Tag Archives: Patch Tuesday

Patch Tuesday – April 2022

Post Syndicated from Greg Wiseman original https://blog.rapid7.com/2022/04/12/patch-tuesday-april-2022/

Patch Tuesday - April 2022

From Defender to Windows, Office to Azure, this month’s Patch Tuesday has a large swath of Microsoft’s portfolio getting vulnerabilities fixed. 119 CVEs were addressed today, not including the 26 Chromium vulnerabilities that were fixed in the Edge browser.

One of these has been observed being exploited in the wild: CVE-2022-24521, reported to Microsoft by the National Security Agency, affects the Common Log File System Driver in all supported versions of Windows and allows attackers to gain additional privileges on a system they already have local access to. Another local privilege escalation (LPE), CVE-2022-26904 affecting the Windows User Profile Service, had been publicly disclosed but not reported as already being exploited – it’s harder for attackers to leverage as it relies on winning a race condition, which can be tricky to reliably achieve.

LPEs don’t always get the same attention that remote code execution (RCE) vulnerabilities do, but they can be a great help to attackers after they gain an initial foothold. These two categories dominate this month’s vulnerabilities, with 55 LPEs and 47 RCEs getting patched. 10 of the RCEs are considered “Critical,” affecting Windows Hyper-V (CVE-2022-22008, CVE-2022-23257, CVE-2022-24537); Windows SMB Client (CVE-2022-24500, CVE-2022-24541); Windows Network File System (CVE-2022-24491 and CVE-2022-24497); LDAP (CVE-2022-26919); Microsoft Dynamics (CVE-2022-23259); and the Windows RPC Runtime (CVE-2022-26809).

On the Office side of the house, Skype for Business Server was patched for spoofing (CVE-2022-26910) and information disclosure (CVE-2022-26911) vulnerabilities. Two RCEs affecting Excel (CVE-2022-24473 and CVE-2022-26901) were fixed, as well as a spoofing vulnerability in SharePoint Server (CVE-2022-24472).

With so many vulnerabilities to manage, it can be difficult to prioritize. Thankfully, most of this month’s CVEs can be addressed by patching the core OS. Administrators should first focus on updating any public-facing servers before moving on to internal servers and then client systems. The SMB Client vulnerabilities can also be mitigated by blocking port 445/tcp at the network perimeter – victims need to be enticed to connect to a malicious SMB server, and this would help against Internet-based attackers. Of course, this won’t help much if the malicious system was set up within the perimeter.

For any readers who enjoy deeper dives into vulnerabilities and exploits, Rapid7’s Jake Baines has a technical writeup of CVE-2022-24527, an LPE he discovered in the Connected Cache component of Microsoft Endpoint Manager that got fixed today. Check it out!

Summary charts

Patch Tuesday - April 2022
Patch Tuesday - April 2022
Patch Tuesday - April 2022
Patch Tuesday - April 2022

Summary tables

Azure Vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-26898 Azure Site Recovery Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2022-26896 Azure Site Recovery Information Disclosure Vulnerability No No 4.9 Yes
CVE-2022-26897 Azure Site Recovery Information Disclosure Vulnerability No No 4.9 Yes
CVE-2022-26907 Azure SDK for .NET Information Disclosure Vulnerability No No 5.3 Yes

Browser Vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-24523 Microsoft Edge (Chromium-based) Spoofing Vulnerability No No 4.3 Yes
CVE-2022-24475 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability No No 8.3 Yes
CVE-2022-26891 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability No No 8.3 Yes
CVE-2022-26894 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability No No 8.3 Yes
CVE-2022-26895 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability No No 8.3 Yes
CVE-2022-26900 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability No No 8.3 Yes
CVE-2022-26908 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability No No 8.3 Yes
CVE-2022-26909 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability No No 8.3 Yes
CVE-2022-26912 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability No No 8.3 Yes
CVE-2022-1232 Chromium: CVE-2022-1232 Type Confusion in V8 No No N/A Yes
CVE-2022-1146 Chromium: CVE-2022-1146 Inappropriate implementation in Resource Timing No No N/A Yes
CVE-2022-1145 Chromium: CVE-2022-1145 Use after free in Extensions No No N/A Yes
CVE-2022-1143 Chromium: CVE-2022-1143 Heap buffer overflow in WebUI No No N/A Yes
CVE-2022-1139 Chromium: CVE-2022-1139 Inappropriate implementation in Background Fetch API No No N/A Yes
CVE-2022-1138 Chromium: CVE-2022-1138 Inappropriate implementation in Web Cursor No No N/A Yes
CVE-2022-1137 Chromium: CVE-2022-1137 Inappropriate implementation in Extensions No No N/A Yes
CVE-2022-1136 Chromium: CVE-2022-1136 Use after free in Tab Strip No No N/A Yes
CVE-2022-1135 Chromium: CVE-2022-1135 Use after free in Shopping Cart No No N/A Yes
CVE-2022-1134 Chromium: CVE-2022-1134 Type Confusion in V8 No No N/A Yes
CVE-2022-1133 Chromium: CVE-2022-1133 Use after free in WebRTC No No N/A Yes
CVE-2022-1131 Chromium: CVE-2022-1131 Use after free in Cast UI No No N/A Yes
CVE-2022-1130 Chromium: CVE-2022-1130 Insufficient validation of untrusted input in WebOTP No No N/A Yes
CVE-2022-1129 Chromium: CVE-2022-1129 Inappropriate implementation in Full Screen Mode No No N/A Yes
CVE-2022-1128 Chromium: CVE-2022-1128 Inappropriate implementation in Web Share API No No N/A Yes
CVE-2022-1127 Chromium: CVE-2022-1127 Use after free in QR Code Generator No No N/A Yes
CVE-2022-1125 Chromium: CVE-2022-1125 Use after free in Portals No No N/A Yes

Developer Tools Vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-26924 YARP Denial of Service Vulnerability No No 7.5 Yes
CVE-2022-24513 Visual Studio Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26921 Visual Studio Code Elevation of Privilege Vulnerability No No 7.3 No
CVE-2022-24765 GitHub: Uncontrolled search for the Git directory in Git for Windows No No N/A Yes
CVE-2022-24767 GitHub: Git for Windows’ uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account No No N/A Yes
CVE-2022-26832 .NET Framework Denial of Service Vulnerability No No 7.5 No

Microsoft Dynamics Vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-23259 Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability No No 8.8 Yes

Microsoft Office Vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-26910 Skype for Business and Lync Spoofing Vulnerability No No 5.3 Yes
CVE-2022-26911 Skype for Business Information Disclosure Vulnerability No No 6.5 Yes
CVE-2022-24472 Microsoft SharePoint Server Spoofing Vulnerability No No 8 Yes
CVE-2022-24473 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-26901 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes

SQL Server Vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-23292 Microsoft Power BI Spoofing Vulnerability No No 5.9 Yes

System Center Vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-24548 Microsoft Defender Denial of Service Vulnerability No No 5.5 Yes

Windows Vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-24543 Windows Upgrade Assistant Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-24550 Windows Telephony Server Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26786 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26789 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26791 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26793 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26795 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-24491 Windows Network File System Remote Code Execution Vulnerability No No 9.8 Yes
CVE-2022-24497 Windows Network File System Remote Code Execution Vulnerability No No 9.8 Yes
CVE-2022-24487 Windows Local Security Authority (LSA) Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-24483 Windows Kernel Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-24545 Windows Kerberos Remote Code Execution Vulnerability No No 8.1 Yes
CVE-2022-24486 Windows Kerberos Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-24490 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability No No 8.1 Yes
CVE-2022-24539 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability No No 8.1 Yes
CVE-2022-26783 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability No No 6.5 Yes
CVE-2022-26785 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability No No 6.5 Yes
CVE-2022-23257 Windows Hyper-V Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-22008 Windows Hyper-V Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-24537 Windows Hyper-V Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-22009 Windows Hyper-V Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-23268 Windows Hyper-V Denial of Service Vulnerability No No 6.5 Yes
CVE-2022-26920 Windows Graphics Component Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-26808 Windows File Explorer Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-24495 Windows Direct Show – Remote Code Execution Vulnerability No No 7 Yes
CVE-2022-24547 Windows Digital Media Receiver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-24488 Windows Desktop Bridge Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-24546 Windows DWM Core Library Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26811 Windows DNS Server Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2022-26823 Windows DNS Server Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2022-26824 Windows DNS Server Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2022-26825 Windows DNS Server Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2022-26826 Windows DNS Server Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2022-26814 Windows DNS Server Remote Code Execution Vulnerability No No 6.6 Yes
CVE-2022-26817 Windows DNS Server Remote Code Execution Vulnerability No No 6.6 Yes
CVE-2022-26818 Windows DNS Server Remote Code Execution Vulnerability No No 6.6 Yes
CVE-2022-26816 Windows DNS Server Information Disclosure Vulnerability No No 6.5 Yes
CVE-2022-24538 Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability No No 6.5 No
CVE-2022-26784 Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability No No 6.5 No
CVE-2022-24484 Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability No No 5.5 No
CVE-2022-26828 Windows Bluetooth Driver Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-24549 Windows AppX Package Manager Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-24482 Windows ALPC Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-26914 Win32k Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26788 PowerShell Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-24496 Local Security Authority (LSA) Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-24532 HEVC Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-26830 DiskUsage.exe Remote Code Execution Vulnerability No No 7.5 Yes
CVE-2022-24479 Connected User Experiences and Telemetry Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-24489 Cluster Client Failover (CCF) Elevation of Privilege Vulnerability No No 7.8 No

Windows ESU Vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-24498 Windows iSCSI Target Service Information Disclosure Vulnerability No No 6.5 Yes
CVE-2022-26807 Windows Work Folder Service Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-24474 Windows Win32k Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-24542 Windows Win32k Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26904 Windows User Profile Service Elevation of Privilege Vulnerability No Yes 7 Yes
CVE-2022-24541 Windows Server Service Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-26915 Windows Secure Channel Denial of Service Vulnerability No No 7.5 No
CVE-2022-24500 Windows SMB Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-26787 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26790 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26792 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26794 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26796 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26797 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26798 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26801 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26802 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26803 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26919 Windows LDAP Remote Code Execution Vulnerability No No 8.1 Yes
CVE-2022-26831 Windows LDAP Denial of Service Vulnerability No No 7.5 No
CVE-2022-24544 Windows Kerberos Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-24530 Windows Installer Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-24499 Windows Installer Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26903 Windows Graphics Component Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-26810 Windows File Server Resource Management Service Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26827 Windows File Server Resource Management Service Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-26916 Windows Fax Compose Form Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-26917 Windows Fax Compose Form Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-26918 Windows Fax Compose Form Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-24527 Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-26812 Windows DNS Server Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2022-26813 Windows DNS Server Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2022-24536 Windows DNS Server Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2022-26815 Windows DNS Server Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2022-26819 Windows DNS Server Remote Code Execution Vulnerability No No 6.6 Yes
CVE-2022-26820 Windows DNS Server Remote Code Execution Vulnerability No No 6.6 Yes
CVE-2022-26821 Windows DNS Server Remote Code Execution Vulnerability No No 6.6 Yes
CVE-2022-26822 Windows DNS Server Remote Code Execution Vulnerability No No 6.6 Yes
CVE-2022-26829 Windows DNS Server Remote Code Execution Vulnerability No No 6.6 Yes
CVE-2022-24521 Windows Common Log File System Driver Elevation of Privilege Vulnerability Yes No 7.8 No
CVE-2022-24481 Windows Common Log File System Driver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-24494 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-24540 Windows ALPC Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-21983 Win32 Stream Enumeration Remote Code Execution Vulnerability No No 7.5 Yes
CVE-2022-24534 Win32 Stream Enumeration Remote Code Execution Vulnerability No No 7.5 Yes
CVE-2022-24485 Win32 File Enumeration Remote Code Execution Vulnerability No No 7.5 Yes
CVE-2022-26809 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 9.8 Yes
CVE-2022-24528 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-24492 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-24533 Remote Desktop Protocol Remote Code Execution Vulnerability No No 8 Yes
CVE-2022-24493 Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability No No 5.5 Yes

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.

Patch Tuesday – March 2022

Post Syndicated from Greg Wiseman original https://blog.rapid7.com/2022/03/08/patch-tuesday-march-2022/

Patch Tuesday - March 2022

Microsoft’s March 2022 updates include fixes for 92 CVEs (including 21 from the Chromium project, which is used by their Edge web browser). None of them have been seen exploited in the wild, but three have been previously disclosed. CVE-2022-24512, affecting .NET and Visual Studio, and CVE-2022-21990, affecting Remote Desktop Client, both allow RCE (Remote Code Execution). CVE-2022-24459 is an LPE (local privilege escalation) vulnerability in the Windows Fax and Scan service. All three publicly disclosed vulnerabilities are rated Important – organizations should remediate at their regular patch cadence.

