571
11572
11712
11713
11714
11715
11766
11767
11768
11769
11801
11802
11803
10852
10853
10816
10855
Remote Code Execution
11497
Remote Code Execution
11498
Remote Code Execution
11563
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11712
Remote Code Execution
11713
Remote Code Execution
11714
Remote Code Execution
11715
Remote Code Execution
11766
Remote Code Execution
11767
Remote Code Execution
11768
Remote Code Execution
11769
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11803
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Critical
11497
Critical
11498
Critical
11563
Critical
11568
Critical
11569
Critical
11570
Critical
11571
Critical
11572
Critical
11712
Critical
11713
Critical
11714
Critical
11715
Critical
11766
Critical
11767
Critical
11768
Critical
11769
Critical
11801
Critical
11802
Critical
11803
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11497
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11498
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11563
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11715
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11766
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11767
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11768
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11769
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
4601354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601354
4598245
11497
11498
11563
Yes
Security Update
4601345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601345
4598230
11568
11569
11570
11571
11572
Yes
Security Update
4601345
https://support.microsoft.com/help/4601345
11568
11569
11570
11571
11572
4601315
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601315
4598229
11712
11713
11714
11715
Yes
Security Update
4601315
https://support.microsoft.com/help/4601315
11712
11713
11714
11715
4601319
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601319
4598242
11766
11767
11768
11769
11801
11802
11803
Yes
Security Update
4601319
https://support.microsoft.com/help/4601319
11766
11767
11768
11769
11801
11802
11803
4601318
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601318
4598243
10852
10853
10816
10855
Yes
Security Update
4601318
https://support.microsoft.com/help/4601318
10852
10853
10816
10855
Dominik Röttsches of Google and Mateusz Jurczyk of Google Project Zero
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel
Microsoft
CVE-2021-24096
11568
11569
11570
11571
11572
11766
11767
11768
11769
11801
11802
11803
10852
10853
10816
10855
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11766
Elevation of Privilege
11767
Elevation of Privilege
11768
Elevation of Privilege
11769
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11803
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11766
Important
11767
Important
11768
Important
11769
Important
11801
Important
11802
Important
11803
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11766
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11767
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11768
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11769
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
4601345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601345
4598230
11568
11569
11570
11571
11572
Yes
Security Update
4601345
https://support.microsoft.com/help/4601345
11568
11569
11570
11571
11572
4601319
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601319
4598242
11766
11767
11768
11769
11801
11802
11803
Yes
Security Update
4601319
https://support.microsoft.com/help/4601319
11766
11767
11768
11769
11801
11802
11803
4601318
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601318
4598243
10852
10853
10816
10855
Yes
Security Update
4601318
https://support.microsoft.com/help/4601318
10852
10853
10816
10855
James Forshaw of Google Project Zero
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Microsoft Edge for Android Information Disclosure Vulnerability
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>This vulnerability discloses personally identifiable information and payment information of a user.</p>
Microsoft Edge for Android
Microsoft
CVE-2021-24100
11815
Information Disclosure
11815
Important
11815
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
5.0
4.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
11815
<a href="https://www.linkedin.com/in/kirtikumar-anandrao-ramchandani-ba949b153">Kirtikumar Anandrao Ramchandani</a>
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Microsoft Dataverse Information Disclosure Vulnerability
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>This vulnerability discloses data stored in the underlying datasets in Dataverse, that could include Personal Identifiable Information.</p>
Microsoft Dynamics
Microsoft
CVE-2021-24101
11663
11664
Information Disclosure
11663
Information Disclosure
11664
Important
11663
Important
11664
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
6.5
5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
11663
6.5
5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
11664
4595463
https://www.microsoft.com/en-us/download/details.aspx?id=102598
11663
Maybe
Security Update
4595460
https://www.microsoft.com/en-us/download/details.aspx?id=102586
11664
Maybe
Security Update
<a href="https://www.prodwaregroup.com/es-es/">Prodware</a>
1.0
2021-02-09T08:00:00
<p>Information published.</p>
.NET Core Remote Code Execution Vulnerability
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>When a .NET application utilizing libgdiplus on a non-Windows system accepts input, an attacker could send a specially crafted request that could result in remote code execution.</p>
<p><strong>Does this vulnerability affect applications running on Windows?</strong></p>
<p>No, Windows utilizes GDI+ to process these requests, and is not affected by this vulnerability.</p>
.NET Core
Microsoft
CVE-2021-24112
11874
11875
11565
11730
11761
Remote Code Execution
11874
Remote Code Execution
11875
Remote Code Execution
11565
Remote Code Execution
11730
Remote Code Execution
11761
Critical
11874
Critical
11875
Critical
11565
Critical
11730
Critical
11761
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11874
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11875
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11565
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11730
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11761
Release Notes
https://visualstudio.microsoft.com/vs/mac/
11874
Maybe
Security Update
Release Notes
https://www.mono-project.com/download/stable/
11875
Maybe
Security Update
Release Notes
https://dotnet.microsoft.com/download/dotnet-core/2.1
11565
Maybe
Security Update
Release Notes
https://dotnet.microsoft.com/download/dotnet-core/3.1
11730
Maybe
Security Update
Release Notes
https://dotnet.microsoft.com/download/dotnet/5.0
11761
Maybe
Security Update
1.0
2021-02-09T08:00:00
<p>Information published.</p>
2.0
2021-02-24T08:00:00
<p>In the Security Updates table, added Visual Studio 2019 for Mac and Mono 6.12.0 because they are also affected by CVE-2021-24112. Microsoft recommends that customers running either of these products install the updates to be fully protected from the vulnerability.</p>
Chromium CVE-2021-21148: Heap buffer overflow in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>This CVE has been reported to be exploited in the wild.</strong></p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>88.0.705.63</td>
<td>2/5/2021</td>
<td>88.0.4324.150</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
CVE-2021-21148
11655
11655
11655
DOS:N/A
1.0
2021-02-05T08:00:00
<p>Information published.</p>
Visual Studio Code npm-script Extension Remote Code Execution Vulnerability
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>To exploit this vulnerability, an attacker would need to convince a targeted user to clone a malicious repository. Attacker-specified code would execute once the targeted user viewed contents of the repository in Visual Studio Code.</p>
Visual Studio Code
Microsoft
CVE-2021-26700
11861
Remote Code Execution
11861
Important
11861
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11861
Release Notes
https://marketplace.visualstudio.com/items?itemName=eg2.vscode-npm-script
11861
Maybe
Security Update
Jack Adamson (<a href="https://twitter.com/jadamson08">@jadamson08</a>)
1.0
2021-02-09T08:00:00
<p>Information published.</p>
1.1
2021-02-16T08:00:00
<p>Corrected Article links in the Security Updates table. This is an informational change only.</p>
.NET Core Remote Code Execution Vulnerability
<p><strong>Is Visual Studio affected by this vulnerability?</strong></p>
<p>Visual Studio contains the binaries for .NET, but Visual Studio is not vulnerable to this issue. The update is offered to include the .NET files so any future applications built in Visual Studio which include .NET functionality will be protected from this issue.</p>
.NET Core
Microsoft
CVE-2021-26701
11565
11730
11761
11720
11600
11785
11874
11871
11872
11864
11865
Remote Code Execution
11565
Remote Code Execution
11730
Remote Code Execution
11761
Remote Code Execution
11720
Remote Code Execution
11600
Remote Code Execution
11785
Remote Code Execution
11874
Remote Code Execution
11871
Remote Code Execution
11872
Remote Code Execution
11864
Remote Code Execution
11865
Critical
11565
Critical
11730
Critical
11761
Critical
11720
Critical
11600
Critical
11785
Critical
11874
Critical
11871
Critical
11872
Critical
11864
Critical
11865
Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11565
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11730
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11761
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11720
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11600
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11785
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11874
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11871
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11872
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11864
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11865
Release Notes
https://dotnet.microsoft.com/download/dotnet-core/2.1
11565
Maybe
Security Update
Release Notes
https://dotnet.microsoft.com/download/dotnet-core/3.1
11730
Maybe
Security Update
Release Notes
https://dotnet.microsoft.com/download/dotnet/5.0
11761
Maybe
Security Update
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.4
11720
Maybe
Security Update
Release Notes
http://aka.ms/vs/15/release/latest
11600
Maybe
Security Update
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.7
11785
Maybe
Security Update
Release Notes
https://visualstudio.microsoft.com/vs/mac/
11874
Maybe
Security Update
Release Notes
http://aka.ms/vs/16/release/latest
11871
11872
Maybe
Security Update
Release Notes
https://github.com/PowerShell/PowerShell#get-powershell
11864
11865
Maybe
Security Update
1.0
2021-02-09T08:00:00
<p>Information published.</p>
3.0
2021-03-12T08:00:00
<p>Revised the Security Updates table to include PowerShell Core 7.0 and PowerShell Core 7.1 because these versions of PowerShell Core are also affected by this vulnerability. See https://github.com/PowerShell/Announcements-Internal/issues/23 for more information. Added Visual Studio 2019 for Mac to the Security Updates table as it is also affected by this vulnerability.</p>
1.1
2021-03-09T08:00:00
<p>In the Security Updates table, added links to the Release Notes. This is an informational change only.</p>
2.0
2021-03-09T08:00:00
<p>In the Security Updates table, added Visual Studio 2019 versions 16.9, 16.8, 16.7, and 16.4 and Visual Studio 2017 version 15.9. Visual Studio contains the binaries for .NET, but Visual Studio is not vulnerable to this issue. The update is offered to include the .NET files so any future applications built in Visual Studio which include .NET functionality will be protected from this issue.</p>
Microsoft Teams iOS Information Disclosure Vulnerability
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>This vulnerability exposes the Skype token value in the preview URL for images in Teams iOS app.</p>
<p><strong>How do I get the update for Microsoft Teams for iOS?</strong></p>
<ol>
<li>Tap the <strong>Settings</strong> icon</li>
<li>Tap the** iTunes & App Store**</li>
<li>Turn on AUTOMATIC DOWNLOADS for Apps</li>
</ol>
<p><strong>Alternatively</strong></p>
<ol>
<li>Tap the** App Store** icon</li>
<li>Scroll down to find Microsoft Teams</li>
<li>Tap the <strong>Update</strong> button</li>
</ol>
Microsoft Teams
Microsoft
CVE-2021-24114
11858
Information Disclosure
11858
Important
11858
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
5.7
5.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11858
Release Notes
https://apps.apple.com/us/app/microsoft-teams/id1113153706
11858
Maybe
Security Update
Numan TÜRLE of <a href="https://gaissecurity.com">Gais Security</a>
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Chromium CVE-2021-21149: Stack overflow in Data Transfer
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>88.0.705.74</td>
<td>2/17/2021</td>
<td>88.0.4324.182</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
CVE-2021-21149
11655
11655
11655
DOS:N/A
1.0
2021-02-17T23:28:22
<p>Information published.</p>
Chromium: CVE-2021-21150 Use after free in Downloads
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>88.0.705.74</td>
<td>2/17/2021</td>
<td>88.0.4324.182</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
CVE-2021-21150
11655
11655
11655
DOS:N/A
1.0
2021-02-17T23:31:00
<p>Information published.</p>
Chromium: CVE-2021-21151 Use after free in Payments
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>88.0.705.74</td>
<td>2/17/2021</td>
<td>88.0.4324.182</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
CVE-2021-21151
11655
11655
11655
DOS:N/A
1.0
2021-02-17T23:33:03
<p>Information published.</p>
Chromium: CVE-2021-21152 Heap buffer overflow in Media
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>88.0.705.74</td>
<td>2/17/2021</td>
<td>88.0.4324.182</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
CVE-2021-21152
11655
11655
11655
DOS:N/A
1.0
2021-02-17T23:35:53
<p>Information published.</p>
Chromium: CVE-2021-21153 Stack overflow in GPU Process
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>88.0.705.74</td>
<td>2/17/2021</td>
<td>88.0.4324.182</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
CVE-2021-21153
11655
11655
11655
DOS:N/A
1.0
2021-02-17T23:37:45
<p>Information published.</p>
Chromium: CVE-2021-21154 Heap buffer overflow in Tab Strip
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>88.0.705.74</td>
<td>2/17/2021</td>
<td>88.0.4324.182</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
CVE-2021-21154
11655
11655
11655
DOS:N/A
1.0
2021-02-17T23:40:38
<p>Information published.</p>
Chromium CVE-2021-21155: Heap buffer overflow in Tab Strip
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>88.0.705.74</td>
<td>2/17/2021</td>
<td>88.0.4324.182</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
CVE-2021-21155
11655
11655
11655
DOS:N/A
1.0
2021-02-17T23:44:12
<p>Information published.</p>
Chromium CVE-2021-21156: Heap buffer overflow in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>88.0.705.74</td>
<td>2/17/2021</td>
<td>88.0.4324.182</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
CVE-2021-21156
11655
11655
11655
DOS:N/A
1.0
2021-02-17T23:46:16
<p>Information published.</p>
Chromium CVE-2021-21157: Use after free in Web Sockets
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>88.0.705.74</td>
<td>2/17/2021</td>
<td>88.0.4324.182</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
CVE-2021-21157
11655
11655
11655
DOS:N/A
1.0
2021-02-17T23:48:18
<p>Information published.</p>
Microsoft SharePoint Server Spoofing Vulnerability
<p><strong>What is the nature of the spoofing?</strong></p>
<p>An authenticated attacker could manipulate a SharePoint blog sharing functionality to trigger messaging or a link that appears to be from the SharePoint target site.</p>
Microsoft Office SharePoint
Microsoft
CVE-2021-1726
10950
11585
10505
10612
Spoofing
10950
Spoofing
11585
Spoofing
10505
Spoofing
10612
Important
10950
Important
11585
Important
10505
Important
10612
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10950
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11585
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10505
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10612
4493195
https://www.microsoft.com/download/details.aspx?familyid=fa1649de-dffb-4e32-9459-eb116767610b
4493163
10950
Maybe
Security Update
4493195
https://support.microsoft.com/help/4493195
10950
4493194
https://www.microsoft.com/download/details.aspx?familyid=8d1d0c3f-57e3-45a2-8045-c435d45c1e16
4493162
11585
Maybe
Security Update
4493194
https://support.microsoft.com/help/4493194
11585
4493223
https://www.microsoft.com/download/details.aspx?familyid=5de7e425-27e9-48a8-990d-3e8d0378b40c
4493187
10505
Maybe
Security Update
4493223
https://support.microsoft.com/help/4493223
10505
4493210
https://www.microsoft.com/download/details.aspx?familyid=f407b400-72af-409b-a03c-d638ab6a0fe9
4493175
10612
Maybe
Security Update
4493210
https://support.microsoft.com/help/4493210
10612
Huynh Phuoc Hung, <a href="https://twitter.com/hph0var">@hph0var</a>
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Windows Installer Elevation of Privilege Vulnerability
Windows Installer
Microsoft
CVE-2021-1727
11497
11498
11563
11568
11569
11570
11571
11572
11712
11713
11714
11715
11766
11767
11768
11769
11801
11802
11803
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11497
Elevation of Privilege
11498
Elevation of Privilege
11563
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11712
Elevation of Privilege
11713
Elevation of Privilege
11714
Elevation of Privilege
11715
Elevation of Privilege
11766
Elevation of Privilege
11767
Elevation of Privilege
11768