Three CVEs this month are rated Critical. CVE-2022-22006 and CVE-2022-24501 both affect video codecs. In most cases, these will update automatically via the Microsoft Store. However, any organizations with automatic updates disabled should be sure to push out updates. The vulnerability most likely to raise eyebrows this month is CVE-2022-23277, a Critical RCE affecting Exchange Server. Thankfully, this is a post-authentication vulnerability, meaning attackers need credentials to exploit it. Although passwords can be obtained via phishing and other means, this one shouldn’t be as rampantly exploited as the deluge of Exchange vulnerabilities we saw throughout 2021. Exchange administrators should still patch as soon as reasonably possible.

SharePoint administrators get a break this month, though on the client side, a handful of Office vulnerabilities were fixed. Three separate RCEs in Visio, Tampering and Security Feature Bypass vulnerabilities in Word, and Information Disclosure in the Skype Extension for Chrome all got patched.

CVE-2022-24508 is an RCE affecting Windows SMBv3, which has potential for widespread exploitation, assuming an attacker can put together a suitable exploit. Luckily, like this month’s Exchange vulnerabilities, this too requires authentication.

Organizations using Microsoft’s Azure Site Recovery service should be aware that 11 CVEs were fixed with today’s updates, split between RCEs and LPEs. They are all specific to the scenario where an on-premise VMware deployment is set up to use Azure for disaster recovery.

Summary charts

Patch Tuesday - March 2022
Patch Tuesday - March 2022
Patch Tuesday - March 2022
Patch Tuesday - March 2022

Summary tables

Apps vulnerabilities

CVE Title Exploited Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-23282 Paint 3D Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-24465 Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability No No 3.3 Yes

Azure vulnerabilities

CVE Title Exploited Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-24467 Azure Site Recovery Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2022-24468 Azure Site Recovery Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2022-24517 Azure Site Recovery Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2022-24470 Azure Site Recovery Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2022-24471 Azure Site Recovery Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2022-24520 Azure Site Recovery Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2022-24469 Azure Site Recovery Elevation of Privilege Vulnerability No No 8.1 Yes
CVE-2022-24506 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-24515 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-24518 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-24519 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes

Browser vulnerabilities

CVE Title Exploited Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-0809 Chromium: CVE-2022-0809 Out of bounds memory access in WebXR No No N/A Yes
CVE-2022-0808 Chromium: CVE-2022-0808 Use after free in Chrome OS Shell No No N/A Yes
CVE-2022-0807 Chromium: CVE-2022-0807 Inappropriate implementation in Autofill No No N/A Yes
CVE-2022-0806 Chromium: CVE-2022-0806 Data leak in Canvas No No N/A Yes
CVE-2022-0805 Chromium: CVE-2022-0805 Use after free in Browser Switcher No No N/A Yes
CVE-2022-0804 Chromium: CVE-2022-0804 Inappropriate implementation in Full screen mode No No N/A Yes
CVE-2022-0803 Chromium: CVE-2022-0803 Inappropriate implementation in Permissions No No N/A Yes
CVE-2022-0802 Chromium: CVE-2022-0802 Inappropriate implementation in Full screen mode No No N/A Yes
CVE-2022-0801 Chromium: CVE-2022-0801 Inappropriate implementation in HTML parser No No N/A Yes
CVE-2022-0800 Chromium: CVE-2022-0800 Heap buffer overflow in Cast UI No No N/A Yes
CVE-2022-0799 Chromium: CVE-2022-0799 Insufficient policy enforcement in Installer No No N/A Yes
CVE-2022-0798 Chromium: CVE-2022-0798 Use after free in MediaStream No No N/A Yes
CVE-2022-0797 Chromium: CVE-2022-0797 Out of bounds memory access in Mojo No No N/A Yes
CVE-2022-0796 Chromium: CVE-2022-0796 Use after free in Media No No N/A Yes
CVE-2022-0795 Chromium: CVE-2022-0795 Type Confusion in Blink Layout No No N/A Yes
CVE-2022-0794 Chromium: CVE-2022-0794 Use after free in WebShare No No N/A Yes
CVE-2022-0793 Chromium: CVE-2022-0793 Use after free in Views No No N/A Yes
CVE-2022-0792 Chromium: CVE-2022-0792 Out of bounds read in ANGLE No No N/A Yes
CVE-2022-0791 Chromium: CVE-2022-0791 Use after free in Omnibox No No N/A Yes
CVE-2022-0790 Chromium: CVE-2022-0790 Use after free in Cast UI No No N/A Yes
CVE-2022-0789 Chromium: CVE-2022-0789 Heap buffer overflow in ANGLE No No N/A Yes

Developer Tools vulnerabilities

CVE Title Exploited Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-24526 Visual Studio Code Spoofing Vulnerability No No 6.1 Yes
CVE-2020-8927 Brotli Library Buffer Overflow Vulnerability No No 6.5 Yes
CVE-2022-24512 .NET and Visual Studio Remote Code Execution Vulnerability No Yes 6.3 Yes
CVE-2022-24464 .NET and Visual Studio Denial of Service Vulnerability No No 7.5 No

Exchange Server vulnerabilities

CVE Title Exploited Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-24463 Microsoft Exchange Server Spoofing Vulnerability No No 6.5 Yes
CVE-2022-23277 Microsoft Exchange Server Remote Code Execution Vulnerability No No 8.8 Yes

Microsoft Office vulnerabilities

CVE Title Exploited Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-24522 Skype Extension for Chrome Information Disclosure Vulnerability No No 7.5 Yes
CVE-2022-24462 Microsoft Word Security Feature Bypass Vulnerability No No 5.5 Yes
CVE-2022-24511 Microsoft Office Word Tampering Vulnerability No No 5.5 Yes
CVE-2022-24509 Microsoft Office Visio Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-24461 Microsoft Office Visio Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-24510 Microsoft Office Visio Remote Code Execution Vulnerability No No 7.8 Yes

System Center vulnerabilities

CVE Title Exploited Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-23265 Microsoft Defender for IoT Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2022-23266 Microsoft Defender for IoT Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-23278 Microsoft Defender for Endpoint Spoofing Vulnerability No No 5.9 Yes

Windows vulnerabilities

CVE Title Exploited Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-21967 Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-24525 Windows Update Stack Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-24508 Windows SMBv3 Client/Server Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-23284 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.2 No
CVE-2022-21975 Windows Hyper-V Denial of Service Vulnerability No No 4.7 Yes
CVE-2022-23294 Windows Event Tracing Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-23291 Windows DWM Core Library Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-23288 Windows DWM Core Library Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-23286 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-24455 Windows CD-ROM Driver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-24507 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-23287 Windows ALPC Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-24505 Windows ALPC Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-24501 VP9 Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-24451 VP9 Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-24460 Tablet Windows User Interface Application Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-23295 Raw Image Extension Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-23300 Raw Image Extension Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-22010 Media Foundation Information Disclosure Vulnerability No No 4.4 Yes
CVE-2022-21977 Media Foundation Information Disclosure Vulnerability No No 3.3 Yes
CVE-2022-22006 HEVC Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-23301 HEVC Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-22007 HEVC Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-24452 HEVC Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-24453 HEVC Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-24456 HEVC Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-24457 HEIF Image Extensions Remote Code Execution Vulnerability No No 7.8 Yes

Windows ESU vulnerabilities

CVE Title Exploited Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-24454 Windows Security Support Provider Interface Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-23299 Windows PDEV Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-23298 Windows NT OS Kernel Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-23297 Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-21973 Windows Media Center Update Denial of Service Vulnerability No No 5.5 No
CVE-2022-23296 Windows Installer Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-23290 Windows Inking COM Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-24502 Windows HTML Platforms Security Feature Bypass Vulnerability No No 4.3 Yes
CVE-2022-24459 Windows Fax and Scan Service Elevation of Privilege Vulnerability No Yes 7.8 No
CVE-2022-23293 Windows Fast FAT File System Driver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-23281 Windows Common Log File System Driver Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-23283 Windows ALPC Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-24503 Remote Desktop Protocol Client Information Disclosure Vulnerability No No 5.4 Yes
CVE-2022-21990 Remote Desktop Client Remote Code Execution Vulnerability No Yes 8.8 Yes
CVE-2022-23285 Remote Desktop Client Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-23253 Point-to-Point Tunneling Protocol Denial of Service Vulnerability No No 6.5 No

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.

Patch Tuesday – February 2022

Post Syndicated from Greg Wiseman original https://blog.rapid7.com/2022/02/08/patch-tuesday-february-2022/

Patch Tuesday - February 2022

Today’s fixes from Microsoft are relatively light as far as Patch Tuesdays go. This is the first month in possibly forever where no vulnerabilities are considered Critical. A total of 70 CVEs were fixed today (including 22 that affect the Chromium browser engine, which is used by Edge).

Although 16 of this month’s vulnerabilities allow remote code execution (RCE), none carry a CVSS base score higher than 8.8. Only one vulnerability was publicly disclosed before today: CVE-2022-21989, an elevation of privilege vulnerability in the Windows Kernel. None of this month’s vulnerabilities have yet been seen exploited in the wild.

Despite the lack of Critical fixes, it’s worth remembering that attackers love to use elevation of privilege vulnerabilities, of which there are 18 this month. RCE vulnerabilities are also important to patch, even if they may not be considered “wormable.” In terms of prioritization, defenders should first focus on patching server systems. SharePoint has RCE (CVE-2022-22005), Security Feature Bypass (CVE-2022-21968), and Spoofing (CVE-2022-21987) vulnerabilities getting fixed today. CVE-2022-21984 is an RCE affecting DNS Server. Microsoft Dynamics administrators should also be aware that there are six CVEs being patched, including 2 RCEs, 3 allowing elevation of privilege, and a spoofing vulnerability.

On the client side, CVE-2022-22003 and CVE-2022-22004 are RCEs affecting Microsoft Office. Although this requires a local user to open a malicious file, these sorts of social engineering attacks are common and can be very effective. Updates should be rolled out to end users as soon as reasonably practicable.

Summary charts

Patch Tuesday - February 2022
Patch Tuesday - February 2022
Patch Tuesday - February 2022
Patch Tuesday - February 2022

Summary tables

Azure Vulnerabilities

CVE Title Exploited Publicly Disclosed CVSSv3 Base Score Has FAQ?
CVE-2022-23256 Azure Data Explorer Spoofing Vulnerability No No 8.1 Yes

Browser Vulnerabilities

CVE Title Exploited Publicly Disclosed CVSSv3 Base Score Has FAQ?
CVE-2022-23261 Microsoft Edge (Chromium-based) Tampering Vulnerability No No 5.3 Yes
CVE-2022-23263 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability No No 7.7 Yes
CVE-2022-23262 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability No No 6.3 Yes
CVE-2022-0470 Chromium: CVE-2022-0470 Out of bounds memory access in V8 No No N/A Yes
CVE-2022-0469 Chromium: CVE-2022-0469 Use after free in Cast No No N/A Yes
CVE-2022-0468 Chromium: CVE-2022-0468 Use after free in Payments No No N/A Yes
CVE-2022-0467 Chromium: CVE-2022-0467 Inappropriate implementation in Pointer Lock No No N/A Yes
CVE-2022-0466 Chromium: CVE-2022-0466 Inappropriate implementation in Extensions Platform No No N/A Yes
CVE-2022-0465 Chromium: CVE-2022-0465 Use after free in Extensions No No N/A Yes
CVE-2022-0464 Chromium: CVE-2022-0464 Use after free in Accessibility No No N/A Yes
CVE-2022-0463 Chromium: CVE-2022-0463 Use after free in Accessibility No No N/A Yes
CVE-2022-0462 Chromium: CVE-2022-0462 Inappropriate implementation in Scroll No No N/A Yes
CVE-2022-0461 Chromium: CVE-2022-0461 Policy bypass in COOP No No N/A Yes
CVE-2022-0460 Chromium: CVE-2022-0460 Use after free in Window Dialog No No N/A Yes
CVE-2022-0459 Chromium: CVE-2022-0459 Use after free in Screen Capture No No N/A Yes
CVE-2022-0458 Chromium: CVE-2022-0458 Use after free in Thumbnail Tab Strip No No N/A Yes
CVE-2022-0457 Chromium: CVE-2022-0457 Type Confusion in V8 No No N/A Yes
CVE-2022-0456 Chromium: CVE-2022-0456 Use after free in Web Search No No N/A Yes
CVE-2022-0455 Chromium: CVE-2022-0455 Inappropriate implementation in Full Screen Mode No No N/A Yes
CVE-2022-0454 Chromium: CVE-2022-0454 Heap buffer overflow in ANGLE No No N/A Yes
CVE-2022-0453 Chromium: CVE-2022-0453 Use after free in Reader Mode No No N/A Yes
CVE-2022-0452 Chromium: CVE-2022-0452 Use after free in Safe Browsing No No N/A Yes

Developer Tools Vulnerabilities

CVE Title Exploited Publicly Disclosed CVSSv3 Base Score Has FAQ?
CVE-2022-21991 Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability No No 8.1 Yes
CVE-2022-21986 .NET Denial of Service Vulnerability No No 7.5 Yes

ESU Windows Vulnerabilities

CVE Title Exploited Publicly Disclosed CVSSv3 Base Score Has FAQ?
CVE-2022-21985 Windows Remote Access Connection Manager Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-22718 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-21999 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-21997 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.1 Yes
CVE-2022-22717 Windows Print Spooler Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-21989 Windows Kernel Elevation of Privilege Vulnerability No Yes 7.8 Yes
CVE-2022-21998 Windows Common Log File System Driver Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-21981 Windows Common Log File System Driver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-22000 Windows Common Log File System Driver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-22710 Windows Common Log File System Driver Denial of Service Vulnerability No No 5.5 No

Microsoft Dynamics Vulnerabilities

CVE Title Exploited Publicly Disclosed CVSSv3 Base Score Has FAQ?
CVE-2022-23269 Microsoft Dynamics GP Spoofing Vulnerability No No 6.9 Yes
CVE-2022-23274 Microsoft Dynamics GP Remote Code Execution Vulnerability No No 8.3 Yes
CVE-2022-23272 Microsoft Dynamics GP Elevation Of Privilege Vulnerability No No 8.1 Yes
CVE-2022-23273 Microsoft Dynamics GP Elevation Of Privilege Vulnerability No No 7.1 No
CVE-2022-23271 Microsoft Dynamics GP Elevation Of Privilege Vulnerability No No 6.5 No
CVE-2022-21957 Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability No No 7.2 No

Microsoft Office Vulnerabilities

CVE Title Exploited Publicly Disclosed CVSSv3 Base Score Has FAQ?
CVE-2022-21965 Microsoft Teams Denial of Service Vulnerability No No 7.5 Yes
CVE-2022-21987 Microsoft SharePoint Server Spoofing Vulnerability No No 8 Yes
CVE-2022-21968 Microsoft SharePoint Server Security Feature BypassVulnerability No No 4.3 Yes
CVE-2022-22005 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-23280 Microsoft Outlook for Mac Security Feature Bypass Vulnerability No No 5.3 Yes
CVE-2022-23255 Microsoft OneDrive for Android Security Feature Bypass Vulnerability No No 5.9 Yes
CVE-2022-21988 Microsoft Office Visio Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-23252 Microsoft Office Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-22003 Microsoft Office Graphics Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-22004 Microsoft Office ClickToRun Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-22716 Microsoft Excel Information Disclosure Vulnerability No No 5.5 Yes

SQL Server Vulnerabilities

CVE Title Exploited Publicly Disclosed CVSSv3 Base Score Has FAQ?
CVE-2022-23276 SQL Server for Linux Containers Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-23254 Microsoft Power BI Elevation of Privilege Vulnerability No No 4.9 Yes

Windows Vulnerabilities

CVE Title Exploited Publicly Disclosed CVSSv3 Base Score Has FAQ?
CVE-2022-22002 Windows User Account Profile Picture Denial of Service Vulnerability No No 5.5 No
CVE-2022-21993 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability No No 7.5 Yes
CVE-2022-21971 Windows Runtime Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-22001 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-21992 Windows Mobile Device Management Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-21995 Windows Hyper-V Remote Code Execution Vulnerability No No 7.9 Yes
CVE-2022-22712 Windows Hyper-V Denial of Service Vulnerability No No 5.6 Yes
CVE-2022-21994 Windows DWM Core Library Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-21984 Windows DNS Server Remote Code Execution Vulnerability No No 8.8 No
CVE-2022-21996 Win32k Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-22709 VP9 Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-21974 Roaming Security Rights Management Services Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-22715 Named Pipe File System Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-21844 HEVC Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-21926 HEVC Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-21927 HEVC Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.

Patch Tuesday – January 2022

Post Syndicated from Greg Wiseman original https://blog.rapid7.com/2022/01/11/patch-tuesday-january-2022/

Patch Tuesday - January 2022

The first Patch Tuesday of 2022 sees Microsoft publishing fixes for over 120 CVEs across the bulk of their product line, including 29 previously patched CVEs affecting their Edge browser via Chromium. None of these have yet been seen exploited in the wild, though six were publicly disclosed prior to today. This includes two Remote Code Execution (RCE) vulnerabilities in open source libraries that are bundled with more recent versions of Windows: CVE-2021-22947, which affects the curl library, and CVE-2021-36976 which affects libarchive.

The majority of this month’s patched vulnerabilities, such as CVE-2022-21857 (affecting Active Directory Domain Services), allow attackers to elevate their privileges on systems or networks they already have a foothold in.

Critical RCEs

Besides CVE-2021-22947 (libcurl), several other Critical RCE vulnerabilities were also fixed. Most of these have caveats that reduce their scariness to some degree. The worst of these is CVE-2021-21907, affecting the Windows HTTP protocol stack. Although it carries a CVSSv3 base score of 9.8 and is considered potentially “wormable” by Microsoft, similar vulnerabilities have not proven to be rampantly exploited (see the AttackerKB analysis for CVE-2021-31166).

Not quite as bad is CVE-2022-21840, which affects all supported versions of Office, as well as Sharepoint Server. Exploitation would require social engineering to entice a victim to open an attachment or visit a malicious website – thankfully the Windows preview pane is not a vector for this attack.

CVE-2022-21846 affects Exchange Server, but cannot be exploited directly over the public internet (attackers need to be “adjacent” to the target system in terms of network topology). This restriction also applies to CVE-2022-21855 and CVE-2022-21969, two less severe RCEs in Exchange this month.

CVE-2022-21912 and CVE-2022-21898 both affect DirectX Graphics and require local access. CVE-2022-21917 is a vulnerability in the Windows Codecs library. In most cases, systems should automatically get patched; however, some organizations may have the vulnerable codec preinstalled on their gold images and disable Windows Store updates.

Defenders should prioritize patching servers (Exchange, Sharepoint, Hyper-V, and IIS) followed by web browsers and other client software.

Summary charts

Patch Tuesday - January 2022
Patch Tuesday - January 2022
Patch Tuesday - January 2022
Patch Tuesday - January 2022

Summary tables

Browser vulnerabilities

CVE Title Exploited Publicly disclosed CVSSv3 base Additional FAQ
CVE-2022-21930 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability No No 4.2 Yes
CVE-2022-21931 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability No No 4.2 Yes
CVE-2022-21929 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability No No 2.5 Yes
CVE-2022-21954 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability No No 6.1 Yes
CVE-2022-21970 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability No No 6.1 Yes
CVE-2022-0120 Chromium: CVE-2022-0120 Inappropriate implementation in Passwords No No nan Yes
CVE-2022-0118 Chromium: CVE-2022-0118 Inappropriate implementation in WebShare No No nan Yes
CVE-2022-0117 Chromium: CVE-2022-0117 Policy bypass in Service Workers No No nan Yes
CVE-2022-0116 Chromium: CVE-2022-0116 Inappropriate implementation in Compositing No No nan Yes
CVE-2022-0115 Chromium: CVE-2022-0115 Uninitialized Use in File API No No nan Yes
CVE-2022-0114 Chromium: CVE-2022-0114 Out of bounds memory access in Web Serial No No nan Yes
CVE-2022-0113 Chromium: CVE-2022-0113 Inappropriate implementation in Blink No No nan Yes
CVE-2022-0112 Chromium: CVE-2022-0112 Incorrect security UI in Browser UI No No nan Yes
CVE-2022-0111 Chromium: CVE-2022-0111 Inappropriate implementation in Navigation No No nan Yes
CVE-2022-0110 Chromium: CVE-2022-0110 Incorrect security UI in Autofill No No nan Yes
CVE-2022-0109 Chromium: CVE-2022-0109 Inappropriate implementation in Autofill No No nan Yes
CVE-2022-0108 Chromium: CVE-2022-0108 Inappropriate implementation in Navigation No No nan Yes
CVE-2022-0107 Chromium: CVE-2022-0107 Use after free in File Manager API No No nan Yes
CVE-2022-0106 Chromium: CVE-2022-0106 Use after free in Autofill No No nan Yes
CVE-2022-0105 Chromium: CVE-2022-0105 Use after free in PDF No No nan Yes
CVE-2022-0104 Chromium: CVE-2022-0104 Heap buffer overflow in ANGLE No No nan Yes
CVE-2022-0103 Chromium: CVE-2022-0103 Use after free in SwiftShader No No nan Yes
CVE-2022-0102 Chromium: CVE-2022-0102 Type Confusion in V8 No No nan Yes
CVE-2022-0101 Chromium: CVE-2022-0101 Heap buffer overflow in Bookmarks No No nan Yes
CVE-2022-0100 Chromium: CVE-2022-0100 Heap buffer overflow in Media streams API No No nan Yes
CVE-2022-0099 Chromium: CVE-2022-0099 Use after free in Sign-in No No nan Yes
CVE-2022-0098 Chromium: CVE-2022-0098 Use after free in Screen Capture No No nan Yes
CVE-2022-0097 Chromium: CVE-2022-0097 Inappropriate implementation in DevTools No No nan Yes
CVE-2022-0096 Chromium: CVE-2022-0096 Use after free in Storage No No nan Yes

Developer Tools vulnerabilities

CVE Title Exploited Publicly disclosed CVSSv3 base Additional FAQ
CVE-2022-21911 .NET Framework Denial of Service Vulnerability No No 7.5 No

ESU Windows vulnerabilities

CVE Title Exploited Publicly disclosed CVSSv3 base Additional FAQ
CVE-2022-21924 Workstation Service Remote Protocol Security Feature Bypass Vulnerability No No 5.3 No
CVE-2022-21834 Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability No No 7 No
CVE-2022-21919 Windows User Profile Service Elevation of Privilege Vulnerability No Yes 7 No
CVE-2022-21885 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-21914 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-21920 Windows Kerberos Elevation of Privilege Vulnerability No No 8.8 Yes
CVE-2022-21908 Windows Installer Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-21843 Windows IKE Extension Denial of Service Vulnerability No No 7.5 Yes
CVE-2022-21883 Windows IKE Extension Denial of Service Vulnerability No No 7.5 Yes
CVE-2022-21848 Windows IKE Extension Denial of Service Vulnerability No No 7.5 Yes
CVE-2022-21889 Windows IKE Extension Denial of Service Vulnerability No No 7.5 Yes
CVE-2022-21890 Windows IKE Extension Denial of Service Vulnerability No No 7.5 Yes
CVE-2022-21900 Windows Hyper-V Security Feature Bypass Vulnerability No No 4.6 Yes
CVE-2022-21905 Windows Hyper-V Security Feature Bypass Vulnerability No No 4.6 Yes
CVE-2022-21880 Windows GDI+ Information Disclosure Vulnerability No No 7.5 Yes
CVE-2022-21915 Windows GDI+ Information Disclosure Vulnerability No No 6.5 Yes
CVE-2022-21904 Windows GDI Information Disclosure Vulnerability No No 7.5 Yes
CVE-2022-21903 Windows GDI Elevation of Privilege Vulnerability No No 7 No
CVE-2022-21899 Windows Extensible Firmware Interface Security Feature Bypass Vulnerability No No 5.5 No
CVE-2022-21916 Windows Common Log File System Driver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-21897 Windows Common Log File System Driver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-21838 Windows Cleanup Manager Elevation of Privilege Vulnerability No No 5.5 Yes
CVE-2022-21836 Windows Certificate Spoofing Vulnerability No Yes 7.8 Yes
CVE-2022-21925 Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability No No 5.3 No
CVE-2022-21862 Windows Application Model Core API Elevation of Privilege Vulnerability No No 7 No
CVE-2022-21859 Windows Accounts Control Elevation of Privilege Vulnerability No No 7 No
CVE-2022-21833 Virtual Machine IDE Drive Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-21922 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-21893 Remote Desktop Protocol Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-21850 Remote Desktop Client Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-21851 Remote Desktop Client Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-21835 Microsoft Cryptographic Services Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-21884 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-21913 Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass No No 5.3 No
CVE-2022-21857 Active Directory Domain Services Elevation of Privilege Vulnerability No No 8.8 Yes

Exchange Server vulnerabilities

CVE Title Exploited Publicly disclosed CVSSv3 base Additional FAQ
CVE-2022-21846 Microsoft Exchange Server Remote Code Execution Vulnerability No No 9 Yes
CVE-2022-21855 Microsoft Exchange Server Remote Code Execution Vulnerability No No 9 Yes
CVE-2022-21969 Microsoft Exchange Server Remote Code Execution Vulnerability No No 9 Yes

Microsoft Dynamics vulnerabilities

CVE Title Exploited Publicly disclosed CVSSv3 base Additional FAQ
CVE-2022-21932 Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability No No 7.6 No
CVE-2022-21891 Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability No No 7.6 No

Microsoft Office vulnerabilities

CVE Title Exploited Publicly disclosed CVSSv3 base Additional FAQ
CVE-2022-21842 Microsoft Word Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-21837 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 8.3 Yes
CVE-2022-21840 Microsoft Office Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-21841 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes

Windows vulnerabilities

CVE Title Exploited Publicly disclosed CVSSv3 base Additional FAQ
CVE-2022-21895 Windows User Profile Service Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-21864 Windows UI Immersive Server API Elevation of Privilege Vulnerability No No 7 No
CVE-2022-21866 Windows System Launcher Elevation of Privilege Vulnerability No No 7 No
CVE-2022-21875 Windows Storage Elevation of Privilege Vulnerability No No 7 No
CVE-2022-21863 Windows StateRepository API Server file Elevation of Privilege Vulnerability No No 7 No
CVE-2022-21874 Windows Security Center API Remote Code Execution Vulnerability No Yes 7.8 No
CVE-2022-21892 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability No No 6.8 Yes
CVE-2022-21958 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability No No 6.8 Yes
CVE-2022-21959 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability No No 6.8 Yes
CVE-2022-21960 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability No No 6.8 Yes
CVE-2022-21961 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability No No 6.8 Yes
CVE-2022-21962 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability No No 6.8 Yes
CVE-2022-21963 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability No No 6.4 Yes
CVE-2022-21928 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability No No 6.3 Yes
CVE-2022-21867 Windows Push Notifications Apps Elevation Of Privilege Vulnerability No No 7 No
CVE-2022-21888 Windows Modern Execution Server Remote Code Execution Vulnerability No No 7.8 No
CVE-2022-21881 Windows Kernel Elevation of Privilege Vulnerability No No 7 No
CVE-2022-21879 Windows Kernel Elevation of Privilege Vulnerability No No 5.5 No
CVE-2022-21849 Windows IKE Extension Remote Code Execution Vulnerability No No 9.8 Yes
CVE-2022-21901 Windows Hyper-V Elevation of Privilege Vulnerability No No 9 Yes
CVE-2022-21847 Windows Hyper-V Denial of Service Vulnerability No No 6.5 No
CVE-2022-21878 Windows Geolocation Service Remote Code Execution Vulnerability No No 7.8 No
CVE-2022-21872 Windows Event Tracing Elevation of Privilege Vulnerability No No 7 No
CVE-2022-21839 Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability No Yes 6.1 No
CVE-2022-21868 Windows Devices Human Interface Elevation of Privilege Vulnerability No No 7 No
CVE-2022-21921 Windows Defender Credential Guard Security Feature Bypass Vulnerability No No 4.4 No
CVE-2022-21906 Windows Defender Application Control Security Feature Bypass Vulnerability No No 5.5 No
CVE-2022-21852 Windows DWM Core Library Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-21902 Windows DWM Core Library Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-21896 Windows DWM Core Library Elevation of Privilege Vulnerability No No 7 No
CVE-2022-21858 Windows Bind Filter Driver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-21860 Windows AppContracts API Server Elevation of Privilege Vulnerability No No 7 No
CVE-2022-21876 Win32k Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-21882 Win32k Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-21887 Win32k Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-21873 Tile Data Repository Elevation of Privilege Vulnerability No No 7 No
CVE-2022-21861 Task Flow Data Engine Elevation of Privilege Vulnerability No No 7 No
CVE-2022-21870 Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability No No 7 No
CVE-2022-21877 Storage Spaces Controller Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-21894 Secure Boot Security Feature Bypass Vulnerability No No 4.4 No
CVE-2022-21964 Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-22947 Open Source Curl Remote Code Execution Vulnerability No Yes nan Yes
CVE-2022-21871 Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability No No 7 No
CVE-2022-21910 Microsoft Cluster Port Driver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-36976 Libarchive Remote Code Execution Vulnerability No Yes nan Yes
CVE-2022-21907 HTTP Protocol Stack Remote Code Execution Vulnerability No No 9.8 Yes
CVE-2022-21917 HEVC Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-21912 DirectX Graphics Kernel Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-21898 DirectX Graphics Kernel Remote Code Execution Vulnerability No No 7.8 No
CVE-2022-21918 DirectX Graphics Kernel File Denial of Service Vulnerability No No 6.5 No
CVE-2022-21865 Connected Devices Platform Service Elevation of Privilege Vulnerability No No 7 No
CVE-2022-21869 Clipboard User Service Elevation of Privilege Vulnerability No No 7 No

Patch Tuesday – December 2021

Post Syndicated from Greg Wiseman original https://blog.rapid7.com/2021/12/14/patch-tuesday-december-2021/

Patch Tuesday - December 2021

This month’s Patch Tuesday comes in the middle of a global effort to mitigate Apache Log4j CVE-2021-44228. In today’s security release, Microsoft issued fixes for 83 vulnerabilities across an array of products — including a fix for Windows Defender for IoT, which is vulnerable to CVE-2021-44228 amongst seven other remote code execution (RCE) vulnerabilities (the cloud service is not affected). Six CVEs in the bulletin have been publicly disclosed; the only vulnerability noted as being exploited in the wild in this month’s release is CVE-2021-43890, a Windows AppX Installer spoofing bug that may aid in social engineering attacks and has evidently been used in Emotet malware campaigns.

Interestingly, this round of fixes also includes CVE-2021-43883, a Windows Installer privilege escalation bug whose advisory is sparse despite the fact that it appears to affect all supported versions of Windows. While there’s no indication in the advisory that the two vulnerabilities are related, CVE-2021-43883 looks an awful lot like the fix for a zero-day vulnerability that made a splash in the security community last month after proof-of-concept exploit code was released and in-the-wild attacks began. The zero-day vulnerability, which researchers hypothesized was a patch bypass for CVE-2021-41379, allowed low-privileged attackers to overwrite protected files and escalate to SYSTEM. Rapid7’s vulnerability research team did a full root cause analysis of the bug as attacks ramped up in November.

As usual, RCE flaws figure prominently in the “Critical”-rated CVEs this month. In addition to Windows Defender for IoT, critical RCE bugs were fixed this month in Microsoft Office, Microsoft Devices, Internet Storage Name Service (iSNS), and the WSL extension for Visual Studio Code. Given the outsized risk presented by most vulnerable implementations of Log4Shell, administrators should prioritize patches for any products affected by CVE-2021-44228. Past that, put critical server-side and OS RCE patches at the top of your list, and we’d advise sneaking in the fix for CVE-2021-43883 despite its lower severity rating.

Summary charts

Patch Tuesday - December 2021
Patch Tuesday - December 2021
Patch Tuesday - December 2021
Patch Tuesday - December 2021

Summary tables

Apps Vulnerabilities

CVE Vulnerability Title Exploited Publicly Disclosed? CVSSv3 Has FAQ?
CVE-2021-43890 Windows AppX Installer Spoofing Vulnerability Yes Yes 7.1 Yes
CVE-2021-43905 Microsoft Office app Remote Code Execution Vulnerability No No 9.6 Yes

Browser Vulnerabilities

CVE Vulnerability Title Exploited Publicly Disclosed? CVSSv3 Has FAQ?
CVE-2021-4068 Chromium: CVE-2021-4068 Insufficient validation of untrusted input in new tab page No No N/A Yes
CVE-2021-4067 Chromium: CVE-2021-4067 Use after free in window manager No No N/A Yes
CVE-2021-4066 Chromium: CVE-2021-4066 Integer underflow in ANGLE No No N/A Yes
CVE-2021-4065 Chromium: CVE-2021-4065 Use after free in autofill No No N/A Yes
CVE-2021-4064 Chromium: CVE-2021-4064 Use after free in screen capture No No N/A Yes
CVE-2021-4063 Chromium: CVE-2021-4063 Use after free in developer tools No No N/A Yes
CVE-2021-4062 Chromium: CVE-2021-4062 Heap buffer overflow in BFCache No No N/A Yes
CVE-2021-4061 Chromium: CVE-2021-4061 Type Confusion in V8 No No N/A Yes
CVE-2021-4059 Chromium: CVE-2021-4059 Insufficient data validation in loader No No N/A Yes
CVE-2021-4058 Chromium: CVE-2021-4058 Heap buffer overflow in ANGLE No No N/A Yes
CVE-2021-4057 Chromium: CVE-2021-4057 Use after free in file API No No N/A Yes
CVE-2021-4056 Chromium: CVE-2021-4056: Type Confusion in loader No No N/A Yes
CVE-2021-4055 Chromium: CVE-2021-4055 Heap buffer overflow in extensions No No N/A Yes
CVE-2021-4054 Chromium: CVE-2021-4054 Incorrect security UI in autofill No No N/A Yes
CVE-2021-4053 Chromium: CVE-2021-4053 Use after free in UI No No N/A Yes
CVE-2021-4052 Chromium: CVE-2021-4052 Use after free in web apps No No N/A Yes

Developer Tools Vulnerabilities

CVE Vulnerability Title Exploited Publicly Disclosed? CVSSv3 Has FAQ?
CVE-2021-43907 Visual Studio Code WSL Extension Remote Code Execution Vulnerability No No 9.8 No
CVE-2021-43908 Visual Studio Code Spoofing Vulnerability No No nan No
CVE-2021-43891 Visual Studio Code Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-43896 Microsoft PowerShell Spoofing Vulnerability No No 5.5 No
CVE-2021-43892 Microsoft BizTalk ESB Toolkit Spoofing Vulnerability No No 7.4 No
CVE-2021-43225 Bot Framework SDK Remote Code Execution Vulnerability No No 7.5 No
CVE-2021-43877 ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability No No 7.8 No

Device Vulnerabilities

CVE Vulnerability Title Exploited Publicly Disclosed? CVSSv3 Has FAQ?
CVE-2021-43899 Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability No No 9.8 Yes

Microsoft Office Vulnerabilities

CVE Vulnerability Title Exploited Publicly Disclosed? CVSSv3 Has FAQ?
CVE-2021-42295 Visual Basic for Applications Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-42320 Microsoft SharePoint Server Spoofing Vulnerability No No 8 Yes
CVE-2021-43242 Microsoft SharePoint Server Spoofing Vulnerability No No 7.6 No
CVE-2021-42309 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2021-42294 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2021-43255 Microsoft Office Trust Center Spoofing Vulnerability No No 5.5 Yes
CVE-2021-43875 Microsoft Office Graphics Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-42293 Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2021-43256 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes

System Center Vulnerabilities

CVE Vulnerability Title Exploited Publicly Disclosed? CVSSv3 Has FAQ?
CVE-2021-43882 Microsoft Defender for IoT Remote Code Execution Vulnerability No No 9 Yes
CVE-2021-42311 Microsoft Defender for IoT Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2021-42313 Microsoft Defender for IoT Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2021-42314 Microsoft Defender for IoT Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2021-42315 Microsoft Defender for IoT Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2021-41365 Microsoft Defender for IoT Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2021-42310 Microsoft Defender for IoT Remote Code Execution Vulnerability No No 8.1 Yes
CVE-2021-43889 Microsoft Defender for IoT Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2021-43888 Microsoft Defender for IoT Information Disclosure Vulnerability No No 7.5 Yes
CVE-2021-42312 Microsoft Defender for IOT Elevation of Privilege Vulnerability No No 7.8 Yes

Windows Vulnerabilities

CVE Vulnerability Title Exploited Publicly Disclosed? CVSSv3 Has FAQ?
CVE-2021-43247 Windows TCP/IP Driver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-43237 Windows Setup Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-43239 Windows Recovery Environment Agent Elevation of Privilege Vulnerability No No 7.1 No
CVE-2021-43231 Windows NTFS Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-43880 Windows Mobile Device Management Elevation of Privilege Vulnerability No Yes 5.5 Yes
CVE-2021-43244 Windows Kernel Information Disclosure Vulnerability No No 6.5 Yes
CVE-2021-43246 Windows Hyper-V Denial of Service Vulnerability No No 5.6 No
CVE-2021-43232 Windows Event Tracing Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-43248 Windows Digital Media Receiver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-43214 Web Media Extensions Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-43243 VP9 Video Extensions Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-43228 SymCrypt Denial of Service Vulnerability No No 7.5 No
CVE-2021-43227 Storage Spaces Controller Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-43235 Storage Spaces Controller Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-43240 NTFS Set Short Name Elevation of Privilege Vulnerability No Yes 7.8 No
CVE-2021-40452 HEVC Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-40453 HEVC Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-41360 HEVC Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-43219 DirectX Graphics Kernel File Denial of Service Vulnerability No No 7.4 No

Windows ESU Vulnerabilities

CVE Vulnerability Title Exploited Publicly Disclosed? CVSSv3 Has FAQ?
CVE-2021-43215 iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution No No 9.8 Yes
CVE-2021-43238 Windows Remote Access Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-43223 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-41333 Windows Print Spooler Elevation of Privilege Vulnerability No Yes 7.8 No
CVE-2021-43229 Windows NTFS Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-43230 Windows NTFS Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-40441 Windows Media Center Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-43883 Windows Installer Elevation of Privilege Vulnerability No Yes 7.8 No
CVE-2021-43234 Windows Fax Service Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-43217 Windows Encrypting File System (EFS) Remote Code Execution Vulnerability No No 8.1 Yes
CVE-2021-43893 Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability No Yes 7.5 No
CVE-2021-43245 Windows Digital TV Tuner Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-43224 Windows Common Log File System Driver Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-43226 Windows Common Log File System Driver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-43207 Windows Common Log File System Driver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-43233 Remote Desktop Client Remote Code Execution Vulnerability No No 7.5 No
CVE-2021-43222 Microsoft Message Queuing Information Disclosure Vulnerability No No 7.5 Yes
CVE-2021-43236 Microsoft Message Queuing Information Disclosure Vulnerability No No 7.5 Yes
CVE-2021-43216 Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability No No 6.5 Yes

Patch Tuesday – October 2021

Post Syndicated from Greg Wiseman original https://blog.rapid7.com/2021/10/12/patch-tuesday-october-2021/

Patch Tuesday - October 2021

Today’s Patch Tuesday sees Microsoft issuing fixes for over 70 CVEs, affecting the usual mix of their product lines. From Windows, Edge, and Office, to Exchange, SharePoint, and Dynamics, there is plenty of patching to do for workstation and server administrators alike.