Elevation of Privilege
11769
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11803
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11497
Important
11498
Important
11563
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11715
Important
11766
Important
11767
Important
11768
Important
11769
Important
11801
Important
11802
Important
11803
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11497
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11498
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11563
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11568
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11569
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11570
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11571
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11572
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11712
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11713
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11714
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11715
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11766
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11767
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11768
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11769
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11801
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11802
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11803
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10729
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10735
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10852
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10853
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10816
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10855
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10047
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10048
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10481
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10482
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10484
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
9312
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10287
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
9318
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
9344
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10051
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10049
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10378
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10379
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10483
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10543
4601354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601354
4598245
11497
11498
11563
Yes
Security Update
4601345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601345
4598230
11568
11569
11570
11571
11572
Yes
Security Update
4601345
https://support.microsoft.com/help/4601345
11568
11569
11570
11571
11572
4601315
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601315
4598229
11712
11713
11714
11715
Yes
Security Update
4601315
https://support.microsoft.com/help/4601315
11712
11713
11714
11715
4601319
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601319
4598242
11766
11767
11768
11769
11801
11802
11803
Yes
Security Update
4601319
https://support.microsoft.com/help/4601319
11766
11767
11768
11769
11801
11802
11803
4601331
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601331
4598231
10729
10735
Yes
Security Update
4601318
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601318
4598243
10852
10853
10816
10855
Yes
Security Update
4601318
https://support.microsoft.com/help/4601318
10852
10853
10816
10855
4601347
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601347
4598279
10047
10048
10051
10049
;dns.exe;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601347
https://support.microsoft.com/help/4601347
10047
10048
10051
10049
4601363
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601363
10047
10048
10051
10049
;dns.exe;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601363
https://support.microsoft.com/help/4601363
10047
10048
10051
10049
4601384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601384
4598285
10481
10482
10483
10543
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601384
https://support.microsoft.com/help/4601384
10481
10482
10484
10483
10543
4601349
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601349
10481
10482
10483
10543
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601349
https://support.microsoft.com/help/4601349
10481
10482
10483
10543
4601384
4598285
10484
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601360
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601360
4598288
9312
10287
9318
9344
dns.exe;fxssvc.exe;localspl.dll;msi.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;tcpip.sys;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601360
https://support.microsoft.com/help/4601360
9312
10287
9318
9344
4601366
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601366
9312
10287
9318
9344
dns.exe;fxssvc.exe;localspl.dll;msi.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;tcpip.sys;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601366
https://support.microsoft.com/help/4601366
9312
10287
9318
9344
4601348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601348
4598278
10378
10379
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601348
https://support.microsoft.com/help/4601348
10378
10379
4601357
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601357
10378
10379
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601357
https://support.microsoft.com/help/4601357
10378
10379
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Microsoft Exchange Server Spoofing Vulnerability
<p>A spoofing vulnerability exists in Microsoft Exchange Server which could result in an attack that would allow a malicious actor to impersonate the user.</p>
<p>This update addresses this vulnerability.</p>
<p>To prevent these types of attacks, Microsoft recommends customers to download inline images from different DNSdomains than the rest of OWA. Please see further instructions in the FAQ to put in place this mitigations.</p>
<p><strong>Why are the updates listed those that were released in September?</strong></p>
<p>This vulnerability was found in the Exchange Server Installer. This type of vulnerability can only be addressed in a complete release as opposed to a cumulative update. We allowed time for customers to move to the September release prior to disclosing the vulnerability.</p>
<p><strong>What are the steps to configure Download Domains to enable the protection from this vulnerability?</strong></p>
<p>Yes, please see <a href="https://learn.microsoft.com/exchange/plan-and-deploy/post-installation-tasks/security-best-practices/exchange-download-domains">Exchange Download Domains</a> for detailed information.</p>
Microsoft Exchange Server
Microsoft
CVE-2021-1730
11792
11793
Spoofing
11792
Spoofing
11793
Important
11792
Important
11793
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
5.4
4.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
11792
5.4
4.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
11793
4571787
https://support.microsoft.com/help/4571787
4577352
11792
Maybe
Security Update
4571787
https://support.microsoft.com/help/4571787
11792
4571788
http://www.microsoft.com/download/details.aspx?FamilyID=42086856-b6eb-4c6c-96cd-1c9d33a07d04
4577352
11793
Maybe
Security Update
4571788
https://support.microsoft.com/help/4571788
11793
Mohamed Sayed of IBM X-Force
1.0
2021-02-09T08:00:00
<p>Information published.</p>
1.1
2021-02-24T08:00:00
<p>Added an FAQ detailing further steps that must be performed to enable the protections from this vulnerability.</p>
1.2
2023-02-02T08:00:00
<p>Updated FAQ information. This is an informational change only.</p>
1.3
2023-11-14T08:00:00
<p>Updated FAQ information. This is an informational change only.</p>
Microsoft SharePoint Remote Code Execution Vulnerability
<p><strong>What is the attack vector for this vulnerability?</strong></p>
<p>In a network-based attack an attacker would need to have the privileges to create a site. By creating a site using specific code, the attacker could execute code remotely on the target server.</p>
Microsoft Office SharePoint
Microsoft
CVE-2021-24066
10950
11585
10505
10612
Remote Code Execution
10950
Remote Code Execution
11585
Remote Code Execution
10505
Remote Code Execution
10612
Important
10950
Important
11585
Important
10505
Important
10612
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10950
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11585
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10505
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10612
4493195
https://www.microsoft.com/download/details.aspx?familyid=fa1649de-dffb-4e32-9459-eb116767610b
4493163
10950
Maybe
Security Update
4493195
https://support.microsoft.com/help/4493195
10950
4493194
https://www.microsoft.com/download/details.aspx?familyid=8d1d0c3f-57e3-45a2-8045-c435d45c1e16
4493162
11585
Maybe
Security Update
4493194
https://support.microsoft.com/help/4493194
11585
4493223
https://www.microsoft.com/download/details.aspx?familyid=5de7e425-27e9-48a8-990d-3e8d0378b40c
4493187
10505
Maybe
Security Update
4493223
https://support.microsoft.com/help/4493223
10505
4493210
https://www.microsoft.com/download/details.aspx?familyid=f407b400-72af-409b-a03c-d638ab6a0fe9
4493175
10612
Maybe
Security Update
4493210
https://support.microsoft.com/help/4493210
10612
Anonymous working with Trend Micro Zero Day Initiative
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>Are the updates for the Microsoft Office 2019 for Mac currently available?</strong></p>
<p>The security update for Microsoft Office 2019 for Mac is not immediately available. The update will be released as soon as possible, and when it is available, customers will be notified via a revision to this CVE information.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p>
Microsoft Office Excel
Microsoft
CVE-2021-24067
10611
10836
11573
11574
11575
11605
11762
11763
10739
10740
10489
10490
10656
10654
10655
Remote Code Execution
10611
Remote Code Execution
10836
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11575
Remote Code Execution
11605
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
10739
Remote Code Execution
10740
Remote Code Execution
10489
Remote Code Execution
10490
Remote Code Execution
10656
Remote Code Execution
10654
Remote Code Execution
10655
Important
10611
Important
10836
Important
11573
Important
11574
Important
11575
Important
11605
Important
11762
Important
11763
Important
10739
Important
10740
Important
10489
Important
10490
Important
10656
Important
10654
Important
10655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10611
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10836
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11575
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11605
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10739
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10740
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10489
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10490
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10656
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10654
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10655
4493204
https://www.microsoft.com/download/details.aspx?familyid=4ccf6910-b383-4903-8d09-aee2e55867cc
4493171
10611
Maybe
Security Update
4493192
https://www.microsoft.com/download/details.aspx?familyid=97b759cd-5e84-4b76-a80b-f8fe9b8d28c2
4493160
10836
11605
Maybe
Security Update
Click to Run
11573
11574
11762
11763
No
Security Update
https://aka.ms/OfficeSecurityReleases
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11575
No
Security Update
4493196
https://www.microsoft.com/download/details.aspx?familyid=c51b24be-3dcf-4cf5-a3c6-7c47c372ab4c
4493165
10739
Maybe
Security Update
4493196
https://www.microsoft.com/download/details.aspx?familyid=afbf3238-c595-4847-83b9-0bfb18d8137c
4493165
10740
Maybe
Security Update
4493222
https://www.microsoft.com/download/details.aspx?familyid=895fb204-cd1f-43b7-a387-0dcdd5623470
4493186
10489
Maybe
Security Update
4493222
https://www.microsoft.com/download/details.aspx?familyid=63dd2507-4787-4424-9afe-574a09943838
4493186
10490
Maybe
Security Update
4493211
4493176
10656
Maybe
Security Update
4493211
https://www.microsoft.com/download/details.aspx?familyid=4e7046d0-2e33-4307-a343-fd551474def3
4493176
10654
Maybe
Security Update
4493211
https://www.microsoft.com/download/details.aspx?familyid=ed8b6ba3-06b5-4665-92c1-f9804f2c3367
4493176
10655
Maybe
Security Update
Anonymous working with Trend Micro Zero Day Initiative
1.0
2021-02-09T08:00:00
<p>Information published.</p>
2.0
2021-02-16T08:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p>
Microsoft Office Excel
Microsoft
CVE-2021-24068
10611
10489
10490
10656
10654
10655
Remote Code Execution
10611
Remote Code Execution
10489
Remote Code Execution
10490
Remote Code Execution
10656
Remote Code Execution
10654
Remote Code Execution
10655
Important
10611
Important
10489
Important
10490
Important
10656
Important
10654
Important
10655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10611
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10489
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10490
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10656
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10654
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10655
4493204
https://www.microsoft.com/download/details.aspx?familyid=4ccf6910-b383-4903-8d09-aee2e55867cc
4493171
10611
Maybe
Security Update
4493222
https://www.microsoft.com/download/details.aspx?familyid=895fb204-cd1f-43b7-a387-0dcdd5623470
4493186
10489
Maybe
Security Update
4493222
https://www.microsoft.com/download/details.aspx?familyid=63dd2507-4787-4424-9afe-574a09943838
4493186
10490
Maybe
Security Update
4493211
4493176
10656
Maybe
Security Update
4493211
https://www.microsoft.com/download/details.aspx?familyid=4e7046d0-2e33-4307-a343-fd551474def3
4493176
10654
Maybe
Security Update
4493211
https://www.microsoft.com/download/details.aspx?familyid=ed8b6ba3-06b5-4665-92c1-f9804f2c3367
4493176
10655
Maybe
Security Update
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>Are the updates for the Microsoft Office 2019 for Mac currently available?</strong></p>
<p>The security update for Microsoft Office 2019 for Mac is not immediately available. The update will be released as soon as possible, and when it is available, customers will be notified via a revision to this CVE information.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p>
Microsoft Office Excel
Microsoft
CVE-2021-24069
10611
10836
11573
11574
11575
11762
11763
10739
10740
10489
10490
10656
10654
10655
Remote Code Execution
10611
Remote Code Execution
10836
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11575
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
10739
Remote Code Execution
10740
Remote Code Execution
10489
Remote Code Execution
10490
Remote Code Execution
10656
Remote Code Execution
10654
Remote Code Execution
10655
Important
10611
Important
10836
Important
11573
Important
11574
Important
11575
Important
11762
Important
11763
Important
10739
Important
10740
Important
10489
Important
10490
Important
10656
Important
10654
Important
10655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10611
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10836
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11575
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10739
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10740
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10489
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10490
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10656
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10654
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10655
4493204
https://www.microsoft.com/download/details.aspx?familyid=4ccf6910-b383-4903-8d09-aee2e55867cc
4493171
10611
Maybe
Security Update
4493192
https://www.microsoft.com/download/details.aspx?familyid=97b759cd-5e84-4b76-a80b-f8fe9b8d28c2
4493160
10836
Maybe
Security Update
Click to Run
11573
11574
11762
11763
No
Security Update
https://aka.ms/OfficeSecurityReleases
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11575
No
Security Update
4493196
https://www.microsoft.com/download/details.aspx?familyid=c51b24be-3dcf-4cf5-a3c6-7c47c372ab4c
4493165
10739
Maybe
Security Update
4493196
https://www.microsoft.com/download/details.aspx?familyid=afbf3238-c595-4847-83b9-0bfb18d8137c
4493165
10740
Maybe
Security Update
4493222
https://www.microsoft.com/download/details.aspx?familyid=895fb204-cd1f-43b7-a387-0dcdd5623470
4493186
10489
Maybe
Security Update
4493222
https://www.microsoft.com/download/details.aspx?familyid=63dd2507-4787-4424-9afe-574a09943838
4493186
10490
Maybe
Security Update
4493211
4493176
10656
Maybe
Security Update
4493211
https://www.microsoft.com/download/details.aspx?familyid=4e7046d0-2e33-4307-a343-fd551474def3
4493176
10654
Maybe
Security Update
4493211
https://www.microsoft.com/download/details.aspx?familyid=ed8b6ba3-06b5-4665-92c1-f9804f2c3367
4493176
10655
Maybe
Security Update
1.0
2021-02-09T08:00:00
<p>Information published.</p>
2.0
2021-02-16T08:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p>
Microsoft Office Excel
Microsoft
CVE-2021-24070
10611
10836
11573
11574
11762
11763
10739
10740
10489
10490
10656
10654
10655
Remote Code Execution
10611
Remote Code Execution
10836
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
10739
Remote Code Execution
10740
Remote Code Execution
10489
Remote Code Execution
10490
Remote Code Execution
10656
Remote Code Execution
10654
Remote Code Execution
10655
Important