One vulnerability has already been seen exploited in the wild: CVE-2021-40449 is an elevation of privilege vulnerability in all supported versions of Windows, including the newly released Windows 11. Rated as Important, this is likely being used alongside Remote Code Execution (RCE) and/or social engineering attacks to gain more complete control of targeted systems.

Three CVEs were publicly disclosed before today, though haven’t yet been observed in active exploitation. CVE-2021-40469 is an RCE vulnerability affecting Microsoft DNS servers, CVE-2021-41335 is another privilege escalation vulnerability in the Windows Kernel, and CVE-2021-41338 is a flaw in Windows AppContainer allowing attackers to bypass firewall rules.

Attackers will likely be paying attention to the latest Windows Print Spooler vulnerability – CVE-2021-36970 is a Spoofing vulnerability with a CVSSv3 score of 8.8 that we don’t yet have much more information about. Also worth noting is CVE-2021-40486, an RCE affecting Microsoft Word, OWA, as well as SharePoint Server, which can be exploited via the Preview Pane. CVE-2021-40487 is another RCE affecting SharePoint Server that Microsoft expects to be exploited before too long.

Another notable vulnerability is CVE-2021-26427, the latest in Exchange Server RCEs. The severity is mitigated by the fact that attacks are limited to a “logically adjacent topology,” meaning that it cannot be exploited directly over the public Internet. Three other vulnerabilities related to Exchange Server were also patched: CVE-2021-41350, a Spoofing vulnerability; CVE-2021-41348, allowing elevation of privilege; and CVE-2021-34453, which is a Denial of Service vulnerability.

Finally, virtualization administrators should be aware of two RCEs affecting Windows Hyper-V: CVE-2021-40461 and CVE-2021-38672. Both affect relatively new versions of Windows and are considered Critical, allowing a VM to escape from guest to host by triggering a memory allocation error, allowing it to read kernel memory in the host.

Summary Charts

Patch Tuesday - October 2021
Patch Tuesday - October 2021
Patch Tuesday - October 2021
Patch Tuesday - October 2021

Summary Tables

Apps Vulnerabilities

CVE Title Exploited Publicly Disclosed? CVSSv3 Base Score has FAQ?
CVE-2021-41363 Intune Management Extension Security Feature Bypass Vulnerability No No 4.2 Yes

Browser Vulnerabilities

CVE Title Exploited Publicly Disclosed? CVSSv3 Base Score has FAQ?
CVE-2021-37980 Chromium: CVE-2021-37980 Inappropriate implementation in Sandbox No No N/A Yes
CVE-2021-37979 Chromium: CVE-2021-37979 Heap buffer overflow in WebRTC No No N/A Yes
CVE-2021-37978 Chromium: CVE-2021-37978 Heap buffer overflow in Blink No No N/A Yes
CVE-2021-37977 Chromium: CVE-2021-37977 Use after free in Garbage Collection No No N/A Yes
CVE-2021-37976 Chromium: CVE-2021-37976 Information leak in core No No N/A Yes
CVE-2021-37975 Chromium: CVE-2021-37975 Use after free in V8 No No N/A Yes
CVE-2021-37974 Chromium: CVE-2021-37974 Use after free in Safe Browsing No No N/A Yes

Developer Tools Vulnerabilities

CVE Title Exploited Publicly Disclosed? CVSSv3 Base Score has FAQ?
CVE-2021-3450 OpenSSL: CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT No No N/A Yes
CVE-2021-3449 OpenSSL: CVE-2021-3449 NULL pointer deref in signature_algorithms processing No No N/A Yes
CVE-2020-1971 OpenSSL: CVE-2020-1971 EDIPARTYNAME NULL pointer de-reference No No N/A Yes
CVE-2021-41355 .NET Core and Visual Studio Information Disclosure Vulnerability No No 5.7 Yes

ESU Windows Vulnerabilities

CVE Title Exploited Publicly Disclosed? CVSSv3 Base Score has FAQ?
CVE-2021-38663 Windows exFAT File System Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-40465 Windows Text Shaping Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-36953 Windows TCP/IP Denial of Service Vulnerability No No 7.5 No
CVE-2021-40460 Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability No No 6.5 Yes
CVE-2021-36970 Windows Print Spooler Spoofing Vulnerability No No 8.8 No
CVE-2021-41332 Windows Print Spooler Information Disclosure Vulnerability No No 6.5 Yes
CVE-2021-41331 Windows Media Audio Decoder Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-41342 Windows MSHTML Platform Remote Code Execution Vulnerability No No 6.8 Yes
CVE-2021-41335 Windows Kernel Elevation of Privilege Vulnerability No Yes 7.8 No
CVE-2021-40455 Windows Installer Spoofing Vulnerability No No 5.5 No
CVE-2021-26442 Windows HTTP.sys Elevation of Privilege Vulnerability No No 7 No
CVE-2021-41340 Windows Graphics Component Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-38662 Windows Fast FAT File System Driver Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-41343 Windows Fast FAT File System Driver Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-40469 Windows DNS Server Remote Code Execution Vulnerability No Yes 7.2 Yes
CVE-2021-40443 Windows Common Log File System Driver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-40466 Windows Common Log File System Driver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-40467 Windows Common Log File System Driver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-40449 Win32k Elevation of Privilege Vulnerability Yes No 7.8 No
CVE-2021-40489 Storage Spaces Controller Elevation of Privilege Vulnerability No No 7.8 Yes

Exchange Server Vulnerabilities

CVE Title Exploited Publicly Disclosed? CVSSv3 Base Score has FAQ?
CVE-2021-41350 Microsoft Exchange Server Spoofing Vulnerability No No 6.5 No
CVE-2021-26427 Microsoft Exchange Server Remote Code Execution Vulnerability No No 9 Yes
CVE-2021-41348 Microsoft Exchange Server Elevation of Privilege Vulnerability No No 8 No
CVE-2021-34453 Microsoft Exchange Server Denial of Service Vulnerability No No 7.5 No

Microsoft Dynamics Vulnerabilities

CVE Title Exploited Publicly Disclosed? CVSSv3 Base Score has FAQ?
CVE-2021-40457 Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability No No 7.4 Yes
CVE-2021-41353 Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability No No 5.4 No
CVE-2021-41354 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability No No 4.1 No

Microsoft Office Vulnerabilities

CVE Title Exploited Publicly Disclosed? CVSSv3 Base Score has FAQ?
CVE-2021-40486 Microsoft Word Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-40484 Microsoft SharePoint Server Spoofing Vulnerability No No 7.6 No
CVE-2021-40483 Microsoft SharePoint Server Spoofing Vulnerability No No 7.6 No
CVE-2021-41344 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 8.1 No
CVE-2021-40487 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 8.1 Yes
CVE-2021-40482 Microsoft SharePoint Server Information Disclosure Vulnerability No No 5.3 Yes
CVE-2021-40480 Microsoft Office Visio Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-40481 Microsoft Office Visio Remote Code Execution Vulnerability No No 7.1 Yes
CVE-2021-40471 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-40473 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-40474 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-40479 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-40485 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-40472 Microsoft Excel Information Disclosure Vulnerability No No 5.5 Yes

Microsoft Office Windows Vulnerabilities

CVE Title Exploited Publicly Disclosed? CVSSv3 Base Score has FAQ?
CVE-2021-40454 Rich Text Edit Control Information Disclosure Vulnerability No No 5.5 Yes

System Center Vulnerabilities

CVE Title Exploited Publicly Disclosed? CVSSv3 Base Score has FAQ?
CVE-2021-41352 SCOM Information Disclosure Vulnerability No No 7.5 Yes

Windows Vulnerabilities

CVE Title Exploited Publicly Disclosed? CVSSv3 Base Score has FAQ?
CVE-2021-40464 Windows Nearby Sharing Elevation of Privilege Vulnerability No No 8 No
CVE-2021-40463 Windows NAT Denial of Service Vulnerability No No 7.7 No
CVE-2021-40462 Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-41336 Windows Kernel Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-38672 Windows Hyper-V Remote Code Execution Vulnerability No No 8 Yes
CVE-2021-40461 Windows Hyper-V Remote Code Execution Vulnerability No No 8 No
CVE-2021-40477 Windows Event Tracing Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-41334 Windows Desktop Bridge Elevation of Privilege Vulnerability No No 7 No
CVE-2021-40475 Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-40468 Windows Bind Filter Driver Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-41347 Windows AppX Deployment Service Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-41338 Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability No Yes 5.5 No
CVE-2021-40476 Windows AppContainer Elevation Of Privilege Vulnerability No No 7.5 No
CVE-2021-40456 Windows AD FS Security Feature Bypass Vulnerability No No 5.3 Yes
CVE-2021-40450 Win32k Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-41357 Win32k Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-40478 Storage Spaces Controller Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-40488 Storage Spaces Controller Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-26441 Storage Spaces Controller Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2021-41345 Storage Spaces Controller Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-41330 Microsoft Windows Media Foundation Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-41339 Microsoft DWM Core Library Elevation of Privilege Vulnerability No No 4.7 No
CVE-2021-40470 DirectX Graphics Kernel Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-41346 Console Window Host Security Feature Bypass Vulnerability No No 5.3 No
CVE-2021-41337 Active Directory Security Feature Bypass Vulnerability No No 4.9 Yes
CVE-2021-41361 Active Directory Federation Server Spoofing Vulnerability No No 5.4 Yes

Patch Tuesday – September 2021

Post Syndicated from Adam Bunn original https://blog.rapid7.com/2021/09/15/patch-tuesday-september-2021/

Patch Tuesday - September 2021

Microsoft has fixed a total of 60 vulnerabilities this month, including two publicly disclosed 0-days. Fortunately there are only a few issues rated critical this month with the vast majority of the remainder being rated important. Here’s three big things you can go patch right now.

MSHTML Remote Code Execution 0-day (CVE-2021-40444)

The hot topic this month is the most recent remote code execution 0-day vulnerability in MSHTML. When it was first discovered it was only being used in a limited number of attacks, however this quickly changed once instructions for exploiting the vulnerability were published online. This vulnerability was severe enough to warrant publishing patches for older operating systems including Windows 7, Windows Server 2008 R2, and Windows Server 2008. Now that updates have been published for this vulnerability they should be applied as soon as possible.

Windows DNS Local Elevation of Privilege (CVE-2021-36968)

This is the second publicly disclosed vulnerability updated this month. While the details surrounding this CVE are sparse, we do know that Microsoft has not detected exploitation in the wild.

Updates to PrintNightmare (CVE-2021-1678)

Microsoft has made additional patches available for older operating systems. If you were previously unable to patch against this vulnerability you may want to review this new information.