10611
Important
10836
Important
11573
Important
11574
Important
11762
Important
11763
Important
10739
Important
10740
Important
10489
Important
10490
Important
10656
Important
10654
Important
10655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10611
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10836
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10739
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10740
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10489
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10490
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10656
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10654
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10655
4493204
https://www.microsoft.com/download/details.aspx?familyid=4ccf6910-b383-4903-8d09-aee2e55867cc
4493171
10611
Maybe
Security Update
4493192
https://www.microsoft.com/download/details.aspx?familyid=97b759cd-5e84-4b76-a80b-f8fe9b8d28c2
4493160
10836
Maybe
Security Update
Click to Run
11573
11574
11762
11763
No
Security Update
https://aka.ms/OfficeSecurityReleases
4493196
https://www.microsoft.com/download/details.aspx?familyid=c51b24be-3dcf-4cf5-a3c6-7c47c372ab4c
4493165
10739
Maybe
Security Update
4493196
https://www.microsoft.com/download/details.aspx?familyid=afbf3238-c595-4847-83b9-0bfb18d8137c
4493165
10740
Maybe
Security Update
4493222
https://www.microsoft.com/download/details.aspx?familyid=895fb204-cd1f-43b7-a387-0dcdd5623470
4493186
10489
Maybe
Security Update
4493222
https://www.microsoft.com/download/details.aspx?familyid=63dd2507-4787-4424-9afe-574a09943838
4493186
10490
Maybe
Security Update
4493211
4493176
10656
Maybe
Security Update
4493211
https://www.microsoft.com/download/details.aspx?familyid=4e7046d0-2e33-4307-a343-fd551474def3
4493176
10654
Maybe
Security Update
4493211
https://www.microsoft.com/download/details.aspx?familyid=ed8b6ba3-06b5-4665-92c1-f9804f2c3367
4493176
10655
Maybe
Security Update
kdot working with Trend Micro’s Zero Day Initiative
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Microsoft SharePoint Information Disclosure Vulnerability
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability relates to SQL table columns that would normally be restricted.</p>
Microsoft Office SharePoint
Microsoft
CVE-2021-24071
10950
11585
10505
10612
Information Disclosure
10950
Information Disclosure
11585
Information Disclosure
10505
Information Disclosure
10612
Important
10950
Important
11585
Important
10505
Important
10612
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
5.3
4.8
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
10950
5.3
4.8
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
11585
5.3
4.8
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
10505
5.3
4.8
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
10612
4493195
https://www.microsoft.com/download/details.aspx?familyid=fa1649de-dffb-4e32-9459-eb116767610b
4493163
10950
Maybe
Security Update
4493195
https://support.microsoft.com/help/4493195
10950
4493194
https://www.microsoft.com/download/details.aspx?familyid=8d1d0c3f-57e3-45a2-8045-c435d45c1e16
4493162
11585
Maybe
Security Update
4493194
https://support.microsoft.com/help/4493194
11585
4493223
https://www.microsoft.com/download/details.aspx?familyid=5de7e425-27e9-48a8-990d-3e8d0378b40c
4493187
10505
Maybe
Security Update
4493223
https://support.microsoft.com/help/4493223
10505
4493210
https://www.microsoft.com/download/details.aspx?familyid=f407b400-72af-409b-a03c-d638ab6a0fe9
4493175
10612
Maybe
Security Update
4493210
https://support.microsoft.com/help/4493210
10612
<a href="https://srcincite.io/">Steven Seeley (mr_me) </a>
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft Office SharePoint
Microsoft
CVE-2021-24072
10950
11585
10612
Remote Code Execution
10950
Remote Code Execution
11585
Remote Code Execution
10612
Important
10950
Important
11585
Important
10612
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10950
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11585
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10612
4493195
https://www.microsoft.com/download/details.aspx?familyid=fa1649de-dffb-4e32-9459-eb116767610b
4493163
10950
Maybe
Security Update
4493195
https://support.microsoft.com/help/4493195
10950
4493194
https://www.microsoft.com/download/details.aspx?familyid=8d1d0c3f-57e3-45a2-8045-c435d45c1e16
4493162
11585
Maybe
Security Update
4493194
https://support.microsoft.com/help/4493194
11585
4493210
https://www.microsoft.com/download/details.aspx?familyid=f407b400-72af-409b-a03c-d638ab6a0fe9
4493175
10612
Maybe
Security Update
4493210
https://support.microsoft.com/help/4493210
10612
Yuhao Weng (<a href="https://twitter.com/cjm00nw">@cjm00nw</a>) & Zhiniang Peng(<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of <a href="https://github.com/SangforLightsLab">Sangfor Lights Lab</a>
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Skype for Business and Lync Spoofing Vulnerability
Skype for Business
Microsoft
CVE-2021-24073
11613
10428
Spoofing
11613
Spoofing
10428
Important
11613
Important
10428
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
6.5
5.9
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
11613
6.5
5.9
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
10428
5000688
https://www.microsoft.com/download/details.aspx?familyid=0d08ed37-106a-456f-a5c6-61df22588bec
11613
Maybe
Security Update
5000688
https://www.microsoft.com/download/details.aspx?familyid=dac7c777-fe8a-45a2-9a82-07a2e15c298f
10428
Maybe
Security Update
Anonymous working with the Responsible Disclosure program of de Volksbank
Amit Avrahamov <a href="https://twitter.com/avr4mit">@avr4mit</a>
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Windows TCP/IP Remote Code Execution Vulnerability
<p><strong>Where can I find more information about this vulnerability?</strong></p>
<p>Please see <a href="https://aka.ms/tcpipvulns">MSRC Blog</a> regarding the TCP/IP vulnerabilities discussed in CVE-2021-24074, CVE-2021-24086, and CVE-2021-24094.</p>
Windows TCP/IP
Microsoft
CVE-2021-24074
11497
11498
11563
11568
11569
11570
11571
11572
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
11712
11713
11714
11715
11766
11767
11768
11769
11801
11802
11803
Remote Code Execution
11497
Remote Code Execution
11498
Remote Code Execution
11563
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10047
Remote Code Execution
10048
Remote Code Execution
10481
Remote Code Execution
10482
Remote Code Execution
10484
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Remote Code Execution
11712
Remote Code Execution
11713
Remote Code Execution
11714
Remote Code Execution
11715
Remote Code Execution
11766
Remote Code Execution
11767
Remote Code Execution
11768
Remote Code Execution
11769
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11803
Critical
11497
Critical
11498
Critical
11563
Critical
11568
Critical
11569
Critical
11570
Critical
11571
Critical
11572
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
10047
Critical
10048
Critical
10481
Critical
10482
Critical
10484
Critical
9312
Critical
10287
Critical
9318
Critical
9344
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Critical
11712
Critical
11713
Critical
11714
Critical
11715
Critical
11766
Critical
11767
Critical
11768
Critical
11769
Critical
11801
Critical
11802
Critical
11803
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11497
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11498
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11563
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11715
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11766
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11767
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11768
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11769
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
4601354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601354
4598245
11497
11498
11563
Yes
Security Update
4601345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601345
4598230
11568
11569
11570
11571
11572
Yes
Security Update
4601345
https://support.microsoft.com/help/4601345
11568
11569
11570
11571
11572
4601331
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601331
4598231
10729
10735
Yes
Security Update
4601318
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601318
4598243
10852
10853
10816
10855
Yes
Security Update
4601318
https://support.microsoft.com/help/4601318
10852
10853
10816
10855
4601347
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601347
4598279
10047
10048
10051
10049
;dns.exe;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601347
https://support.microsoft.com/help/4601347
10047
10048
10051
10049
4601363
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601363
10047
10048
10051
10049
;dns.exe;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601363
https://support.microsoft.com/help/4601363
10047
10048
10051
10049
4601384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601384
4598285
10481
10482
10483
10543
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601384
https://support.microsoft.com/help/4601384
10481
10482
10484
10483
10543
4601349
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601349
10481
10482
10483
10543
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601349
https://support.microsoft.com/help/4601349
10481
10482
10483
10543
4601384
4598285
10484
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601360
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601360
4598288
9312
10287
9318
9344
dns.exe;fxssvc.exe;localspl.dll;msi.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;tcpip.sys;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601360
https://support.microsoft.com/help/4601360
9312
10287
9318
9344
4601366
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601366
9312
10287
9318
9344
dns.exe;fxssvc.exe;localspl.dll;msi.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;tcpip.sys;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601366
https://support.microsoft.com/help/4601366
9312
10287
9318
9344
4601348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601348
4598278
10378
10379
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601348
https://support.microsoft.com/help/4601348
10378
10379
4601357
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601357
10378
10379
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601357
https://support.microsoft.com/help/4601357
10378
10379
4601315
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601315
4598229
11712
11713
11714
11715
Yes
Security Update
4601315
https://support.microsoft.com/help/4601315
11712
11713
11714
11715
4601319
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601319
4598242
11766
11767
11768
11769
11801
11802
11803
Yes
Security Update
4601319
https://support.microsoft.com/help/4601319
11766
11767
11768
11769
11801
11802
11803
<p><strong>1. Set sourceroutingbehavior to "drop"</strong></p>
<p>Use the following command:</p>
<p><code>netsh int ipv4 set global sourceroutingbehavior=drop</code></p>
<p>For more information about ipv4 registry settings see <a href="https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd349797(v=ws.10)#disableipsourcerouting%22">Additional Registry Settings</a></p>
<p><strong>Impact of workaround</strong></p>
<p>IPv4 Source routing is considered insecure and is blocked by default in Windows; however, a system will process the request and return an ICMP message denying the request. The workaround will cause the system to drop these requests altogether without any processing.</p>
<p><strong>How to undo the workaround</strong></p>
<p>To restore to default setting "Dontforward":</p>
<p><code>netsh int ipv4 set global sourceroutingbehavior=dontforward</code></p>
<p><strong>2. Configure firewall or load balancers to disallow source routing requests</strong></p>
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Microsoft Windows VMSwitch Denial of Service Vulnerability
Windows Network File System
Microsoft
CVE-2021-24075
11801
11802
11803
11766
11767
11768
11769
Denial of Service
11801
Denial of Service
11802
Denial of Service
11803
Denial of Service
11766
Denial of Service
11767
Denial of Service
11768
Denial of Service
11769
Important
11801
Important
11802
Important
11803
Important
11766
Important
11767
Important
11768
Important
11769
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
6.8
5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11801
6.8
5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11802
6.8
5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11803
6.8
5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11766
6.8
5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11767
6.8
5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11768
6.8
5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11769
4601319
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601319
4598242
11801
11802
11803
11766
11767
11768
11769
Yes
Security Update
4601319
https://support.microsoft.com/help/4601319
11801
11802
11803
11766
11767
11768
11769
Microsoft Platform Security & Vulnerability Research
Wei
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Microsoft Windows VMSwitch Information Disclosure Vulnerability
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.</p>
Role: Windows Hyper-V
Microsoft
CVE-2021-24076
11498
11569
11571
11572
11713
11715
10735
10853
10816
10855
10482
10378
10379
10483
10543
11803
11768
11769
Information Disclosure
11498
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11713
Information Disclosure
11715
Information Disclosure
10735
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
10482
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Information Disclosure
11803
Information Disclosure
11768
Information Disclosure
11769
Important
11498
Important
11569
Important
11571
Important
11572
Important
11713
Important
11715
Important
10735
Important
10853
Important
10816
Important
10855
Important
10482
Important
10378
Important
10379
Important
10483
Important
10543
Important
11803
Important
11768
Important
11769
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
5.5
5.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
11498
5.5
5.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
11569
5.5
5.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
11571
5.5
5.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
11572
5.5
5.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
11713
5.5
5.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
11715
5.5
5.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
10735
5.5
5.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
10853
5.5
5.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
10816
5.5
5.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
10855
5.5
5.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
10482
5.5
5.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
10378
5.5
5.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
10379
5.5
5.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
10483
5.5
5.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
10543
5.5
5.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
11803
5.5
5.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
11768
5.5
5.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
11769
4601354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601354
4598245
11498
Yes
Security Update
4601345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601345
4598230
11569
11571
11572
Yes
Security Update
4601345
https://support.microsoft.com/help/4601345
11569
11571
11572
4601315
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601315
4598229
11713
11715
Yes
Security Update
4601315
https://support.microsoft.com/help/4601315
11713
11715
4601331
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601331
4598231
10735
Yes
Security Update
4601318
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601318
4598243
10853
10816
10855
Yes
Security Update
4601318
https://support.microsoft.com/help/4601318
10853
10816
10855
4601384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601384
4598285
10482
10483
10543
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601384
https://support.microsoft.com/help/4601384
10482
10483
10543
4601349
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601349
10482
10483
10543
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601349
https://support.microsoft.com/help/4601349
10482
10483
10543
4601348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601348
4598278
10378
10379
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601348
https://support.microsoft.com/help/4601348
10378
10379
4601357
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601357
10378
10379
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601357
https://support.microsoft.com/help/4601357
10378
10379
4601319
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601319
4598242
11803
11768
11769
Yes
Security Update
4601319
https://support.microsoft.com/help/4601319
11803
11768
11769
Microsoft Platform Security & Vulnerability Research
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Windows Fax Service Remote Code Execution Vulnerability
<p><strong>In what scenarios is my computer vulnerable?</strong></p>
<p>For Windows 11 and Windows 10 the FAX service is not installed by default. For the vulnerability to be exploitable, the Windows Fax and Scan feature needs to be enabled, and the Fax service needs to be running. Systems that do not have the Fax service running are not vulnerable.</p>
<p><strong>How can I verify whether the Fax service is running?</strong></p>
<ol>
<li>Hold the <strong>Windows key</strong> and press <strong>R</strong> on your keyboard. This will open the Run dialog.</li>
<li>Type <em>services.msc</em> and press <strong>Enter</strong> to open the Services window.</li>
<li>Scroll through the list and locate the <strong>Fax</strong> service.
<ul>
<li>If the Fax service is not listed, Windows Fax and Scan is not enabled and the system is not vulnerable.</li>
<li>If the Fax service is listed but the status is not <em>Running</em>, then the system is not vulnerable at the time, but could be targeted if the service was started. The update should be installed as soon as possible or the Fax service should be removed if not needed.</li>
</ul>
</li>
</ol>
Role: Windows Fax Service
Microsoft
CVE-2021-24077
11801
11802
11803
11497
11498
11563
11568
11569
11570
11571
11572
11712
11713
11714
11715
11766
11767
11768
11769
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11803
Remote Code Execution
11497
Remote Code Execution
11498
Remote Code Execution
11563
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11712
Remote Code Execution
11713
Remote Code Execution
11714
Remote Code Execution
11715
Remote Code Execution
11766
Remote Code Execution
11767
Remote Code Execution
11768
Remote Code Execution
11769
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10047
Remote Code Execution
10048
Remote Code Execution
10481
Remote Code Execution
10482
Remote Code Execution
10484
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
11801
Critical
11802
Critical
11803
Critical
11497
Critical
11498
Critical
11563
Critical
11568
Critical
11569
Critical
11570
Critical
11571
Critical
11572
Critical
11712
Critical
11713
Critical
11714
Critical
11715
Critical
11766
Critical
11767
Critical
11768
Critical
11769
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
10047
Critical
10048
Critical
10481
Critical
10482
Critical
10484
Critical
9312
Critical
10287
Critical
9318
Critical
9344
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11497
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11498
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11563
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11715
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11766
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11767
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11768
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11769
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
4601319
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601319
4598242
11801
11802
11803
11766
11767
11768
11769
Yes
Security Update
4601319
https://support.microsoft.com/help/4601319
11801
11802
11803
11766
11767
11768
11769
4601354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601354
4598245
11497
11498
11563
Yes
Security Update
4601345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601345
4598230
11568
11569
11570
11571
11572
Yes
Security Update
4601345
https://support.microsoft.com/help/4601345
11568
11569
11570
11571
11572
4601315
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601315
4598229
11712
11713
11714
11715
Yes
Security Update
4601315
https://support.microsoft.com/help/4601315
11712
11713
11714
11715
4601331
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601331
4598231
10729
10735
Yes
Security Update
4601318
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601318
4598243
10852
10853
10816
10855
Yes
Security Update
4601318
https://support.microsoft.com/help/4601318
10852
10853
10816
10855
4601347
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601347
4598279
10047
10048
10051
10049
;dns.exe;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601347
https://support.microsoft.com/help/4601347
10047
10048
10051
10049
4601363
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601363
10047
10048
10051
10049
;dns.exe;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601363
https://support.microsoft.com/help/4601363
10047
10048
10051
10049
4601384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601384
4598285
10481
10482
10483
10543
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601384
https://support.microsoft.com/help/4601384
10481
10482
10484
10483
10543
4601349
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601349
10481
10482
10483
10543
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601349
https://support.microsoft.com/help/4601349
10481
10482
10483
10543
4601384
4598285
10484
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601360
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601360
4598288
9312
10287
9318
9344
dns.exe;fxssvc.exe;localspl.dll;msi.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;tcpip.sys;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601360
https://support.microsoft.com/help/4601360
9312
10287
9318
9344
4601366
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601366
9312
10287
9318
9344
dns.exe;fxssvc.exe;localspl.dll;msi.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;tcpip.sys;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601366
https://support.microsoft.com/help/4601366
9312
10287
9318
9344
4601348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601348
4598278
10378
10379
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601348
https://support.microsoft.com/help/4601348
10378
10379
4601357
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601357
10378
10379
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601357
https://support.microsoft.com/help/4601357
10378
10379
<p>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">workaround</a> might be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as possible even if you plan to leave this workaround in place:</p>
<p><strong>Uninstall the Windows Fax and Scan feature</strong></p>
<ol>
<li>Click <strong>Start</strong>, click <strong>Settings</strong> or <strong>Control Panel</strong> depending on your version of Windows.</li>
<li>For Windows 7 and 8.1, select <strong>Programs</strong>. For Windows 10, select <strong>Apps</strong>.</li>
<li>Select <strong>Turn Windows features on or off</strong> on Windows 7 and 8.1. Select <strong>Optional Features</strong> on Windows 10.</li>
<li>Uncheck the <strong>Windows Fax and Scan</strong> feature.</li>
<li>Restart the computer.</li>
</ol>
<p><strong>Impact of Workaround</strong></p>
<p>Removing the Windows Fax and Scan service will prevent the computer from sending or receiving faxes.</p>
<p><strong>How to undo the workaround</strong></p>
<p>Follow the preceding steps, but check the box next to <strong>Windows Fax and Scan</strong> in step 4.</p>
Xuefeng Li (<a href="https://twitter.com/lxf02942370">@lxf02942370</a>) of <a href="https://www.sangfor.com/">Sangfor</a> & Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>)
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Windows DNS Server Remote Code Execution Vulnerability
<p><strong>If my server is not configured to be a DNS server, it is vulnerable?</strong></p>
<p>No, this vulnerability is only exploitable if the server is configured to be a DNS server.</p>
Role: DNS Server
Microsoft
CVE-2021-24078
11571
11572
11715
11769
11803
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11715
Remote Code Execution
11769
Remote Code Execution
11803
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
11571
Critical
11572
Critical
11715
Critical
11769
Critical
11803
Critical
10816
Critical
10855
Critical
9312
Critical
10287
Critical
9318
Critical
9344
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11715
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11769
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
4601345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601345
4598230
11571
11572
Yes
Security Update
4601345
https://support.microsoft.com/help/4601345
11571
11572
4601315
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601315
4598229
11715
Yes
Security Update
4601315
https://support.microsoft.com/help/4601315
11715
4601319
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601319
4598242
11769
11803
Yes
Security Update
4601319
https://support.microsoft.com/help/4601319
11769
11803
4601318
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601318
4598243
10816
10855
Yes
Security Update
4601318
https://support.microsoft.com/help/4601318
10816
10855
4601360
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601360
4598288
9312
10287
9318
9344
dns.exe;fxssvc.exe;localspl.dll;msi.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;tcpip.sys;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601360
https://support.microsoft.com/help/4601360
9312
10287
9318
9344
4601366
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601366
9312
10287
9318
9344
dns.exe;fxssvc.exe;localspl.dll;msi.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;tcpip.sys;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601366
https://support.microsoft.com/help/4601366
9312
10287
9318
9344
4601347
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601347
4598279
10051
10049
;dns.exe;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601347
https://support.microsoft.com/help/4601347
10051
10049
4601363
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601363
10051
10049
;dns.exe;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601363
https://support.microsoft.com/help/4601363
10051
10049
4601348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601348
4598278
10378
10379
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601348
https://support.microsoft.com/help/4601348
10378
10379
4601357
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601357
10378
10379
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601357
https://support.microsoft.com/help/4601357
10378
10379
4601384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601384
4598285
10483
10543
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601384
https://support.microsoft.com/help/4601384
10483
10543
4601349
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601349
10483
10543
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601349
https://support.microsoft.com/help/4601349
10483
10543
Quan Luo from Codesafe Team of Legendsec at Qi'anxin Group
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Windows Backup Engine Information Disclosure Vulnerability
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.</p>
Windows Backup Engine
Microsoft
CVE-2021-24079
11801
11802
11803
11497
11498
11563
11568
11569
11570
11571
11572
11712
11713
11714
11715
11766
11767
11768
11769
10729
10735
10852
10853
10816
10855
10481
10482
10484
10378
10379
10483
10543
Information Disclosure
11801
Information Disclosure
11802
Information Disclosure
11803
Information Disclosure
11497
Information Disclosure
11498
Information Disclosure
11563
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11570
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11712
Information Disclosure
11713
Information Disclosure
11714
Information Disclosure
11715
Information Disclosure
11766
Information Disclosure
11767
Information Disclosure
11768
Information Disclosure
11769
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
10481
Information Disclosure
10482
Information Disclosure
10484
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11801
Important
11802
Important
11803
Important
11497
Important
11498
Important
11563
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11715
Important
11766
Important
11767
Important
11768
Important
11769
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10481
Important
10482
Important
10484
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11801
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11802
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11803
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11497
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11498
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11563
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11570
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11712
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11713
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11714
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11715
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11766
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11767
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11768
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11769
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10481
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10482
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10484
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
4601319
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601319
4598242
11801
11802
11803
11766
11767
11768
11769
Yes
Security Update
4601319
https://support.microsoft.com/help/4601319
11801
11802
11803
11766
11767
11768
11769
4601354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601354
4598245
11497
11498
11563
Yes
Security Update
4601345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601345
4598230
11568
11569
11570
11571
11572
Yes
Security Update
4601345
https://support.microsoft.com/help/4601345
11568
11569
11570
11571
11572
4601315
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601315
4598229
11712
11713
11714
11715
Yes
Security Update
4601315
https://support.microsoft.com/help/4601315
11712
11713
11714
11715
4601331
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601331
4598231
10729
10735
Yes
Security Update
4601318
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601318
4598243
10852
10853
10816
10855
Yes
Security Update
4601318
https://support.microsoft.com/help/4601318
10852
10853
10816
10855
4601384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601384
4598285
10481
10482
10483
10543
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601384
https://support.microsoft.com/help/4601384
10481
10482
10484
10483
10543
4601349
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601349
10481
10482
10483
10543
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601349
https://support.microsoft.com/help/4601349
10481
10482
10483
10543
4601384
4598285
10484
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601348
4598278
10378
10379
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601348
https://support.microsoft.com/help/4601348
10378
10379
4601357
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601357
10378
10379
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601357
https://support.microsoft.com/help/4601357
10378
10379
khangkito - Tran Van Khang of VinCSS
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Windows Trust Verification API Denial of Service Vulnerability
Windows Trust Verification API
Microsoft
CVE-2021-24080
11801
11802
11803
11497
11498
11563
11568
11569
11570
11571
11572
11712
11713
11714
11715
11766
11767
11768
11769
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Denial of Service
11801
Denial of Service
11802
Denial of Service
11803
Denial of Service
11497
Denial of Service
11498
Denial of Service
11563
Denial of Service
11568
Denial of Service
11569
Denial of Service
11570
Denial of Service
11571
Denial of Service
11572
Denial of Service
11712
Denial of Service
11713
Denial of Service
11714
Denial of Service
11715
Denial of Service
11766
Denial of Service
11767
Denial of Service
11768
Denial of Service
11769
Denial of Service
10729
Denial of Service
10735
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Denial of Service
10047
Denial of Service
10048
Denial of Service
10481
Denial of Service
10482
Denial of Service
10484
Denial of Service
9312
Denial of Service
10287
Denial of Service
9318
Denial of Service
9344
Denial of Service
10051
Denial of Service
10049
Denial of Service
10378
Denial of Service
10379
Denial of Service
10483
Denial of Service
10543
Moderate
11801
Moderate
11802
Moderate
11803
Moderate
11497
Moderate
11498
Moderate
11563
Moderate
11568
Moderate
11569
Moderate
11570
Moderate
11571
Moderate
11572
Moderate
11712
Moderate
11713
Moderate
11714
Moderate
11715
Moderate
11766
Moderate
11767
Moderate
11768
Moderate
11769
Moderate
10729
Moderate
10735
Moderate
10852
Moderate
10853
Moderate
10816
Moderate
10855
Moderate
10047
Moderate
10048
Moderate
10481
Moderate
10482
Moderate
10484
Moderate
9312
Moderate
10287
Moderate
9318
Moderate
9344
Moderate
10051
Moderate
10049
Moderate
10378
Moderate
10379
Moderate
10483
Moderate
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11801
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11802
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11803
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11497
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11498
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11563
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11570
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11712
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11713
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11714
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11715
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11766
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11767
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11768
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11769
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10729
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10735
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10047
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10048
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10481
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10482
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10484
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9312
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10287
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9318
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9344
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10051
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10049
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10378
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10379
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
4601319
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601319
4598242
11801
11802
11803
11766
11767
11768
11769
Yes
Security Update
4601319
https://support.microsoft.com/help/4601319
11801
11802
11803
11766
11767
11768
11769
4601354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601354
4598245
11497
11498
11563
Yes
Security Update
4601345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601345
4598230
11568
11569
11570
11571
11572
Yes
Security Update
4601345
https://support.microsoft.com/help/4601345
11568
11569
11570
11571
11572
4601315
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601315
4598229
11712
11713
11714
11715
Yes
Security Update
4601315
https://support.microsoft.com/help/4601315
11712
11713
11714
11715
4601331
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601331
4598231
10729
10735
Yes
Security Update
4601318
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601318
4598243
10852
10853
10816
10855
Yes
Security Update
4601318
https://support.microsoft.com/help/4601318
10852
10853
10816
10855
4601347
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601347
4598279
10047
10048
10051
10049
;dns.exe;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601347
https://support.microsoft.com/help/4601347
10047
10048
10051
10049
4601363
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601363
10047
10048
10051
10049
;dns.exe;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601363
https://support.microsoft.com/help/4601363
10047
10048
10051
10049
4601384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601384
4598285
10481
10482
10483
10543
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601384
https://support.microsoft.com/help/4601384
10481
10482
10484
10483
10543
4601349
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601349
10481
10482
10483
10543
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601349
https://support.microsoft.com/help/4601349
10481
10482
10483
10543
4601384
4598285
10484
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601360
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601360
4598288
9312
10287
9318
9344
dns.exe;fxssvc.exe;localspl.dll;msi.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;tcpip.sys;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601360
https://support.microsoft.com/help/4601360
9312
10287
9318
9344
4601366
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601366
9312
10287
9318
9344
dns.exe;fxssvc.exe;localspl.dll;msi.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;tcpip.sys;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601366
https://support.microsoft.com/help/4601366
9312
10287
9318
9344
4601348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601348
4598278
10378
10379
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601348
https://support.microsoft.com/help/4601348
10378
10379
4601357
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601357
10378
10379
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601357
https://support.microsoft.com/help/4601357
10378
10379
Symeon Paraschoudis
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Microsoft Windows Codecs Library Remote Code Execution Vulnerability
Microsoft Windows Codecs Library
Microsoft
CVE-2021-24081
11568
11569
11570
11571
11572
11713
11714
11715
11766
11767
11768
11769
11801
11802
11803
10729
10735
10852
10853
10816
10855
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11713
Remote Code Execution
11714
Remote Code Execution
11715
Remote Code Execution
11766
Remote Code Execution
11767
Remote Code Execution
11768
Remote Code Execution
11769
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11803
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Critical
11568
Critical
11569
Critical
11570
Critical
11571
Critical
11572
Critical
11713