Summary Graphs

Patch Tuesday - September 2021
Patch Tuesday - September 2021
Patch Tuesday - September 2021
Patch Tuesday - September 2021

Summary Tables

Azure Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-38647 Open Management Infrastructure Remote Code Execution Vulnerability No No 9.8 Yes
CVE-2021-38645 Open Management Infrastructure Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2021-38648 Open Management Infrastructure Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2021-38649 Open Management Infrastructure Elevation of Privilege Vulnerability No No 7 Yes
CVE-2021-40448 Microsoft Accessibility Insights for Android Information Disclosure Vulnerability No No 6.3 Yes
CVE-2021-36956 Azure Sphere Information Disclosure Vulnerability No No 4.4 Yes

Browser Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-38642 Microsoft Edge for iOS Spoofing Vulnerability No No 6.1 No
CVE-2021-38641 Microsoft Edge for Android Spoofing Vulnerability No No 6.1 No
CVE-2021-26439 Microsoft Edge for Android Information Disclosure Vulnerability No No 4.6 No
CVE-2021-38669 Microsoft Edge (Chromium-based) Tampering Vulnerability No No 6.4 Yes
CVE-2021-26436 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability No No 6.1 No
CVE-2021-36930 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability No No 5.3 No
CVE-2021-30632 Chromium: CVE-2021-30632 Out of bounds write in V8 No No Yes
CVE-2021-30624 Chromium: CVE-2021-30624 Use after free in Autofill No No Yes
CVE-2021-30623 Chromium: CVE-2021-30623 Use after free in Bookmarks No No Yes
CVE-2021-30622 Chromium: CVE-2021-30622 Use after free in WebApp Installs No No Yes
CVE-2021-30621 Chromium: CVE-2021-30621 UI Spoofing in Autofill No No Yes
CVE-2021-30620 Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink No No Yes
CVE-2021-30619 Chromium: CVE-2021-30619 UI Spoofing in Autofill No No Yes
CVE-2021-30618 Chromium: CVE-2021-30618 Inappropriate implementation in DevTools No No Yes
CVE-2021-30617 Chromium: CVE-2021-30617 Policy bypass in Blink No No Yes
CVE-2021-30616 Chromium: CVE-2021-30616 Use after free in Media No No Yes
CVE-2021-30615 Chromium: CVE-2021-30615 Cross-origin data leak in Navigation No No Yes
CVE-2021-30614 Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip No No Yes
CVE-2021-30613 Chromium: CVE-2021-30613 Use after free in Base internals No No Yes
CVE-2021-30612 Chromium: CVE-2021-30612 Use after free in WebRTC No No Yes
CVE-2021-30611 Chromium: CVE-2021-30611 Use after free in WebRTC No No Yes
CVE-2021-30610 Chromium: CVE-2021-30610 Use after free in Extensions API No No Yes
CVE-2021-30609 Chromium: CVE-2021-30609 Use after free in Sign-In No No Yes
CVE-2021-30608 Chromium: CVE-2021-30608 Use after free in Web Share No No Yes
CVE-2021-30607 Chromium: CVE-2021-30607 Use after free in Permissions No No Yes
CVE-2021-30606 Chromium: CVE-2021-30606 Use after free in Blink No No Yes

Developer Tools Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-36952 Visual Studio Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-26434 Visual Studio Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-26437 Visual Studio Code Spoofing Vulnerability No No 5.5 No

ESU Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-38625 Windows Kernel Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-38626 Windows Kernel Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-36968 Windows DNS Elevation of Privilege Vulnerability No Yes 7.8 No

Microsoft Dynamics Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-40440 Microsoft Dynamics Business Central Cross-site Scripting Vulnerability No No 5.4 No

Microsoft Office Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-38656 Microsoft Word Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-38651 Microsoft SharePoint Server Spoofing Vulnerability No No 7.6 No
CVE-2021-38652 Microsoft SharePoint Server Spoofing Vulnerability No No 7.6 No
CVE-2021-38653 Microsoft Office Visio Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-38654 Microsoft Office Visio Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-38650 Microsoft Office Spoofing Vulnerability No No 7.6 Yes
CVE-2021-38659 Microsoft Office Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-38658 Microsoft Office Graphics Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-38660 Microsoft Office Graphics Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-38657 Microsoft Office Graphics Component Information Disclosure Vulnerability No No 6.1 Yes
CVE-2021-38646 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-38655 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes

Windows Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-36967 Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability No No 8 No
CVE-2021-36966 Windows Subsystem for Linux Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-38637 Windows Storage Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-36972 Windows SMB Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-36974 Windows SMB Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-36973 Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-38624 Windows Key Storage Provider Security Feature Bypass Vulnerability No No 6.5 Yes
CVE-2021-36954 Windows Bind Filter Driver Elevation of Privilege Vulnerability No No 8.8 No
CVE-2021-36975 Win32k Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-38634 Microsoft Windows Update Client Elevation of Privilege Vulnerability No No 7.1 No
CVE-2021-38644 Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-38661 HEVC Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-38632 BitLocker Security Feature Bypass Vulnerability No No 5.7 Yes

Windows ESU Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-36965 Windows WLAN AutoConfig Service Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-26435 Windows Scripting Engine Memory Corruption Vulnerability No No 8.1 Yes
CVE-2021-36960 Windows SMB Information Disclosure Vulnerability No No 7.5 Yes
CVE-2021-36969 Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-38635 Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-38636 Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-38667 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2021-38671 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-40447 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-36962 Windows Installer Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-36961 Windows Installer Denial of Service Vulnerability No No 5.5 No
CVE-2021-36964 Windows Event Tracing Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-38630 Windows Event Tracing Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-36955 Windows Common Log File System Driver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-36963 Windows Common Log File System Driver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-38633 Windows Common Log File System Driver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-36959 Windows Authenticode Spoofing Vulnerability No No 5.5 No
CVE-2021-38629 Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability No No 6.5 Yes
CVE-2021-38628 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-38638 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-38639 Win32k Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-40444 Microsoft MSHTML Remote Code Execution Vulnerability Yes Yes 8.8 Yes

Patch Tuesday – August 2021

Post Syndicated from Adam Bunn original https://blog.rapid7.com/2021/08/11/patch-tuesday-august-2021/

Patch Tuesday - August 2021

Hot off the press, it’s another issue of the Patch Tuesday blog! While the number of vulnerabilities is low this month, there are a number of high risk items administrators will want to patch right away including a few that will require additional remediation steps. This Patch Tuesday also includes updates for three vulnerabilities that were publicly disclosed earlier this month. Let’s jump in.

Windows Elevation of Privilege Vulnerability aka HiveNightmare/SeriousSAM

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934
With a public proof-of-concept having been available for some time, administrators should prioritize taking action on CVE-2021-36934. Remediation for this vulnerability requires volume shadow copies for system files to be deleted. This is due to the nature of the vulnerability, as the files with the vulnerable permissions could be restored from a backup and accessed even after the patch is installed. Microsoft indicates they took caution not to delete users’ backups, but the trade-off is that customers will need to do the chore themselves. We’ve updated our blog post with this additional information.

Windows LSA Spoofing Vulnerability aka ADV210003

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36942
Another high priority action for patching teams is CVE-2021-36942. This update patches one of the vectors used in the PetitPotam attack. After applying this update there are additional configurations required in order to protect systems from other attack vectors using registry keys. The InsightVM team has included detection for the registry keys needed to enable EPA and SMB Signing in addition to the normal update.  Please see our blog post for more information.

Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26432
While Microsoft has not offered up any details for this vulnerability we can glean some info from the CVSS information. This remote code execution vulnerability is reachable from the network service with no authentication or user action required. There may not be an exploit available for this yet, but Microsoft indicates that “Exploitation [is] more likely”. Put this update near the top of your TODO list.

Windows TCP/IP Remote Code Execution Vulnerability

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26424
Last on our list is a vulnerability that can result in remote execution on a Hyper-V host via the IPv6 networking stack. If Hyper-V is used in your environment this should be first on your list this month.

Summary Graphs

Patch Tuesday - August 2021
Patch Tuesday - August 2021
Patch Tuesday - August 2021
Patch Tuesday - August 2021

Summary Tables

Azure Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-36949 Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability No No 7.1 Yes
CVE-2021-26428 Azure Sphere Information Disclosure Vulnerability No No 4.4 Yes
CVE-2021-26429 Azure Sphere Elevation of Privilege Vulnerability No No 7.7 Yes
CVE-2021-26430 Azure Sphere Denial of Service Vulnerability No No 6 Yes
CVE-2021-33762 Azure CycleCloud Elevation of Privilege Vulnerability No No 7 No
CVE-2021-36943 Azure CycleCloud Elevation of Privilege Vulnerability No No 4 No

Browser Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-30597 Chromium: CVE-2021-30597 Use after free in Browser UI No No Yes
CVE-2021-30596 Chromium: CVE-2021-30596 Incorrect security UI in Navigation No No Yes
CVE-2021-30594 Chromium: CVE-2021-30594 Use after free in Page Info UI No No Yes
CVE-2021-30593 Chromium: CVE-2021-30593 Out of bounds read in Tab Strip No No Yes
CVE-2021-30592 Chromium: CVE-2021-30592 Out of bounds write in Tab Groups No No Yes
CVE-2021-30591 Chromium: CVE-2021-30591 Use after free in File System API No No Yes
CVE-2021-30590 Chromium: CVE-2021-30590 Heap buffer overflow in Bookmarks No No Yes

Developer Tools Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-34532 ASP.NET Core and Visual Studio Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-34485 .NET Core and Visual Studio Information Disclosure Vulnerability No No 5 Yes
CVE-2021-26423 .NET Core and Visual Studio Denial of Service Vulnerability No No 7.5 No

Microsoft Dynamics Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-36946 Microsoft Dynamics Business Central Cross-site Scripting Vulnerability No No 5.4 No
CVE-2021-34524 Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability No No 8.1 No
CVE-2021-36950 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability No No 5.4 No

Microsoft Office Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-36941 Microsoft Word Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-36940 Microsoft SharePoint Server Spoofing Vulnerability No No 7.6 No
CVE-2021-34478 Microsoft Office Remote Code Execution Vulnerability No No 7.8 Yes

System Center Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-34471 Microsoft Windows Defender Elevation of Privilege Vulnerability No No 7.8 Yes

Windows Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-26426 Windows User Account Profile Picture Elevation of Privilege Vulnerability No No 7 No
CVE-2021-36948 Windows Update Medic Service Elevation of Privilege Vulnerability Yes No 7.8 No
CVE-2021-26432 Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability No No 9.8 No
CVE-2021-26433 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability No No 7.5 Yes
CVE-2021-36926 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability No No 7.5 Yes
CVE-2021-36932 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability No No 7.5 Yes
CVE-2021-36933 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability No No 7.5 Yes
CVE-2021-26431 Windows Recovery Environment Agent Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-34534 Windows MSHTML Platform Remote Code Execution Vulnerability No No 6.8 Yes
CVE-2021-34530 Windows Graphics Component Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-34486 Windows Event Tracing Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-34487 Windows Event Tracing Elevation of Privilege Vulnerability No No 7 No
CVE-2021-36938 Windows Cryptographic Primitives Library Information Disclosure Vulnerability No No 5.5 No
CVE-2021-36945 Windows 10 Update Assistant Elevation of Privilege Vulnerability No No 7.3 No
CVE-2021-34536 Storage Spaces Controller Elevation of Privilege Vulnerability No No 7.8 No

Windows ESU Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-34484 Windows User Profile Service Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-26424 Windows TCP/IP Remote Code Execution Vulnerability No No 9.9 Yes
CVE-2021-36936 Windows Print Spooler Remote Code Execution Vulnerability No Yes 8.8 No
CVE-2021-36947 Windows Print Spooler Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-34483 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-36937 Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-36942 Windows LSA Spoofing Vulnerability No Yes 7.5 Yes
CVE-2021-34533 Windows Graphics Component Font Parsing Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-26425 Windows Event Tracing Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-36927 Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-34537 Windows Bluetooth Driver Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2021-34480 Scripting Engine Memory Corruption Vulnerability No No 6.8 Yes
CVE-2021-34535 Remote Desktop Client Remote Code Execution Vulnerability No No 8.8 Yes

Patch Tuesday – July 2021

Post Syndicated from Adam Bunn original https://blog.rapid7.com/2021/07/13/patch-tuesday-july-2021/

Patch Tuesday - July 2021

Microsoft has patched another 117 CVEs, returning to volumes seen in early 2021 and most of 2020. It would appear that the recent trend of approximately 50 vulnerability fixes per month was not indicative of a slowing pace. This month there were 13 vulnerabilities rated Critical with nearly the rest being rated Important. Thankfully, none of the updates published today require additional steps to remediate, so administrators should be able to rely on their normal patching process. Once CVE-2021-34527 has been remediated, priority should be to patch public facing DNS and Exchange servers, followed by Workstations, SharePoint servers, and finally Office applications.

It seems like the PrintNightmare is nearly over. While the past two weeks have been a frenzy for the security community there has been no new information since the end of last week when Microsoft made a final revision to their guidance on CVE-2021-34527. If you haven’t patched this yet, this is your daily reminder. For further details please see our blog on the topic.

Multiple Critical DNS Vulnerabilities Patched

Administrators should focus their efforts on the 11 vulnerabilities in Windows DNS server to reduce the most risk. The two most important of these vulnerabilities are CVE-2021-34494 and CVE-2021-33780. Exploitation of either of these vulnerabilities would result in Remote Code Execution with SYSTEM privileges without any user interaction via the network. Given the network exposure of DNS servers these vulnerabilities could prove to be troublesome if an exploit were to be developed. Microsoft lists CVE-2021-33780 as “Exploitation More Likely” so it may only be a matter of time before attackers attempt to make use of these flaws.

New Exchange Updates Available

Only 4 of the 7 Exchange CVEs being disclosed this month are new. The two most severe vulnerabilities were patched in back in April and were mistakenly not disclosed. This means that if you applied the April 2021 updates you will not need to take any action for CVE-2021-34473, CVE-2021-34523, or CVE-2021-33766. Of the 4 newly patched vulnerabilities the most notable is CVE-2021-31206, a remote code execution flaw discovered in the recent Pwn2Own competition.

Scripting Engine Exploited in the Wild

Exploitation of CVE-2021-34448 has been observed in the wild by researchers. There are no details on the frequency or spread of this exploit. This vulnerability requires the user to visit a link to download a malicious file. As with other vulnerabilities that require user interaction, strong security hygiene is the first line of defense.

Summary Tables

Here are this month’s patched vulnerabilities split by the product family.