Critical
11714
Critical
11715
Critical
11766
Critical
11767
Critical
11768
Critical
11769
Critical
11801
Critical
11802
Critical
11803
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11568
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11569
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11570
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11571
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11572
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11713
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11714
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11715
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11766
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11767
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11768
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11769
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11801
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11802
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11803
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10729
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10735
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10852
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10853
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10816
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10855
4601345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601345
4598230
11568
11569
11570
11571
11572
Yes
Security Update
4601345
https://support.microsoft.com/help/4601345
11568
11569
11570
11571
11572
4601315
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601315
4598229
11713
11714
11715
Yes
Security Update
4601315
https://support.microsoft.com/help/4601315
11713
11714
11715
4601319
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601319
4598242
11766
11767
11768
11769
11801
11802
11803
Yes
Security Update
4601319
https://support.microsoft.com/help/4601319
11766
11767
11768
11769
11801
11802
11803
4601331
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601331
4598231
10729
10735
Yes
Security Update
4601318
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601318
4598243
10852
10853
10816
10855
Yes
Security Update
4601318
https://support.microsoft.com/help/4601318
10852
10853
10816
10855
Hossein Lotfi of Trend Micro Zero Day Initiative
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability
Windows PowerShell
Microsoft
CVE-2021-24082
11497
11498
11563
11568
11569
11570
11571
11572
11712
11713
11714
11715
11766
11767
11768
11769
11801
11802
11803
10852
10853
10816
10855
Security Feature Bypass
11497
Security Feature Bypass
11498
Security Feature Bypass
11563
Security Feature Bypass
11568
Security Feature Bypass
11569
Security Feature Bypass
11570
Security Feature Bypass
11571
Security Feature Bypass
11572
Security Feature Bypass
11712
Security Feature Bypass
11713
Security Feature Bypass
11714
Security Feature Bypass
11715
Security Feature Bypass
11766
Security Feature Bypass
11767
Security Feature Bypass
11768
Security Feature Bypass
11769
Security Feature Bypass
11801
Security Feature Bypass
11802
Security Feature Bypass
11803
Security Feature Bypass
10852
Security Feature Bypass
10853
Security Feature Bypass
10816
Security Feature Bypass
10855
Important
11497
Important
11498
Important
11563
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11715
Important
11766
Important
11767
Important
11768
Important
11769
Important
11801
Important
11802
Important
11803
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11497
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11498
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11563
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11568
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11569
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11570
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11571
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11572
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11712
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11713
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11714
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11715
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11766
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11767
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11768
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11769
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11801
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11802
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11803
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10852
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10853
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10816
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10855
4601354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601354
4598245
11497
11498
11563
Yes
Security Update
4601345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601345
4598230
11568
11569
11570
11571
11572
Yes
Security Update
4601345
https://support.microsoft.com/help/4601345
11568
11569
11570
11571
11572
4601315
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601315
4598229
11712
11713
11714
11715
Yes
Security Update
4601315
https://support.microsoft.com/help/4601315
11712
11713
11714
11715
4601319
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601319
4598242
11766
11767
11768
11769
11801
11802
11803
Yes
Security Update
4601319
https://support.microsoft.com/help/4601319
11766
11767
11768
11769
11801
11802
11803
4601318
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601318
4598243
10852
10853
10816
10855
Yes
Security Update
4601318
https://support.microsoft.com/help/4601318
10852
10853
10816
10855
Krishna Yalavarthi, WSD-ASCI team
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Windows Address Book Remote Code Execution Vulnerability
Windows Address Book
Microsoft
CVE-2021-24083
11497
11498
11563
11568
11569
11570
11571
11572
11712
11713
11714
11715
11766
11767
11768
11769
11801
11802
11803
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
10051
10049
10378
10379
10483
10543
Remote Code Execution
11497
Remote Code Execution
11498
Remote Code Execution
11563
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11712
Remote Code Execution
11713
Remote Code Execution
11714
Remote Code Execution
11715
Remote Code Execution
11766
Remote Code Execution
11767
Remote Code Execution
11768
Remote Code Execution
11769
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11803
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10047
Remote Code Execution
10048
Remote Code Execution
10481
Remote Code Execution
10482
Remote Code Execution
10484
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11497
Important
11498
Important
11563
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11715
Important
11766
Important
11767
Important
11768
Important
11769
Important
11801
Important
11802
Important
11803
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11497
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11498
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11563
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11715
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11766
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11767
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11768
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11769
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
4601354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601354
4598245
11497
11498
11563
Yes
Security Update
4601345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601345
4598230
11568
11569
11570
11571
11572
Yes
Security Update
4601345
https://support.microsoft.com/help/4601345
11568
11569
11570
11571
11572
4601315
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601315
4598229
11712
11713
11714
11715
Yes
Security Update
4601315
https://support.microsoft.com/help/4601315
11712
11713
11714
11715
4601319
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601319
4598242
11766
11767
11768
11769
11801
11802
11803
Yes
Security Update
4601319
https://support.microsoft.com/help/4601319
11766
11767
11768
11769
11801
11802
11803
4601331
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601331
4598231
10729
10735
Yes
Security Update
4601318
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601318
4598243
10852
10853
10816
10855
Yes
Security Update
4601318
https://support.microsoft.com/help/4601318
10852
10853
10816
10855
4601347
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601347
4598279
10047
10048
10051
10049
;dns.exe;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601347
https://support.microsoft.com/help/4601347
10047
10048
10051
10049
4601363
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601363
10047
10048
10051
10049
;dns.exe;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601363
https://support.microsoft.com/help/4601363
10047
10048
10051
10049
4601384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601384
4598285
10481
10482
10483
10543
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601384
https://support.microsoft.com/help/4601384
10481
10482
10484
10483
10543
4601349
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601349
10481
10482
10483
10543
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601349
https://support.microsoft.com/help/4601349
10481
10482
10483
10543
4601384
4598285
10484
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601348
4598278
10378
10379
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601348
https://support.microsoft.com/help/4601348
10378
10379
4601357
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601357
10378
10379
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601357
https://support.microsoft.com/help/4601357
10378
10379
Mat Powell of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Windows Mobile Device Management Information Disclosure Vulnerability
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system.</p>
Windows Mobile Device Management
Microsoft
CVE-2021-24084
11568
11569
11570
11571
11572
11712
11713
11714
11715
11766
11767
11768
11769
11801
11802
11803
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11570
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11712
Information Disclosure
11713
Information Disclosure
11714
Information Disclosure
11715
Information Disclosure
11766
Information Disclosure
11767
Information Disclosure
11768
Information Disclosure
11769
Information Disclosure
11801
Information Disclosure
11802
Information Disclosure
11803
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11715
Important
11766
Important
11767
Important
11768
Important
11769
Important
11801
Important
11802
Important
11803
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11570
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11712
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11713
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11714
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11715
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11766
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11767
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11768
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11769
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11801
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11802
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11803
5008218
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5008218
5007206
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2366
5008218
https://support.microsoft.com/help/5008218
11568
11569
11570
11571
11572
5008206
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5008206
11712
11713
11714
Yes
Security Update
10.0.18363.1977
4601315
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601315
4598229
11715
Yes
Security Update
4601315
https://support.microsoft.com/help/4601315
11715
5008212
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5008212
5006670
11766
11767
11768
11769
Yes
Security Update
10.0.19041.1415
5008212
https://support.microsoft.com/help/5008212
11766
11767
11768
11769
11801
11802
11803
5008212
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5008212
5006670
11801
11802
11803
Yes
Security Update
10.0.19042.1415
Abdelhamid Naceri (halov) working with Trend Micro Zero Day Initiative
2.0
2021-12-14T08:00:00
<p>To comprehensively address CVE-2021-24084, Microsoft has released December 2021 security updates for all supported editions of Microsoft Windows. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p>
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Windows TCP/IP Denial of Service Vulnerability
<p><strong>Where can I find more information about this vulnerability?</strong></p>
<p>Please see <a href="https://aka.ms/tcpipvulns">MSRC Blog</a> regarding the TCP/IP vulnerabilities discussed in CVE-2021-24074, CVE-2021-24086, and CVE-2021-24094.</p>
Windows TCP/IP
Microsoft
CVE-2021-24086
11497
11498
11563
11568
11569
11570
11571
11572
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
11712
11713
11714
11715
11766
11767
11768
11769
11801
11802
11803
Denial of Service
11497
Denial of Service
11498
Denial of Service
11563
Denial of Service
11568
Denial of Service
11569
Denial of Service
11570
Denial of Service
11571
Denial of Service
11572
Denial of Service
10729
Denial of Service
10735
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Denial of Service
10047
Denial of Service
10048
Denial of Service
10481
Denial of Service
10482
Denial of Service
10484
Denial of Service
9312
Denial of Service
10287
Denial of Service
9318
Denial of Service
9344
Denial of Service
10051
Denial of Service
10049
Denial of Service
10378
Denial of Service
10379
Denial of Service
10483
Denial of Service
10543
Denial of Service
11712
Denial of Service
11713
Denial of Service
11714
Denial of Service
11715
Denial of Service
11766
Denial of Service
11767
Denial of Service
11768
Denial of Service
11769
Denial of Service
11801
Denial of Service
11802
Denial of Service
11803
Important
11497
Important
11498
Important
11563
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Important
11712
Important
11713
Important
11714
Important
11715
Important
11766
Important
11767
Important
11768
Important
11769
Important
11801
Important
11802
Important
11803
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11497
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11498
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11563
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11570
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10729
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10735
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10047
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10048
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10481
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10482
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10484
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9312
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10287
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9318
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9344
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10051
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10049
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11712
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11713
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11714
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11715
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11766
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11767
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11768
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11769
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11801
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11802
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11803
4601354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601354
4598245
11497
11498
11563
Yes
Security Update
4601345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601345
4598230
11568
11569
11570
11571
11572
Yes
Security Update
4601345
https://support.microsoft.com/help/4601345
11568
11569
11570
11571
11572
4601331
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601331
4598231
10729
10735
Yes
Security Update
4601318
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601318
4598243
10852
10853
10816
10855
Yes
Security Update
4601318
https://support.microsoft.com/help/4601318
10852
10853
10816
10855
4601347
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601347
4598279
10047
10048
10051
10049
;dns.exe;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601347
https://support.microsoft.com/help/4601347
10047
10048
10051
10049
4601363
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601363
10047
10048
10051
10049
;dns.exe;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601363
https://support.microsoft.com/help/4601363
10047
10048
10051
10049
4601384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601384
4598285
10481
10482
10483
10543
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601384
https://support.microsoft.com/help/4601384
10481
10482
10484
10483
10543
4601349
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601349
10481
10482
10483
10543
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601349
https://support.microsoft.com/help/4601349
10481
10482
10483
10543
4601384
4598285
10484
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601360
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601360
4598288
9312
10287
9318
9344
dns.exe;fxssvc.exe;localspl.dll;msi.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;tcpip.sys;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601360
https://support.microsoft.com/help/4601360
9312
10287
9318
9344
4601366
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601366
9312
10287
9318
9344
dns.exe;fxssvc.exe;localspl.dll;msi.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;tcpip.sys;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601366
https://support.microsoft.com/help/4601366
9312
10287
9318
9344
4601348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601348
4598278
10378
10379
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601348
https://support.microsoft.com/help/4601348
10378
10379
4601357
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601357
10378
10379
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601357
https://support.microsoft.com/help/4601357
10378
10379
4601315
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601315
4598229
11712
11713
11714
11715
Yes
Security Update
4601315
https://support.microsoft.com/help/4601315
11712
11713
11714
11715
4601319
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601319
4598242
11766
11767
11768
11769
11801
11802
11803
Yes
Security Update
4601319
https://support.microsoft.com/help/4601319
11766
11767
11768
11769
11801
11802
11803
<p><strong>1. Set global reassemblylimit to 0</strong></p>
<p>The following command disables packet reassembly. Any out-of-order packets are dropped. Valid scenarios should not exceed more than 50 out-of-order fragments. We recommend testing prior to updating production systems.</p>
<p><code>Netsh int ipv6 set global reassemblylimit=0</code></p>
<p>Further netsh guidance can be found at <a href="https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/netsh">netsh</a>.</p>
<p><strong>Impact of workaround</strong></p>
<p>There is a potential for packet loss when discarding out-of-order packets.</p>
<p><strong>How to undo the workaround</strong></p>
<p>To restore to default setting "267748640":</p>
<p><code>Netsh int ipv6 set global reassemblylimit=267748640</code></p>
<p><strong>2. Configure an Edge device, such as a firewall or load balancer, to disallow IPv6 fragmentation. Host based firewalls do not provide sufficient protection.</strong></p>
<p>This vulnerability affects all Windows IPv6 deployments, but Windows systems that are ONLY configured with IPv6 link-local addresses are not reachable by remote attackers. IPv6 link-local addresses are not routable on the internet, and an attack would need to originate from the same logical or adjacent network segment.</p>
1.1
2021-02-12T08:00:00
<p>CVE updated to add clarifying statements to the workarounds and the mitigation. This is an informational change only.</p>
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Windows Local Spooler Remote Code Execution Vulnerability
Windows Print Spooler Components
Microsoft
CVE-2021-24088
11803
11801
11802
11497
11498
11563
11568
11569
11570
11571
11572
11712
11713
11714
11715
11766
11767
11768
11769
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11803
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11497
Remote Code Execution
11498
Remote Code Execution
11563
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11712
Remote Code Execution
11713
Remote Code Execution
11714
Remote Code Execution
11715
Remote Code Execution
11766
Remote Code Execution
11767
Remote Code Execution
11768
Remote Code Execution
11769
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10047
Remote Code Execution
10048
Remote Code Execution
10481
Remote Code Execution
10482
Remote Code Execution
10484
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
11803
Critical
11801
Critical
11802
Critical
11497
Critical
11498
Critical
11563
Critical
11568
Critical
11569
Critical
11570
Critical
11571
Critical
11572
Critical
11712
Critical
11713
Critical
11714
Critical
11715
Critical
11766
Critical
11767
Critical
11768
Critical
11769
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
10047
Critical
10048
Critical
10481
Critical
10482
Critical
10484
Critical
9312
Critical
10287
Critical
9318
Critical
9344
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11497
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11498
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11563
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11715
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11766
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11767
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11768
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11769
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
4601319
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601319
4598242
11803
11801
11802
11766
11767
11768
11769
Yes
Security Update
4601319
https://support.microsoft.com/help/4601319
11803
11801
11802
11766
11767
11768
11769
4601354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601354
4598245
11497
11498
11563
Yes
Security Update
4601345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601345
4598230
11568
11569
11570
11571
11572
Yes
Security Update
4601345
https://support.microsoft.com/help/4601345
11568
11569
11570
11571
11572
4601315
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601315
4598229
11712
11713
11714
11715
Yes
Security Update
4601315
https://support.microsoft.com/help/4601315
11712
11713
11714
11715
4601331
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601331
4598231
10729
10735
Yes
Security Update
4601318
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601318
4598243
10852
10853
10816
10855
Yes
Security Update
4601318
https://support.microsoft.com/help/4601318
10852
10853
10816
10855
4601347
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601347
4598279
10047
10048
10051
10049
;dns.exe;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601347
https://support.microsoft.com/help/4601347
10047
10048
10051
10049
4601363
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601363
10047
10048
10051
10049
;dns.exe;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601363
https://support.microsoft.com/help/4601363
10047
10048
10051
10049
4601384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601384
4598285
10481
10482
10483
10543
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601384
https://support.microsoft.com/help/4601384
10481
10482
10484
10483
10543
4601349
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601349
10481
10482
10483
10543
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601349
https://support.microsoft.com/help/4601349
10481
10482
10483
10543
4601384
4598285
10484
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601360
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601360
4598288
9312
10287
9318
9344
dns.exe;fxssvc.exe;localspl.dll;msi.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;tcpip.sys;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601360
https://support.microsoft.com/help/4601360
9312
10287
9318
9344
4601366
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601366
9312
10287
9318
9344
dns.exe;fxssvc.exe;localspl.dll;msi.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;tcpip.sys;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601366
https://support.microsoft.com/help/4601366
9312
10287
9318
9344
4601348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601348
4598278
10378
10379
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601348
https://support.microsoft.com/help/4601348
10378
10379
4601357
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601357
10378
10379
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601357
https://support.microsoft.com/help/4601357
10378
10379
Xuefeng Li (<a href="https://twitter.com/lxf02942370">@lxf02942370</a>) of <a href="https://sangfor.com">Sangfor</a> & Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>)
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Windows Camera Codec Pack Remote Code Execution Vulnerability
Microsoft Windows Codecs Library
Microsoft
CVE-2021-24091
11568
11569
11570
11571
11572
11712
11713
11714
11715
11766
11767
11768
11769
11801
11802
11803
10729
10735
10852
10853
10816
10855
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11712
Remote Code Execution
11713
Remote Code Execution
11714
Remote Code Execution
11715
Remote Code Execution
11766
Remote Code Execution
11767
Remote Code Execution
11768
Remote Code Execution
11769
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11803
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Critical
11568
Critical
11569
Critical
11570
Critical
11571
Critical
11572
Critical
11712
Critical
11713
Critical
11714
Critical
11715
Critical
11766
Critical
11767
Critical
11768
Critical
11769
Critical
11801
Critical
11802
Critical
11803
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11715
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11766
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11767
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11768
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11769
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
4601345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601345
4598230
11568
11569
11570
11571
11572
Yes
Security Update
4601345
https://support.microsoft.com/help/4601345
11568
11569
11570
11571
11572
4601315
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601315
4598229
11712
11713
11714
11715
Yes
Security Update
4601315
https://support.microsoft.com/help/4601315
11712
11713
11714
11715
4601319
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601319
4598242
11766
11767
11768
11769
11801
11802
11803
Yes
Security Update
4601319
https://support.microsoft.com/help/4601319
11766
11767
11768
11769
11801
11802
11803
4601331
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601331
4598231
10729
10735
Yes
Security Update
4601318
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601318
4598243
10852
10853
10816
10855
Yes
Security Update
4601318
https://support.microsoft.com/help/4601318
10852
10853
10816
10855
Hossein Lotfi of Trend Micro Zero Day Initiative
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Microsoft Defender Elevation of Privilege Vulnerability
<table>
<thead>
<tr>
<th>References</th>
<th>Identification</th>
</tr>
</thead>
<tbody>
<tr>
<td>Last version of the Microsoft Malware Protection Engine affected by this vulnerability</td>
<td>Version 1.1.17700.4</td>
</tr>
<tr>
<td>First version of the Microsoft Malware Protection Engine with this vulnerability addressed</td>
<td>Version 1.1.17800.5</td>
</tr>
</tbody>
</table>
<p><strong>Why is no action required to install this update?</strong>
In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner.</p>
<p>For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Microsoft Malware Protection Engine are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating.</p>
<p>Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Microsoft Malware Protection Engine updates and malware definitions, is working as expected in their environment.</p>
<p><strong>How often are the Microsoft Malware Protection Engine and malware definitions updated?</strong>
Microsoft typically releases an update for the Microsoft Malware Protection Engine once a month or as needed to protect against new threats. Microsoft also typically updates the malware definitions three times daily and can increase the frequency when needed.</p>
<p>Depending on which Microsoft antimalware software is used and how it is configured, the software may search for engine and definition updates every day when connected to the Internet, up to multiple times daily. Customers can also choose to manually check for updates at any time.</p>
<p><strong>What is the Microsoft Malware Protection Engine?</strong>
The Microsoft Malware Protection Engine, mpengine.dll, provides the scanning, detection, and cleaning capabilities for Microsoft antivirus and antispyware software.</p>
<p><strong>Does this update contain any additional security-related changes to functionality?</strong>
Yes. In addition to the changes that are listed for this vulnerability, this update includes defense-in-depth updates to help improve security-related features.</p>
<p><strong>Where can I find more information about Microsoft antimalware technology?</strong>
For more information, visit the <a href="https://www.microsoft.com/security/portal/">Microsoft Malware Protection Center</a> website.</p>
<p><strong>Suggested Actions</strong>
<strong>Verify that the update is installed</strong>
Customers should verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded and installed for their Microsoft antimalware products.</p>
<p>For more information on how to verify the version number for the Microsoft Malware Protection Engine that your software is currently using, see the section, "Verifying Update Installation", in <a href="https://support.microsoft.com/kb/2510781">Microsoft Knowledge Base Article 2510781</a>.</p>
<p>For affected software, verify that the Microsoft Malware Protection Engine version is 1.1.17800.5 or later.</p>
<p><strong>If necessary, install the update</strong>
Administrators of enterprise antimalware deployments should ensure that their update management software is configured to automatically approve and distribute engine updates and new malware definitions. Enterprise administrators should also verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded, approved and deployed in their environment.</p>
<p>For end-users, the affected software provides built-in mechanisms for the automatic detection and deployment of this update. For these customers, the update will be applied within 48 hours of its availability. The exact time frame depends on the software used, Internet connection, and infrastructure configuration.</p>
<p>End users that do not wish to wait can manually update their antimalware software.</p>
<p>For more information on how to manually update the Microsoft Malware Protection Engine and malware definitions, refer to <a href="https://support.microsoft.com/kb/2510781">Microsoft Knowledge Base Article 2510781</a>.</p>
Windows Defender
Microsoft
CVE-2021-24092
11430
11432
11504
10013
10331
251-11497
251-11498
251-11563
251-11568
251-11569
251-11570
251-11571
251-11572
251-11712
251-11713
251-11714
251-11715
251-11644
251-11645
251-11646
251-11647
251-11766
251-11767
251-11768
251-11769
251-11801
251-11802
251-11803
251-10729
251-10735
251-10852
251-10853
251-10816
251-10855
251-10047
251-10048
251-10481
251-10482
251-9312
251-10287
251-10051
251-10049
251-10378
251-10379
251-10483
251-10543
Elevation of Privilege
11430
Elevation of Privilege
11432
Elevation of Privilege
11504
Elevation of Privilege
10013
Elevation of Privilege
10331
Elevation of Privilege
251-11497
Elevation of Privilege
251-11498
Elevation of Privilege
251-11563
Elevation of Privilege
251-11568
Elevation of Privilege
251-11569
Elevation of Privilege
251-11570
Elevation of Privilege
251-11571
Elevation of Privilege
251-11572
Elevation of Privilege
251-11712
Elevation of Privilege
251-11713
Elevation of Privilege
251-11714
Elevation of Privilege
251-11715
Elevation of Privilege
251-11644
Elevation of Privilege
251-11645
Elevation of Privilege
251-11646
Elevation of Privilege
251-11647
Elevation of Privilege
251-11766
Elevation of Privilege
251-11767
Elevation of Privilege
251-11768
Elevation of Privilege
251-11769
Elevation of Privilege
251-11801
Elevation of Privilege
251-11802
Elevation of Privilege
251-11803
Elevation of Privilege
251-10729
Elevation of Privilege
251-10735
Elevation of Privilege
251-10852
Elevation of Privilege
251-10853
Elevation of Privilege
251-10816
Elevation of Privilege
251-10855
Elevation of Privilege
251-10047
Elevation of Privilege
251-10048
Elevation of Privilege
251-10481
Elevation of Privilege
251-10482
Elevation of Privilege
251-9312
Elevation of Privilege
251-10287
Elevation of Privilege
251-10051
Elevation of Privilege
251-10049
Elevation of Privilege
251-10378
Elevation of Privilege
251-10379
Elevation of Privilege
251-10483
Elevation of Privilege
251-10543
Important
11430
Important
11432
Important
11504
Important
10013
Important
10331
Important
251-11497
Important
251-11498
Important
251-11563
Important
251-11568
Important
251-11569
Important
251-11570
Important
251-11571
Important
251-11572
Important
251-11712
Important
251-11713
Important
251-11714
Important
251-11715
Important
251-11644
Important
251-11645
Important
251-11646
Important
251-11647
Important
251-11766
Important
251-11767
Important
251-11768
Important
251-11769
Important
251-11801
Important
251-11802
Important
251-11803
Important
251-10729
Important
251-10735
Important
251-10852
Important
251-10853
Important
251-10816
Important
251-10855
Important
251-10047
Important
251-10048
Important
251-10481
Important
251-10482
Important
251-9312
Important
251-10287
Important
251-10051
Important
251-10049
Important
251-10378
Important
251-10379
Important
251-10483
Important
251-10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11430
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11432
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11504
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10013
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10331
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-11497
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-11498
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-11563
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-11712
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-11713
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-11714
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-11715
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-11644
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-11645
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-11646
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-11647
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-11766
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-11767
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-11768
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-11769
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-11803
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-10047
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-10048
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-10481
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-10482
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
251-10543
Kasif Dekel (<a href="https://twitter.com/kasifdekel">@kasifdekel</a>) of SentinelOne
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Windows TCP/IP Remote Code Execution Vulnerability
<p><strong>Where can I find more information about this vulnerability?</strong></p>
<p>Please see <a href="https://aka.ms/tcpipvulns">MSRC Blog</a> regarding the TCP/IP vulnerabilities discussed in CVE-2021-24074, CVE-2021-24086, and CVE-2021-24094.</p>
Windows TCP/IP
Microsoft
CVE-2021-24094
11497
11498
11563
11568
11569
11570
11571
11572
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
11712
11713
11714
11715
11766
11767
11768
11769
11801
11802
11803
Remote Code Execution
11497
Remote Code Execution
11498
Remote Code Execution
11563
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10047
Remote Code Execution
10048
Remote Code Execution
10481
Remote Code Execution
10482
Remote Code Execution
10484
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Remote Code Execution
11712
Remote Code Execution
11713
Remote Code Execution
11714
Remote Code Execution
11715
Remote Code Execution
11766
Remote Code Execution
11767
Remote Code Execution
11768
Remote Code Execution
11769
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11803
Critical
11497
Critical
11498
Critical
11563
Critical
11568
Critical
11569
Critical
11570
Critical
11571
Critical
11572
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
10047
Critical
10048
Critical
10481
Critical
10482
Critical
10484
Critical
9312
Critical
10287
Critical
9318
Critical
9344
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Critical
11712
Critical
11713
Critical
11714
Critical
11715
Critical
11766
Critical
11767
Critical
11768
Critical
11769
Critical
11801
Critical
11802
Critical
11803
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11497
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11498
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11563
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11715
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11766
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11767
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11768
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11769
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
4601354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601354
4598245
11497
11498
11563
Yes
Security Update
4601345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601345
4598230
11568
11569
11570
11571
11572
Yes
Security Update
4601345
https://support.microsoft.com/help/4601345
11568
11569
11570
11571
11572
4601331
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601331
4598231
10729
10735
Yes
Security Update
4601318
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601318
4598243
10852
10853
10816
10855
Yes
Security Update
4601318
https://support.microsoft.com/help/4601318
10852
10853
10816
10855
4601347
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601347
4598279
10047
10048
10051
10049
;dns.exe;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601347
https://support.microsoft.com/help/4601347
10047
10048
10051
10049
4601363
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601363
10047
10048
10051
10049
;dns.exe;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601363
https://support.microsoft.com/help/4601363
10047
10048
10051
10049
4601384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601384
4598285
10481
10482
10483
10543
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601384
https://support.microsoft.com/help/4601384
10481
10482
10484
10483
10543
4601349
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601349
10481
10482
10483
10543
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601349
https://support.microsoft.com/help/4601349
10481
10482
10483
10543
4601384
4598285
10484
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601360
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601360
4598288
9312
10287
9318
9344
dns.exe;fxssvc.exe;localspl.dll;msi.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;tcpip.sys;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601360
https://support.microsoft.com/help/4601360
9312
10287
9318
9344
4601366
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601366
9312
10287
9318
9344
dns.exe;fxssvc.exe;localspl.dll;msi.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;tcpip.sys;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601366
https://support.microsoft.com/help/4601366
9312
10287
9318
9344
4601348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601348
4598278
10378
10379
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601348
https://support.microsoft.com/help/4601348
10378
10379
4601357
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601357
10378
10379
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601357
https://support.microsoft.com/help/4601357
10378
10379
4601315
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601315
4598229
11712
11713
11714
11715
Yes
Security Update
4601315
https://support.microsoft.com/help/4601315
11712
11713
11714
11715
4601319
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601319
4598242
11766
11767
11768
11769
11801
11802
11803
Yes
Security Update
4601319
https://support.microsoft.com/help/4601319
11766
11767
11768
11769
11801
11802
11803
<p><strong>1. Set global reassemblylimit to 0</strong></p>
<p>The following command disables packet reassembly. Any out-of-order packets are dropped. Valid scenarios should not exceed more than 50 out-of-order fragments. We recommend testing prior to updating production systems.</p>
<p><code>Netsh int ipv6 set global reassemblylimit=0</code></p>
<p>Further netsh guidance can be found at <a href="https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/netsh">netsh</a>.</p>
<p><strong>Impact of workaround</strong></p>
<p>There is a potential for packet loss when discarding out-of-order packets.</p>
<p><strong>How to undo the workaround</strong></p>
<p>To restore to default setting "267748640":</p>
<p><code>Netsh int ipv6 set global reassemblylimit=267748640</code></p>
<p><strong>2. Configure an Edge device, such as a firewall or load balancer, to disallow IPv6 fragmentation. Host based firewalls do not provide sufficient protection.</strong></p>
<p>This vulnerability affects all Windows IPv6 deployments, but Windows systems that are ONLY configured with IPv6 link-local addresses are not reachable by remote attackers. IPv6 link-local addresses are not routable on the internet, and an attack would need to originate from the same logical or adjacent network segment.</p>
1.1
2021-02-12T08:00:00
<p>CVE updated to add clarifying statements to the workarounds and the mitigation. This is an informational change only.</p>
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Windows Console Driver Denial of Service Vulnerability
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p>
Windows Console Driver
Microsoft
CVE-2021-24098
11766
11767
11768
11769
11801
11802
11803
11497
11498
11563
11568
11569
11570
11571
11572
11712
11713
11714
11715
Denial of Service
11766
Denial of Service
11767
Denial of Service
11768
Denial of Service
11769
Denial of Service
11801
Denial of Service
11802
Denial of Service