Apps Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-33753 Microsoft Bing Search Spoofing Vulnerability No No 4.7 Yes

Developer Tools Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-34528 Visual Studio Code Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-34529 Visual Studio Code Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-34477 Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-33767 Open Enclave SDK Elevation of Privilege Vulnerability No No 8.2 Yes
CVE-2021-34479 Microsoft Visual Studio Spoofing Vulnerability No No 7.8 No

Exchange Server Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-34473 Microsoft Exchange Server Remote Code Execution Vulnerability No Yes 9.1 No
CVE-2021-31206 Microsoft Exchange Server Remote Code Execution Vulnerability No No 7.6 Yes
CVE-2021-31196 Microsoft Exchange Server Remote Code Execution Vulnerability No No 7.2 No
CVE-2021-34523 Microsoft Exchange Server Elevation of Privilege Vulnerability No Yes 9 No
CVE-2021-33768 Microsoft Exchange Server Elevation of Privilege Vulnerability No No 8 Yes
CVE-2021-34470 Microsoft Exchange Server Elevation of Privilege Vulnerability No No 8 Yes
CVE-2021-33766 Microsoft Exchange Information Disclosure Vulnerability No No 7.3 Yes

Microsoft Dynamics Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-34474 Dynamics Business Central Remote Code Execution Vulnerability No No 8 Yes

Microsoft Office Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-34452 Microsoft Word Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-34517 Microsoft SharePoint Server Spoofing Vulnerability No No 5.3 No
CVE-2021-34520 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 8.1 No
CVE-2021-34467 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 7.1 No
CVE-2021-34468 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 7.1 Yes
CVE-2021-34519 Microsoft SharePoint Server Information Disclosure Vulnerability No No 5.3 Yes
CVE-2021-34469 Microsoft Office Security Feature Bypass Vulnerability No No 8.2 Yes
CVE-2021-34451 Microsoft Office Online Server Spoofing Vulnerability No No 5.3 Yes
CVE-2021-34501 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-34518 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes

SQL Server Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-31984 Power BI Remote Code Execution Vulnerability No No 7.6 Yes

System Center Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-34464 Microsoft Defender Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-34522 Microsoft Defender Remote Code Execution Vulnerability No No 7.8 Yes

Windows Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-33772 Windows TCP/IP Driver Denial of Service Vulnerability No No 7.5 No
CVE-2021-34490 Windows TCP/IP Driver Denial of Service Vulnerability No No 7.5 No
CVE-2021-33744 Windows Secure Kernel Mode Security Feature Bypass Vulnerability No No 5.3 No
CVE-2021-33763 Windows Remote Access Connection Manager Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-34454 Windows Remote Access Connection Manager Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-33761 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-33773 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-34445 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-33743 Windows Projected File System Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-34493 Windows Partition Management Driver Elevation of Privilege Vulnerability No No 6.7 No
CVE-2021-33740 Windows Media Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-34458 Windows Kernel Remote Code Execution Vulnerability No No 9.9 Yes
CVE-2021-34508 Windows Kernel Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-33771 Windows Kernel Elevation of Privilege Vulnerability Yes No 7.8 No
CVE-2021-31961 Windows InstallService Elevation of Privilege Vulnerability No No 6.1 Yes
CVE-2021-34450 Windows Hyper-V Remote Code Execution Vulnerability No No 8.5 Yes
CVE-2021-33758 Windows Hyper-V Denial of Service Vulnerability No No 7.7 No
CVE-2021-33755 Windows Hyper-V Denial of Service Vulnerability No No 6.3 No
CVE-2021-34466 Windows Hello Security Feature Bypass Vulnerability No No 5.7 Yes
CVE-2021-34438 Windows Font Driver Host Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-34455 Windows File History Service Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-33774 Windows Event Tracing Elevation of Privilege Vulnerability No No 7 No
CVE-2021-33759 Windows Desktop Bridge Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-34525 Windows DNS Server Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-34461 Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-34488 Windows Console Driver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-33784 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-34462 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability No No 7 No
CVE-2021-34459 Windows AppContainer Elevation Of Privilege Vulnerability No No 7.8 No
CVE-2021-33785 Windows AF_UNIX Socket Provider Denial of Service Vulnerability No No 7.5 No
CVE-2021-33779 Windows ADFS Security Feature Bypass Vulnerability No Yes 8.1 Yes
CVE-2021-34491 Win32k Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-34449 Win32k Elevation of Privilege Vulnerability No No 7 No
CVE-2021-34509 Storage Spaces Controller Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-34460 Storage Spaces Controller Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-34510 Storage Spaces Controller Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-34512 Storage Spaces Controller Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-34513 Storage Spaces Controller Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-33751 Storage Spaces Controller Elevation of Privilege Vulnerability No No 7 No
CVE-2021-34521 Raw Image Extension Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-34439 Microsoft Windows Media Foundation Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-34503 Microsoft Windows Media Foundation Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-33760 Media Foundation Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-31947 HEVC Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-33775 HEVC Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-33776 HEVC Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-33777 HEVC Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-33778 HEVC Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-34489 DirectWrite Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-33781 Active Directory Security Feature Bypass Vulnerability No Yes 8.1 No

Windows ESU Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-31183 Windows TCP/IP Driver Denial of Service Vulnerability No No 7.5 No
CVE-2021-33757 Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability No No 5.3 Yes
CVE-2021-33783 Windows SMB Information Disclosure Vulnerability No No 6.5 Yes
CVE-2021-34507 Windows Remote Assistance Information Disclosure Vulnerability No No 6.5 Yes
CVE-2021-34457 Windows Remote Access Connection Manager Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-34456 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-34527 Windows Print Spooler Remote Code Execution Vulnerability Yes Yes 8.8 Yes
CVE-2021-34497 Windows MSHTML Platform Remote Code Execution Vulnerability No No 6.8 Yes
CVE-2021-34447 Windows MSHTML Platform Remote Code Execution Vulnerability No No 6.8 Yes
CVE-2021-33786 Windows LSA Security Feature Bypass Vulnerability No No 8.1 Yes
CVE-2021-33788 Windows LSA Denial of Service Vulnerability No No 7.5 No
CVE-2021-33764 Windows Key Distribution Center Information Disclosure Vulnerability No No 5.9 Yes
CVE-2021-34500 Windows Kernel Memory Information Disclosure Vulnerability No No 6.3 Yes
CVE-2021-31979 Windows Kernel Elevation of Privilege Vulnerability Yes No 7.8 No
CVE-2021-34514 Windows Kernel Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-33765 Windows Installer Spoofing Vulnerability No No 6.2 No
CVE-2021-34511 Windows Installer Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-34446 Windows HTML Platforms Security Feature Bypass Vulnerability No No 8 No
CVE-2021-34496 Windows GDI Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-34498 Windows GDI Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-33749 Windows DNS Snap-in Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2021-33750 Windows DNS Snap-in Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2021-33752 Windows DNS Snap-in Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2021-33756 Windows DNS Snap-in Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2021-34494 Windows DNS Server Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2021-33780 Windows DNS Server Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2021-33746 Windows DNS Server Remote Code Execution Vulnerability No No 8 No
CVE-2021-33754 Windows DNS Server Remote Code Execution Vulnerability No No 8 No
CVE-2021-34442 Windows DNS Server Denial of Service Vulnerability No No 7.5 Yes
CVE-2021-34444 Windows DNS Server Denial of Service Vulnerability No No 6.5 Yes
CVE-2021-34499 Windows DNS Server Denial of Service Vulnerability No No 6.5 No
CVE-2021-33745 Windows DNS Server Denial of Service Vulnerability No No 6.5 Yes
CVE-2021-34492 Windows Certificate Spoofing Vulnerability No Yes 8.1 No
CVE-2021-33782 Windows Authenticode Spoofing Vulnerability No No 5.5 No
CVE-2021-34504 Windows Address Book Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-34516 Win32k Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-34448 Scripting Engine Memory Corruption Vulnerability Yes No 6.8 Yes
CVE-2021-34441 Microsoft Windows Media Foundation Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-34440 GDI+ Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-34476 Bowser.sys Denial of Service Vulnerability No No 7.5 No

Summary Graphs

Patch Tuesday - July 2021
Patch Tuesday - July 2021
Patch Tuesday - July 2021
Patch Tuesday - July 2021

Patch Tuesday – February 2021

Post Syndicated from Greg Wiseman original https://blog.rapid7.com/2021/02/09/patch-tuesday-february-2021/

Patch Tuesday - February 2021

The second Patch Tuesday of 2021 is relatively light on the vulnerability count, with 64 CVEs being addressed across the majority of Microsoft’s product families. Despite that, there’s still plenty to discuss this month.

Vulnerability Breakdown by Software Family

Family Vulnerability Count
Windows 28
ESU 14
Microsoft Office 11
Browser 9
Developer Tools 8
Microsoft Dynamics 2
Exchange Server 2
Azure 2
System Center 2

Exploited and Publicly Disclosed Vulnerabilities

One zero-day was announced: CVE-2021-1732 is a privilege elevation vulnerability affecting the Win32k component of Windows 10 and Windows Server 2019, reported to be exploited in the wild. Four vulnerabilities have been previously disclosed: CVE-2021-1727, a privilege elevation vulnerability in Windows Installer, affecting all supported versions of Windows; CVE-2021-24098, which is a denial of service (DoS) affecting Windows 10 and Server 2019; CVE-2021-24106, an information disclosure vulnerability affecting DirectX in Windows 10 and Server 2019; and CVE-2021-26701, an RCE in .NET Core.

Vulnerabilities in Windows TCP/IP

Microsoft also disclosed a set of three serious vulnerabilities affecting the TCP/IP networking stack in all supported versions of Windows. Two of these (CVE-2021-24074 and CVE-2021-24094) carry a base CVSSv3 score of 9.8 and could allow Remote Code Execution (RCE). CVE-2021-24094 is specific to IPv6 link-local addresses, meaning it isn’t exploitable over the public internet. CVE-2021-24074, however, does not have this limitation. The third, CVE-2021-24086, is a DoS vulnerability that could allow an attacker to trigger a “blue screen of death” on any Windows system that is directly exposed to the internet, using only a small amount of network traffic. The RCE exploits are probably not a threat in the short term, due to the complexity of the vulnerabilities, but DoS attacks are expected to be seen much more quickly. Windows systems should be patched as soon as possible to protect against these.

In the event a patch cannot be applied immediately, such as on systems that cannot be rebooted, Microsoft has published mitigation guidance that will protect against exploitation of the TCP/IP vulnerabilities. Depending on the exposure of an asset, IPv4 Source Routing should be disabled via a Group Policy or a Netsh command, and IPv6 packet reassembly should be disabled via a separate Netsh command. IPv4 Source Routing requests and IPv6 fragments can also be blocked load balancers, firewalls, or other edge devices to mitigate these issues.

Zerologon Update

Back in August, 2020, Microsoft addressed a critical remote code vulnerability (CVE-2020-1472) affecting the Netlogon protocol (MS-NRPC), a.k.a. “Zerologon”. In October, Microsoft noted that attacks which exploit this weakness have been seen in the wild. On January 14, 2021, they reminded organizations that the February 2021 security update bundle will also be enabling “Domain Controller enforcement mode” by default to fully address this weakness. Any system that tries to make an insecure Netlogon connection will be denied access. Any business-critical process that relies on these insecure connections will cease to function. Rapid7 encourages all organizations to heed the detailed guidance before applying the latest updates to ensure continued business process continuity.

Adobe

Most important amongst the six security advisories published by Adobe today is APSB21-09, detailing 23 CVEs affecting Adobe Acrobat and Reader. Six of these are rated Critical and allow Arbitrary Code Execution, and one of which (CVE-2021-21017), has been seen exploited in the wild in attacks targeting Adobe Reader users on Windows.