11803
Denial of Service
11497
Denial of Service
11498
Denial of Service
11563
Denial of Service
11568
Denial of Service
11569
Denial of Service
11570
Denial of Service
11571
Denial of Service
11572
Denial of Service
11712
Denial of Service
11713
Denial of Service
11714
Denial of Service
11715
Important
11766
Important
11767
Important
11768
Important
11769
Important
11801
Important
11802
Important
11803
Important
11497
Important
11498
Important
11563
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11715
Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11766
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11767
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11768
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11769
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11801
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11802
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11803
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11497
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11498
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11563
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11570
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11712
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11713
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11714
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11715
4601319
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601319
4598242
11766
11767
11768
11769
11801
11802
11803
Yes
Security Update
4601319
https://support.microsoft.com/help/4601319
11766
11767
11768
11769
11801
11802
11803
4601354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601354
4598245
11497
11498
11563
Yes
Security Update
4601345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601345
4598230
11568
11569
11570
11571
11572
Yes
Security Update
4601345
https://support.microsoft.com/help/4601345
11568
11569
11570
11571
11572
4601315
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601315
4598229
11712
11713
11714
11715
Yes
Security Update
4601315
https://support.microsoft.com/help/4601315
11712
11713
11714
11715
<a href="https://twitter.com/waleedassar">Walied Assar</a>
songmingxuan by JD logistics security
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Skype for Business and Lync Denial of Service Vulnerability
Skype for Business
Microsoft
CVE-2021-24099
11722
11613
10428
Denial of Service
11722
Denial of Service
11613
Denial of Service
10428
Important
11722
Important
11613
Important
10428
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11722
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11613
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10428
5000675
https://www.microsoft.com/download/details.aspx?familyid=de77f3bc-efd5-4dab-a2fb-81e2894b0937
11722
Maybe
Security Update
5000675
https://www.microsoft.com/download/details.aspx?familyid=0d08ed37-106a-456f-a5c6-61df22588bec
11613
Maybe
Security Update
5000675
https://www.microsoft.com/download/details.aspx?familyid=dac7c777-fe8a-45a2-9a82-07a2e15c298f
10428
Maybe
Security Update
Markus Wulftange of Code White GmbH (@codewhitesec)
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Windows Event Tracing Elevation of Privilege Vulnerability
Windows Event Tracing
Microsoft
CVE-2021-24102
11497
11498
11563
11568
11569
11570
11571
11572
11712
11713
11714
11715
11766
11767
11768
11769
11801
11802
11803
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11497
Elevation of Privilege
11498
Elevation of Privilege
11563
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11712
Elevation of Privilege
11713
Elevation of Privilege
11714
Elevation of Privilege
11715
Elevation of Privilege
11766
Elevation of Privilege
11767
Elevation of Privilege
11768
Elevation of Privilege
11769
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11803
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11497
Important
11498
Important
11563
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11715
Important
11766
Important
11767
Important
11768
Important
11769
Important
11801
Important
11802
Important
11803
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11497
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11498
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11563
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11715
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11766
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11767
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11768
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11769
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
4601354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601354
4598245
11497
11498
11563
Yes
Security Update
4601345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601345
4598230
11568
11569
11570
11571
11572
Yes
Security Update
4601345
https://support.microsoft.com/help/4601345
11568
11569
11570
11571
11572
4601315
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601315
4598229
11712
11713
11714
11715
Yes
Security Update
4601315
https://support.microsoft.com/help/4601315
11712
11713
11714
11715
4601319
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601319
4598242
11766
11767
11768
11769
11801
11802
11803
Yes
Security Update
4601319
https://support.microsoft.com/help/4601319
11766
11767
11768
11769
11801
11802
11803
4601331
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601331
4598231
10729
10735
Yes
Security Update
4601318
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601318
4598243
10852
10853
10816
10855
Yes
Security Update
4601318
https://support.microsoft.com/help/4601318
10852
10853
10816
10855
4601347
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601347
4598279
10047
10048
10051
10049
;dns.exe;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601347
https://support.microsoft.com/help/4601347
10047
10048
10051
10049
4601363
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601363
10047
10048
10051
10049
;dns.exe;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601363
https://support.microsoft.com/help/4601363
10047
10048
10051
10049
4601384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601384
4598285
10481
10482
10483
10543
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601384
https://support.microsoft.com/help/4601384
10481
10482
10484
10483
10543
4601349
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601349
10481
10482
10483
10543
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601349
https://support.microsoft.com/help/4601349
10481
10482
10483
10543
4601384
4598285
10484
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601360
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601360
4598288
9312
10287
9318
9344
dns.exe;fxssvc.exe;localspl.dll;msi.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;tcpip.sys;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601360
https://support.microsoft.com/help/4601360
9312
10287
9318
9344
4601366
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601366
9312
10287
9318
9344
dns.exe;fxssvc.exe;localspl.dll;msi.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;tcpip.sys;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601366
https://support.microsoft.com/help/4601366
9312
10287
9318
9344
4601348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601348
4598278
10378
10379
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601348
https://support.microsoft.com/help/4601348
10378
10379
4601357
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601357
10378
10379
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601357
https://support.microsoft.com/help/4601357
10378
10379
Yuki Chen
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Windows Event Tracing Elevation of Privilege Vulnerability
Windows Event Tracing
Microsoft
CVE-2021-24103
11497
11498
11563
11568
11569
11570
11571
11572
11712
11713
11714
11715
11766
11767
11768
11769
11801
11802
11803
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11497
Elevation of Privilege
11498
Elevation of Privilege
11563
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11712
Elevation of Privilege
11713
Elevation of Privilege
11714
Elevation of Privilege
11715
Elevation of Privilege
11766
Elevation of Privilege
11767
Elevation of Privilege
11768
Elevation of Privilege
11769
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11803
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11497
Important
11498
Important
11563
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11715
Important
11766
Important
11767
Important
11768
Important
11769
Important
11801
Important
11802
Important
11803
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11497
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11498
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11563
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11715
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11766
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11767
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11768
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11769
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
4601354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601354
4598245
11497
11498
11563
Yes
Security Update
4601345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601345
4598230
11568
11569
11570
11571
11572
Yes
Security Update
4601345
https://support.microsoft.com/help/4601345
11568
11569
11570
11571
11572
4601315
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601315
4598229
11712
11713
11714
11715
Yes
Security Update
4601315
https://support.microsoft.com/help/4601315
11712
11713
11714
11715
4601319
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601319
4598242
11766
11767
11768
11769
11801
11802
11803
Yes
Security Update
4601319
https://support.microsoft.com/help/4601319
11766
11767
11768
11769
11801
11802
11803
4601331
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601331
4598231
10729
10735
Yes
Security Update
4601318
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601318
4598243
10852
10853
10816
10855
Yes
Security Update
4601318
https://support.microsoft.com/help/4601318
10852
10853
10816
10855
4601347
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601347
4598279
10047
10048
10051
10049
;dns.exe;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601347
https://support.microsoft.com/help/4601347
10047
10048
10051
10049
4601363
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601363
10047
10048
10051
10049
;dns.exe;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601363
https://support.microsoft.com/help/4601363
10047
10048
10051
10049
4601384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601384
4598285
10481
10482
10483
10543
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601384
https://support.microsoft.com/help/4601384
10481
10482
10484
10483
10543
4601349
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601349
10481
10482
10483
10543
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601349
https://support.microsoft.com/help/4601349
10481
10482
10483
10543
4601384
4598285
10484
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601360
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601360
4598288
9312
10287
9318
9344
dns.exe;fxssvc.exe;localspl.dll;msi.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;tcpip.sys;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601360
https://support.microsoft.com/help/4601360
9312
10287
9318
9344
4601366
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601366
9312
10287
9318
9344
dns.exe;fxssvc.exe;localspl.dll;msi.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;tcpip.sys;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601366
https://support.microsoft.com/help/4601366
9312
10287
9318
9344
4601348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601348
4598278
10378
10379
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4601348
https://support.microsoft.com/help/4601348
10378
10379
4601357
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601357
10378
10379
;dns.exe;fhcfg.dll;fxssvc.exe;localspl.dll;msi.dll;netlogon.dll;ntkrnlmp.exe;ntkrpamp.exe;oleaut32.dll;pku2u.dll;tcpip.sys;vmswitch.sys;wab32.dll;wintrust.dll
0001-01-01T00:00:00
Yes
Security Only
4601357
https://support.microsoft.com/help/4601357
10378
10379
Yuki Chen
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Package Managers Configurations Remote Code Execution Vulnerability
<p>Depending on configuration of various package managers it is possible for an attacker to insert a malicious package into a package manager's repository which can be retrieved and used during development, build, and release processes. This insertion could lead to remote code execution. We believe this vulnerability affects multiple package managers across multiple languages, including but not limited to: Python/pip, .NET/NuGet, Java/Maven, JavaScript/npm.</p>
<p><strong>Attack scenarios</strong></p>
<p>An attacker could take advantage of this ecosystem-wide issue to cause harm in a variety of ways. The original attack scenarios were discovered by Alex Birsan and are detailed in their whitepaper, <a href="https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610">Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies</a>.</p>
<ul>
<li><p>With basic knowledge of the target ecosystems, an attacker could create an empty shell for a package and insert malicious code in the install scripts, give it a high version, and publish it to the public repository. Vulnerable victim machines will download the higher version of the package between the public and private repositories and attempt to install it. Due to code incompatibility it will probably error out upon import or upon compilation, making it easier to detect; however the attacker would have gained code execution by that point.</p>
</li>
<li><p>An advanced attacker with some inside knowledge of the target could take a copy of a working package, insert the malicious code (in the package itself or in the install), and then publish it to a public repository. The package will likely install and import correctly, granting the attacker an initial foothold and persistence.</p>
</li>
</ul>
<p>These two methods could affect target organizations at any of these various levels:</p>
<ul>
<li>Developer machines</li>
<li>An entire team if the configuration to import the malicious package is uploaded to a code repository</li>
<li>Continuous integration pipelines if they pull the malicious packages during the build, test, and/or deploy stages</li>
<li>Customers, download servers, production services if the malicious code has not been detected</li>
</ul>
<p>This remote code execution vulnerability can only be addressed by reconfiguring installation tools and workflows, and not by correcting anything in the package repositories themselves. See the <strong>FAQ</strong> section of this CVE for configuration guidance.</p>
<p><strong>How do I protect my systems or organization from this vulnerability?</strong></p>
<p>This remote code execution vulnerability can only be addressed by reconfiguring installation tools and workflows, and not by correcting anything in the package repositories themselves. Some package repositories may be able to reduce the likelihood of a successful attack.</p>
<p><strong>Where can I find guidance for configuring my installation tools and workflows to be protected from this vulnerability?</strong></p>
<p>Depending on the package manager used and how it is configured, there are several mitigations available to protect against this vulnerability. Follow the guidance for your specific language as outlined in <a href="https://aka.ms/pkg-sec-wp">3 Ways to Mitigate Risk Using Private Package Feeds</a></p>
<p>See also <a href="https://aka.ms/upstreamBehaviorBlog">Changes to Azure Artifact Upstream Behavior</a>.</p>
<p><strong>References</strong></p>
<ul>
<li><a href="https://aka.ms/pkg-sec-wp">3 Ways to Mitigate Risk Using Private Package Feeds</a></li>
<li><a href="https://aka.ms/upstreamBehaviorBlog">Changes to Azure Artifact Upstream Behavior</a></li>
<li><a href="https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610">Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies</a>.</li>
</ul>
Developer Tools
Microsoft
CVE-2021-24105
11855
Remote Code Execution
11855
Important
11855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
8.4
7.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11855
<a href="https://twitter.com/alxbrsn"> Alex Birsan </a>
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Windows DirectX Information Disclosure Vulnerability
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.</p>
Windows DirectX
Microsoft
CVE-2021-24106
11497
11498
11563
11568
11569
11570
11571
11572
11712
11713
11714
11715
11766
11767
11768
11769
11801
11802
11803
Information Disclosure
11497
Information Disclosure
11498
Information Disclosure
11563
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11570
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11712
Information Disclosure
11713
Information Disclosure
11714
Information Disclosure
11715
Information Disclosure
11766
Information Disclosure
11767
Information Disclosure
11768
Information Disclosure
11769
Information Disclosure
11801
Information Disclosure
11802
Information Disclosure
11803
Important
11497
Important
11498
Important
11563
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11715
Important
11766
Important
11767
Important
11768
Important
11769
Important
11801
Important
11802
Important
11803
Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11497
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11498
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11563
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11570
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11712
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11713
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11714
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11715
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11766
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11767
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11768
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11769
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11801
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11802
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11803
4601354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601354
4598245
11497
11498
11563
Yes
Security Update
4601345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601345
4598230
11568
11569
11570
11571
11572
Yes
Security Update
4601345
https://support.microsoft.com/help/4601345
11568
11569
11570
11571
11572
4601315
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601315
4598229
11712
11713
11714
11715
Yes
Security Update
4601315
https://support.microsoft.com/help/4601315
11712
11713
11714
11715
4601319
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601319
4598242
11766
11767
11768
11769
11801
11802
11803
Yes
Security Update
4601319
https://support.microsoft.com/help/4601319
11766
11767
11768
11769
11801
11802
11803
madongze(<a href="https://twitter.com/YanZiShuang">@YanZiShuang</a>) of DBAPPSecurity Co., Ltd
Simon Barsky (<a href="https://twitter.com/expend20">@expend20</a>)
liuxiaoliang and pjf
k0shl
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
<p><strong>How do I know if I need to install the update?</strong></p>
<p>Customer should verify if they are running virtual nodes or virtual-kubelet by running the following command:
<code>kubectl get nodes -o wide, the kubelet version will report like vk-&lt;version&gt;</code></p>
<p><strong>Which virtual node version versions are affected?</strong></p>
<p>The affected versions are v1.18.4-vk-azure-aci-v1.3.2 (virtual node version below this should do an upgrade.)</p>
<p><strong>Where can I install the update?</strong></p>
<p>Customers using Azure Kubernetes Service are automatically upgraded with the new patched version.
If you are installing using the helm chart or image, you can update the image reference to mcr.microsoft.com/oss/virtual-kubelet/virtual-kubelet:1.3.2</p>
Microsoft Azure Kubernetes Service
Microsoft
CVE-2021-24109
11669
Elevation of Privilege
11669
Moderate
11669
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
6.8
5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11669
1.0
2021-02-09T08:00:00
<p>Information published.</p>
Chromium CVE-2021-21142: Use after free in Payments
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>88.0.705.62</td>
<td>2/4/2021</td>
<td>88.0.4324.146</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
CVE-2021-21142
11655
11655
11655
DOS:N/A
1.0
2021-02-04T08:00:00
<p>Information published.</p>
Chromium CVE-2021-21143: Heap buffer overflow in Extensions
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>88.0.705.62</td>
<td>2/4/2021</td>
<td>88.0.4324.146</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
CVE-2021-21143
11655
11655
11655
DOS:N/A
1.0
2021-02-04T08:00:00
<p>Information published.</p>
Chromium CVE-2021-21144: Heap buffer overflow in Tab Groups
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>88.0.705.62</td>
<td>2/4/2021</td>
<td>88.0.4324.146</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
CVE-2021-21144
11655
11655
11655
DOS:N/A
1.0
2021-02-04T08:00:00
<p>Information published.</p>
Chromium CVE-2021-21145: Use after free in Fonts
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>88.0.705.62</td>
<td>2/4/2021</td>
<td>88.0.4324.146</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
CVE-2021-21145
11655
11655
11655
DOS:N/A
1.0
2021-02-04T08:00:00
<p>Information published.</p>
Chromium CVE-2021-21146: Use after free in Navigation
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>88.0.705.62</td>
<td>2/4/2021</td>
<td>88.0.4324.146</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
CVE-2021-21146
11655
11655
11655
DOS:N/A
1.0
2021-02-04T08:00:00
<p>Information published.</p>
Chromium CVE-2021-21147: Inappropriate implementation in Skia
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>88.0.705.62</td>
<td>2/4/2021</td>
<td>88.0.4324.146</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
CVE-2021-21147
11655
11655
11655
DOS:N/A
1.0
2021-02-04T08:00:00
<p>Information published.</p>
.NET Framework Denial of Service Vulnerability
<p><strong>I am running Windows Server 2008, Windows 7, or Windows Server 2008 R2 and I cannot install the Security Only updates for any of the 4.X versions of Microsoft .NET Framework. How do I protect my system from this vulnerability?</strong></p>
<p>There is a known issue with the Monthly Rollup and Security Only updates for the 4.X versions of .NET Framework installed on Windows Server 2008, Windows 7, and Windows Server 2008 R2.</p>
<ul>
<li><p>If you are unable to install a Monthly Rollup Security Only update, a version 2 is available that addresses the known issue. See the <strong>How to obtain and install the update</strong> section of the Article for the update you are attempting to install.</p>
</li>
<li><p>If you are unable to install a Security Only update Monthly Rollup, for a workaround to this known issue see the <strong>Known issues in this update</strong> section of the Article for the update you are attempting to install.</p>
</li>
</ul>
.NET Framework
Microsoft
CVE-2021-24111
11529-10378
11529-10049
11650-11568
11529-10051
11529-10482
11529-10483
11650-11497
11529-10047
11650-11498
11529-10048
11529-10543
11529-10379
11529-10481
11529-10484
11650-11569
11650-10855
11650-10852
11650-10047
11650-10481
11650-10853
11650-10048
11650-10051
11650-10482
11650-10378
11650-10816
11650-10049
11650-10484
11650-10483
11650-10379
10728-9312
10728-9318
11650-11801
11650-11769
11650-11768
11650-11803
11650-11802
11650-11767
11650-11766
11863-10852
11863-10855
11862-11498
11862-11572
11862-11571
11863-10853
11863-10816
11862-11497
11862-11563
11650-11572
11650-11571
11650-11713
11650-11715
11650-11714
11650-11712
11650-10543
Denial of Service
11529-10378
Denial of Service
11529-10049
Denial of Service
11650-11568
Denial of Service
11529-10051
Denial of Service
11529-10482
Denial of Service
11529-10483
Denial of Service
11650-11497
Denial of Service
11529-10047
Denial of Service
11650-11498
Denial of Service
11529-10048
Denial of Service
11529-10543
Denial of Service
11529-10379
Denial of Service
11529-10481
Denial of Service
11529-10484
Denial of Service
11650-11569
Denial of Service
11650-10855
Denial of Service
11650-10852
Denial of Service
11650-10047
Denial of Service
11650-10481
Denial of Service
11650-10853
Denial of Service
11650-10048
Denial of Service
11650-10051
Denial of Service
11650-10482
Denial of Service
11650-10378
Denial of Service
11650-10816
Denial of Service
11650-10049
Denial of Service
11650-10484
Denial of Service
11650-10483
Denial of Service
11650-10379
Denial of Service
10728-9312
Denial of Service
10728-9318
Denial of Service
11650-11801
Denial of Service
11650-11769
Denial of Service
11650-11768
Denial of Service
11650-11803
Denial of Service
11650-11802
Denial of Service
11650-11767
Denial of Service
11650-11766
Denial of Service
11863-10852
Denial of Service
11863-10855
Denial of Service
11862-11498
Denial of Service
11862-11572
Denial of Service
11862-11571
Denial of Service
11863-10853
Denial of Service
11863-10816
Denial of Service
11862-11497
Denial of Service
11862-11563
Denial of Service
11650-11572
Denial of Service
11650-11571
Denial of Service
11650-11713
Denial of Service
11650-11715
Denial of Service
11650-11714
Denial of Service
11650-11712
Denial of Service
11650-10543
Important
11529-10378
Important
11529-10049
Important
11650-11568
Important
11529-10051
Important
11529-10482
Important
11529-10483
Important
11650-11497
Important
11529-10047
Important
11650-11498
Important
11529-10048
Important
11529-10543
Important
11529-10379
Important
11529-10481
Important
11529-10484
Important
11650-11569
Important
11650-10855
Important
11650-10852
Important
11650-10047
Important
11650-10481
Important
11650-10853
Important
11650-10048
Important
11650-10051
Important
11650-10482
Important
11650-10378
Important
11650-10816
Important
11650-10049
Important
11650-10484
Important
11650-10483
Important
11650-10379
Important
10728-9312
Important
10728-9318
Important
11650-11801
Important
11650-11769
Important
11650-11768
Important
11650-11803
Important
11650-11802
Important
11650-11767
Important
11650-11766
Important
11863-10852
Important
11863-10855
Important
11862-11498
Important
11862-11572
Important
11862-11571
Important
11863-10853
Important
11863-10816
Important
11862-11497
Important
11862-11563
Important
11650-11572
Important
11650-11571
Important
11650-11713
Important
11650-11715
Important
11650-11714
Important
11650-11712
Important
11650-10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11529-10378
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11529-10049
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11650-11568
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11529-10051
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11529-10482
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11529-10483
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11650-11497
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11529-10047
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11650-11498
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11529-10048
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11529-10543
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11529-10379
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11529-10481
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11529-10484
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11650-11569
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11650-10855
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11650-10852
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11650-10047
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11650-10481
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11650-10853
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11650-10048
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11650-10051
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11650-10482
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11650-10378
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11650-10816
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11650-10049
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11650-10484
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11650-10483
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11650-10379
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10728-9312
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10728-9318
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11650-11801
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11650-11769
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11650-11768
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11650-11803
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11650-11802
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11650-11767
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11650-11766
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11863-10852
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11863-10855
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11862-11498
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11862-11572
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11862-11571
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11863-10853
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11863-10816
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11862-11497
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11862-11563
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11650-11572
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11650-11571
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11650-11713
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11650-11715
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11650-11714
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11650-11712
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11650-10543
4603003
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4600957
4598501, 4579978
11529-10378
11529-10379
Maybe
Monthly Rollup
4603003
https://support.microsoft.com/help/4603003
11529-10378
11529-10379
11650-10378
11650-10379
4602959
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601093
11529-10378
11529-10379
Maybe
Security Only
4603002
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4600945
4598500, 4579977
11529-10049
11529-10051
11529-10047
11529-10048
Maybe
Monthly Rollup
4603002
https://support.microsoft.com/help/4603002
11529-10049
11529-10051
11529-10047
11529-10048
11650-10047
11650-10048
11650-10051
11650-10049
4602958
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601090
11529-10049
11529-10051
11529-10047
11529-10048
Maybe
Security Only
4602958
https://support.microsoft.com/help/4602958
11529-10049
11529-10051
11529-10047
11529-10048
11650-10047
11650-10048
11650-10051
11650-10049
4601887
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601055
4598499, 4598461, 4579976
11650-11568
11650-11569
11650-11572
11650-11571
Maybe
Security Update
4601887
https://support.microsoft.com/help/4601887
11650-11568
11650-11569
11862-11572
11862-11571
11650-11572
11650-11571
4603004
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601048
4598502, 4579979
11529-10482
11529-10483
11529-10543
11529-10481
11529-10484
Maybe
Monthly Rollup
4603004
https://support.microsoft.com/help/4603004
11529-10482
11529-10483
11529-10543
11529-10481
11529-10484
11650-10481
11650-10482
11650-10484
11650-10483
11650-10543
4602960
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601094
11529-10482
11529-10483
11529-10543
11529-10481
Maybe
Security Only
4601054
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601054
4597249, 4578972
11650-11497
11650-11498
Maybe
Security Update
4601054
https://support.microsoft.com/help/4601054
11650-11497
11650-11498
4601051
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601051
4597247, 4578969
11650-10855
11650-10852
11650-10853
11650-10816
Maybe
Security Update
4601051
https://support.microsoft.com/help/4601051
11650-10855
11650-10852
11650-10853
11650-10816
4603002
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4600944
4598500, 4579977
11650-10047
11650-10048
11650-10051
11650-10049
Maybe
Monthly Rollup
4602958
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601089
11650-10047
11650-10048
11650-10051
11650-10049
Maybe
Security Only
4603004
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601058
4598502, 4579979
11650-10481
11650-10482
11650-10484
11650-10483
11650-10543
Maybe
Monthly Rollup
4602960
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601092
11650-10481
11650-10482
11650-10483
11650-10543
Maybe
Security Only
4603003
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601057
4598501, 4579978
11650-10378
11650-10379
Maybe
Monthly Rollup
4602959
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601091
11650-10378
11650-10379
Maybe
Security Only
4603005
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4600945
4598503, 4579980
10728-9312
10728-9318
Maybe
Monthly Rollup
4603005
https://support.microsoft.com/help/4603005
10728-9312
10728-9318
4602961
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4602961
10728-9312
Maybe
Security Only
4602961
https://support.microsoft.com/help/4602961
10728-9312
10728-9318
4602961
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601090
10728-9318
Maybe
Security Only
4601050
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601050
4586876, 4598299, 4578968
11650-11801
11650-11769
11650-11768
11650-11803
11650-11802
11650-11767
11650-11766
Maybe
Security Update
4601050
https://support.microsoft.com/help/4601050
11650-11801
11650-11769
11650-11768
11650-11803
11650-11802
11650-11767
11650-11766
4601318
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601318
4598243
11863-10852
11863-10855
11863-10853
11863-10816
Yes
Security Update
4601318
https://support.microsoft.com/help/4601318
11863-10852
11863-10855
11863-10853
11863-10816
4601354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601354
4598245
11862-11498
11862-11497
11862-11563
Yes
Security Update
4601887
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601060
4598499, 4598461, 4579976
11862-11572
11862-11571
Maybe
Security Update
4601056
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601056
4586878, 4598301, 4578974
11650-11713
11650-11715
11650-11714
11650-11712
Maybe
Security Update
4601056
https://support.microsoft.com/help/4601056
11650-11713
11650-11715
11650-11714
11650-11712
1.0
2021-02-09T08:00:00
<p>Information published.</p>
1.1
2021-02-16T08:00:00
<p>Corrected Download and Article links for affected versions of Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 installed on Windows Server 2012 in the Security Updates table. This is an informational change only.</p>
Microsoft Windows Security Feature Bypass Vulnerability
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>It is a bypass of Extended Protection for Authentication(EPA) where Service Principle Name could allow Windows store UAP applications to elevate privileges.</p>
Microsoft Windows
Microsoft
CVE-2020-17162
11497
11498
11563
11568
11569
11570
11571
11572
11712
11713
11714
11715
11644
11645
11646
11647
11766
11767
11768
11769
10729
10735
10852
10853
10816
10855
10481
10482
10484
10378
10379
10483
10543
Security Feature Bypass
11497
Security Feature Bypass
11498
Security Feature Bypass
11563
Security Feature Bypass
11568
Security Feature Bypass
11569
Security Feature Bypass
11570
Security Feature Bypass
11571
Security Feature Bypass
11572
Security Feature Bypass
11712
Security Feature Bypass
11713
Security Feature Bypass
11714
Security Feature Bypass
11715
Security Feature Bypass
11644
Security Feature Bypass
11645
Security Feature Bypass
11646
Security Feature Bypass
11647
Security Feature Bypass
11766
Security Feature Bypass
11767
Security Feature Bypass
11768
Security Feature Bypass
11769
Security Feature Bypass
10729
Security Feature Bypass
10735
Security Feature Bypass
10852
Security Feature Bypass
10853
Security Feature Bypass
10816
Security Feature Bypass
10855
Security Feature Bypass
10481
Security Feature Bypass
10482
Security Feature Bypass
10484
Security Feature Bypass
10378
Security Feature Bypass
10379
Security Feature Bypass
10483
Security Feature Bypass
10543
Important
11497
Important
11498
Important
11563
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11715
Important
11644
Important
11645
Important
11646
Important
11647
Important
11766
Important
11767
Important
11768
Important
11769
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10481
Important
10482
Important
10484
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;DOS:N/A
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11497
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11498
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11563
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11715
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11644
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11645
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11646
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11647
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11766
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11767
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11768
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11769
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
4577032
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4577032
4571709
11497
11498
11563
Yes
Security Update
4570333
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4570333
4565349
11568
11569
11570
11571
11572
Yes
Security Update
4570333
https://support.microsoft.com/help/4570333
11568
11569
11570
11571
11572
4574727
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4574727
4565351
11712
11713
11714
11715
11644
11645
11646
11647
Yes
Security Update
4574727
https://support.microsoft.com/help/4574727
11712
11713
11714
11715
11644
11645
11646
11647
4571756
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4571756
4566782
11766
11767
11768
11769
Yes
Security Update
4571756
https://support.microsoft.com/help/4571756
11766
11767
11768
11769
4577049
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4577049
4571692
10729
10735
Yes
Security Update
4577015
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4577015
4571694
10852
10853
10816
10855
Yes
Security Update
4577015
https://support.microsoft.com/help/4577015
10852
10853
10816
10855
4577066
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4577066
4571703
10481
10482
10483
10543
;.\ole32.dll;atmfd.dll;clfs.sys;combase.dll;dhcpcore.dll;dhcpcore6.dll;dhcpcsvc.dll;dhcpcsvc6.dll;dns.exe;dwrite.dll;fdSSDP.dll
0001-01-01T00:00:00
fdWSD.dll;fntcache.dll;FXSUI.dll;gdi32.dll;gdiplus.dll;localspl.dll;lsasrv.dll;mf3216.dll;msi.dll;msjet40.dll;msrpc.sys;mstext40.dll;ntfs.sys;ntkrnlmp.exe;ntkrpamp.exe;Pnrpsvc.dll;Printconfig.dll;rpcrt4.dll;rsopprov.exe;rtutils.dll;schannel.dll;securekernel.exe;see repro steps;shell32.dll;ssdpsrv.dll;upnphost.dll;win32k.sys;WindowsUpdate.adml;windowsupdate.admx;wmadmod.dll;wuaueng.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4577066
https://support.microsoft.com/help/4577066
10481
10482
10484
10483
10543
4577071
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4577071
10481
10482
10483
10543
;.\ole32.dll;atmfd.dll;clfs.sys;combase.dll;dhcpcore.dll;dhcpcore6.dll;dhcpcsvc.dll;dhcpcsvc6.dll;dns.exe;dwrite.dll;fdSSDP.dll
0001-01-01T00:00:00
fdWSD.dll;fntcache.dll;FXSUI.dll;gdi32.dll;gdiplus.dll;localspl.dll;lsasrv.dll;mf3216.dll;msi.dll;msjet40.dll;msrpc.sys;mstext40.dll;ntfs.sys;ntkrnlmp.exe;ntkrpamp.exe;Pnrpsvc.dll;Printconfig.dll;rpcrt4.dll;rsopprov.exe;rtutils.dll;schannel.dll;securekernel.exe;see repro steps;shell32.dll;ssdpsrv.dll;upnphost.dll;win32k.sys;WindowsUpdate.adml;windowsupdate.admx;wmadmod.dll;wuaueng.dll
0001-01-01T00:00:00
Yes
Security Only
4577071
https://support.microsoft.com/help/4577071
10481
10482
10483
10543
4577066
4571703
10484
;.\ole32.dll;atmfd.dll;clfs.sys;combase.dll;dhcpcore.dll;dhcpcore6.dll;dhcpcsvc.dll;dhcpcsvc6.dll;dns.exe;dwrite.dll;fdSSDP.dll
0001-01-01T00:00:00
fdWSD.dll;fntcache.dll;FXSUI.dll;gdi32.dll;gdiplus.dll;localspl.dll;lsasrv.dll;mf3216.dll;msi.dll;msjet40.dll;msrpc.sys;mstext40.dll;ntfs.sys;ntkrnlmp.exe;ntkrpamp.exe;Pnrpsvc.dll;Printconfig.dll;rpcrt4.dll;rsopprov.exe;rtutils.dll;schannel.dll;securekernel.exe;see repro steps;shell32.dll;ssdpsrv.dll;upnphost.dll;win32k.sys;WindowsUpdate.adml;windowsupdate.admx;wmadmod.dll;wuaueng.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4577038
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4577038
4571736
10378
10379
;.\ole32.dll;atmfd.dll;clfs.sys;combase.dll;dhcpcore.dll;dhcpcore6.dll;dhcpcsvc.dll;dhcpcsvc6.dll;dns.exe;dwrite.dll;fdSSDP.dll
0001-01-01T00:00:00
fdWSD.dll;fntcache.dll;FXSUI.dll;gdi32.dll;gdiplus.dll;localspl.dll;lsasrv.dll;mf3216.dll;msi.dll;msjet40.dll;msrpc.sys;mstext40.dll;ntfs.sys;ntkrnlmp.exe;ntkrpamp.exe;Pnrpsvc.dll;Printconfig.dll;rpcrt4.dll;rsopprov.exe;rtutils.dll;schannel.dll;see repro steps;shell32.dll;ssdpsrv.dll;upnphost.dll;win32k.sys;WindowsUpdate.adml;windowsupdate.admx;wmadmod.dll;wuaueng.dll
0001-01-01T00:00:00
Yes
Monthly Rollup
4577038
https://support.microsoft.com/help/4577038
10378
10379
4577048
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4577048
10378
10379
;.\ole32.dll;atmfd.dll;clfs.sys;combase.dll;dhcpcore.dll;dhcpcore6.dll;dhcpcsvc.dll;dhcpcsvc6.dll;dns.exe;dwrite.dll;fdSSDP.dll
0001-01-01T00:00:00
fdWSD.dll;fntcache.dll;FXSUI.dll;gdi32.dll;gdiplus.dll;localspl.dll;lsasrv.dll;mf3216.dll;msi.dll;msjet40.dll;msrpc.sys;mstext40.dll;ntfs.sys;ntkrnlmp.exe;ntkrpamp.exe;Pnrpsvc.dll;Printconfig.dll;rpcrt4.dll;rsopprov.exe;rtutils.dll;schannel.dll;see repro steps;shell32.dll;ssdpsrv.dll;upnphost.dll;win32k.sys;WindowsUpdate.adml;windowsupdate.admx;wmadmod.dll;wuaueng.dll
0001-01-01T00:00:00
Yes
Security Only
4577048
https://support.microsoft.com/help/4577048
10378
10379
1.0
2021-02-09T08:00:00
<p>Information published. This CVE was addressed by updates that were released in September 2020, but the CVE was inadvertently omitted from the September 2020 Security Updates. This is an informational change only. Customers who have already installed the September 2020 update do not need to take any further action.</p>
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>88.0.705.62</td>
<td>2/4/2021</td>
<td>88.0.4324.146</td>
</tr>
</tbody>
</table>
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>This vulnerability allows javascript to be executed in URL when copying then pasting it in the Edge browser.</p>
Microsoft Edge (Chromium-based)
Microsoft
CVE-2021-24113
11655
Security Feature Bypass
11655
Important
11655
Publicly Disclosed:No;Exploited:No;DOS:N/A
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
11655
Release Notes
11655
No
Security Update
<a href="https://www.linkedin.com/in/Deepanraj95/">DeepanRaj Modernmonk(Technoidz)</a>
1.0
2021-02-04T08:00:00
<p>Information published.</p>
1.1
2021-02-26T08:00:00
<p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p>