Summary Tables

Azure Vulnerabilities

CVE Vulnerability Title Exploited Publicly Disclosed CVSSv3 Base Score FAQ?
CVE-2021-24109 Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability No No 6.8 Yes
CVE-2021-24087 Azure IoT CLI extension Elevation of Privilege Vulnerability No No 7 Yes

Browser Vulnerabilities

CVE Vulnerability Title Exploited Publicly Disclosed CVSSv3 Base Score FAQ?
CVE-2021-24100 Microsoft Edge for Android Information Disclosure Vulnerability No No 5 Yes
CVE-2021-24113 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability No No 4.6 Yes
CVE-2021-21148 Chromium CVE-2021-21148: Heap buffer overflow in V8 N/A N/A nan Yes
CVE-2021-21147 Chromium CVE-2021-21147: Inappropriate implementation in Skia N/A N/A nan Yes
CVE-2021-21146 Chromium CVE-2021-21146: Use after free in Navigation N/A N/A nan Yes
CVE-2021-21145 Chromium CVE-2021-21145: Use after free in Fonts N/A N/A nan Yes
CVE-2021-21144 Chromium CVE-2021-21144: Heap buffer overflow in Tab Groups N/A N/A nan Yes
CVE-2021-21143 Chromium CVE-2021-21143: Heap buffer overflow in Extensions N/A N/A nan Yes
CVE-2021-21142 Chromium CVE-2021-21142: Use after free in Payments N/A N/A nan Yes

Developer Tools Vulnerabilities

CVE Vulnerability Title Exploited Publicly Disclosed CVSSv3 Base Score FAQ?
CVE-2021-26700 Visual Studio Code npm-script Extension Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-1639 Visual Studio Code Remote Code Execution Vulnerability No No 7 No
CVE-2021-1733 Sysinternals PsExec Elevation of Privilege Vulnerability No Yes 7.8 Yes
CVE-2021-24105 Package Managers Configurations Remote Code Execution Vulnerability No No 8.4 Yes
CVE-2021-24111 .NET Framework Denial of Service Vulnerability No No 7.5 No
CVE-2021-1721 .NET Core and Visual Studio Denial of Service Vulnerability No Yes 6.5 No
CVE-2021-26701 .NET Core Remote Code Execution Vulnerability No Yes 8.1 Yes
CVE-2021-24112 .NET Core Remote Code Execution Vulnerability No No 8.1 Yes

ESU Windows Vulnerabilities

CVE Vulnerability Title Exploited Publicly Disclosed CVSSv3 Base Score FAQ?
CVE-2021-24080 Windows Trust Verification API Denial of Service Vulnerability No No 6.5 No
CVE-2021-24074 Windows TCP/IP Remote Code Execution Vulnerability No No 9.8 Yes
CVE-2021-24094 Windows TCP/IP Remote Code Execution Vulnerability No No 9.8 Yes
CVE-2021-24086 Windows TCP/IP Denial of Service Vulnerability No No 7.5 Yes
CVE-2021-1734 Windows Remote Procedure Call Information Disclosure Vulnerability No No 7.5 Yes
CVE-2021-25195 Windows PKU2U Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2021-24088 Windows Local Spooler Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-1727 Windows Installer Elevation of Privilege Vulnerability No Yes 7.8 No
CVE-2021-24077 Windows Fax Service Remote Code Execution Vulnerability No No 9.8 Yes
CVE-2021-1722 Windows Fax Service Remote Code Execution Vulnerability No No 8.1 Yes
CVE-2021-24102 Windows Event Tracing Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-24103 Windows Event Tracing Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-24078 Windows DNS Server Remote Code Execution Vulnerability No No 9.8 Yes
CVE-2021-24083 Windows Address Book Remote Code Execution Vulnerability No No 7.8 No

Exchange Server Vulnerabilities

CVE Vulnerability Title Exploited Publicly Disclosed CVSSv3 Base Score FAQ?
CVE-2021-24085 Microsoft Exchange Server Spoofing Vulnerability No No 6.5 Yes
CVE-2021-1730 Microsoft Exchange Server Spoofing Vulnerability No No 5.4 Yes

Microsoft Dynamics Vulnerabilities

CVE Vulnerability Title Exploited Publicly Disclosed CVSSv3 Base Score FAQ?
CVE-2021-1724 Microsoft Dynamics Business Central Cross-site Scripting Vulnerability No No 6.1 No
CVE-2021-24101 Microsoft Dataverse Information Disclosure Vulnerability No No 6.5 Yes

Microsoft Office Vulnerabilities

CVE Vulnerability Title Exploited Publicly Disclosed CVSSv3 Base Score FAQ?
CVE-2021-24073 Skype for Business and Lync Spoofing Vulnerability No No 6.5 No
CVE-2021-24099 Skype for Business and Lync Denial of Service Vulnerability No No 6.5 No
CVE-2021-24114 Microsoft Teams iOS Information Disclosure Vulnerability No No 5.7 Yes
CVE-2021-1726 Microsoft SharePoint Spoofing Vulnerability No No 8 Yes
CVE-2021-24072 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-24066 Microsoft SharePoint Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2021-24071 Microsoft SharePoint Information Disclosure Vulnerability No No 5.3 Yes
CVE-2021-24067 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-24068 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-24069 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-24070 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes

System Center Vulnerabilities

CVE Vulnerability Title Exploited Publicly Disclosed CVSSv3 Base Score FAQ?
CVE-2021-1728 System Center Operations Manager Elevation of Privilege Vulnerability No No 8.8 Yes
CVE-2021-24092 Microsoft Defender Elevation of Privilege Vulnerability No No 7.8 Yes

Windows Vulnerabilities

CVE Vulnerability Title Exploited Publicly Disclosed CVSSv3 Base Score FAQ?
CVE-2021-1732 Windows Win32k Elevation of Privilege Vulnerability Yes No 7.8 No
CVE-2021-1698 Windows Win32k Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-24075 Windows Network File System Denial of Service Vulnerability No No 6.8 No
CVE-2021-24084 Windows Mobile Device Management Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-24096 Windows Kernel Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-24093 Windows Graphics Component Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2021-24106 Windows DirectX Information Disclosure Vulnerability No Yes 5.5 Yes
CVE-2021-24098 Windows Console Driver Denial of Service Vulnerability No Yes 5.5 Yes
CVE-2021-24091 Windows Camera Codec Pack Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-24079 Windows Backup Engine Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-1731 PFX Encryption Security Feature Bypass Vulnerability No No 5.5 Yes
CVE-2021-24082 Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability No No 4.3 No
CVE-2021-24076 Microsoft Windows VMSwitch Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-24081 Microsoft Windows Codecs Library Remote Code Execution Vulnerability No No 7.8 No

Summary Charts

Patch Tuesday - February 2021
Patch Tuesday - February 2021
Patch Tuesday - February 2021
Patch Tuesday - February 2021

Note: Chart data is reflective of data presented by Microsoft’s CVRF at the time of writing.

Patch Tuesday – January 2021

Post Syndicated from Richard Tsang original https://blog.rapid7.com/2021/01/12/patch-tuesday-january-2021/

Patch Tuesday - January 2021

We arrive at the first Patch Tuesday of 2021 (2021-Jan) with 83 vulnerabilities across our standard spread of products.  Windows Operating System vulnerabilities dominated this month’s advisories, followed by Microsoft Office (which includes the SharePoint family of products), and lastly some from less frequent products such as Microsoft System Center and Microsoft SQL Server.

Vulnerability Breakdown by Software Family

Family Vulnerability Count
Windows 65
ESU 35
Microsoft Office 11
Developer Tools 5
SQL Server 1
Apps 1
System Center 1
Azure 1
Browser 1

Microsoft Defender Remote Code Execution Vulnerability (CVE-2021-1647)

CVE-2021-1647 is marked as a CVSS 7.8, actively exploited, remote code execution vulnerability through the Microsoft Malware Protection Engine (mpengine.dll) between version 1.1.17600.5 up to 1.1.17700.4.

As a default, Microsoft’s affected antimalware software will automatically keep the Microsoft Malware Protection Engine up to date. What this means, however, is that no further action is needed to resolve this vulnerability unless non-standard configurations are used.  

This vulnerability affects Windows Defender or the supported Endpoint Protection pieces of the System Center family of products (2012, 2012 R2, and namesake version: Microsoft System Center Endpoint Protection).

Patching Windows Operating Systems Next

Another confirmation of the standard advice of prioritizing Operating System patches whenever possible is that 11 of the 13 top CVSS-scoring (CVSSv3 8.8) vulnerabilities addressed in this month’s Patch Tuesday would be immediately covered through these means. As an interesting observation, the Windows Remote Procedure Call Runtime component appears to have been given extra scrutiny this month.  This RPC Runtime component accounts for the 9 of the 13 top CVSS scoring vulnerabilities along with half of all the 10 Critical Remote Code Execution vulnerabilities being addressed.

More Work to be Done

Lastly, some minor calls to note that this Patch Tuesday includes SQL Server as that is an atypical family covered during Patch Tuesdays and, arguably more notable, is a reminder that Adobe Flash has officially reached end-of-life and would’ve been actively removed from all browsers via Windows Update (already).

Summary Tables

Here are this month’s patched vulnerabilities split by the product family.

Azure Vulnerabilities

CVE Vulnerability Title Exploited Disclosed CVSS3 FAQ?
CVE-2021-1677 Azure Active Directory Pod Identity Spoofing Vulnerability No No 5.5 Yes

Browser Vulnerabilities

CVE Vulnerability Title Exploited Disclosed CVSS3 FAQ?
CVE-2021-1705 Microsoft Edge (HTML-based) Memory Corruption Vulnerability No No 4.2 No

Developer Tools Vulnerabilities

cve Vulnerability Title Exploited Disclosed CVSS3 FAQ?
CVE-2020-26870 Visual Studio Remote Code Execution Vulnerability No No 7 Yes
CVE-2021-1725 Bot Framework SDK Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-1723 ASP.NET Core and Visual Studio Denial of Service Vulnerability No No 7.5 No

Developer Tools Windows Vulnerabilities

CVE Vulnerability Title Exploited Disclosed CVSS3 FAQ?
CVE-2021-1651 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-1680 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability No No 7.8 No

Microsoft Office Vulnerabilities

CVE title Exploited Disclosed CVSS3 FAQ?
CVE-2021-1715 Microsoft Word Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-1716 Microsoft Word Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-1641 Microsoft SharePoint Spoofing Vulnerability No No 4.6 No
CVE-2021-1717 Microsoft SharePoint Spoofing Vulnerability No No 4.6 No
CVE-2021-1718 Microsoft SharePoint Server Tampering Vulnerability No No 8 No
CVE-2021-1707 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2021-1712 Microsoft SharePoint Elevation of Privilege Vulnerability No No 8 No
CVE-2021-1719 Microsoft SharePoint Elevation of Privilege Vulnerability No No 8 No
CVE-2021-1711 Microsoft Office Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-1713 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-1714 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes

SQL Server Vulnerabilities

CVE title Exploited Disclosed CVSS3 FAQ?
CVE-2021-1636 Microsoft SQL Elevation of Privilege Vulnerability No No 8.8 Yes

System Center Vulnerabilities

CVE title Exploited Disclosed CVSS3 FAQ?
CVE-2021-1647 Microsoft Defender Remote Code Execution Vulnerability Yes No 7.8 Yes

Windows Vulnerabilities

CVE title Exploited Disclosed CVSS3 FAQ?
CVE-2021-1681 Windows WalletService Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-1686 Windows WalletService Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-1687 Windows WalletService Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-1690 Windows WalletService Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-1646 Windows WLAN Service Elevation of Privilege Vulnerability No No 6.6 No
CVE-2021-1650 Windows Runtime C++ Template Library Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-1663 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-1670 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-1672 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-1689 Windows Multipoint Management Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-1682 Windows Kernel Elevation of Privilege Vulnerability No No 7 No
CVE-2021-1697 Windows InstallService Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-1662 Windows Event Tracing Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-1703 Windows Event Logging Service Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-1645 Windows Docker Information Disclosure Vulnerability No No 5 Yes
CVE-2021-1637 Windows DNS Query Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-1638 Windows Bluetooth Security Feature Bypass Vulnerability No No 7.7 No
CVE-2021-1683 Windows Bluetooth Security Feature Bypass Vulnerability No No 5 No
CVE-2021-1684 Windows Bluetooth Security Feature Bypass Vulnerability No No 5 No
CVE-2021-1642 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-1685 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability No No 7.3 No
CVE-2021-1648 Microsoft splwow64 Elevation of Privilege Vulnerability No Yes 7.8 Yes
CVE-2021-1710 Microsoft Windows Media Foundation Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-1691 Hyper-V Denial of Service Vulnerability No No 7.7 No
CVE-2021-1692 Hyper-V Denial of Service Vulnerability No No 7.7 No
CVE-2021-1643 HEVC Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-1644 HEVC Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes

Windows Apps Vulnerabilities

CVE title Exploited Disclosed CVSS3 FAQ?
CVE-2021-1669 Windows Remote Desktop Security Feature Bypass Vulnerability No No 8.8 Yes

Windows ESU Vulnerabilities

CVE title Exploited Disclosed CVSS3 FAQ?
CVE-2021-1709 Windows Win32k Elevation of Privilege Vulnerability No No 7 No
CVE-2021-1694 Windows Update Stack Elevation of Privilege Vulnerability No No 7.5 Yes
CVE-2021-1702 Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-1674 Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability No No 8.8 No
CVE-2021-1695 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-1676 Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-1706 Windows LUAFV Elevation of Privilege Vulnerability No No 7.3 No
CVE-2021-1661 Windows Installer Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-1704 Windows Hyper-V Elevation of Privilege Vulnerability No No 7.3 No
CVE-2021-1696 Windows Graphics Component Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-1708 Windows GDI+ Information Disclosure Vulnerability No No 5.7 Yes
CVE-2021-1657 Windows Fax Compose Form Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-1679 Windows CryptoAPI Denial of Service Vulnerability No No 6.5 No
CVE-2021-1652 Windows CSC Service Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-1653 Windows CSC Service Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-1654 Windows CSC Service Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-1655 Windows CSC Service Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-1659 Windows CSC Service Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-1688 Windows CSC Service Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-1693 Windows CSC Service Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-1699 Windows (modem.sys) Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-1656 TPM Device Driver Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-1658 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-1660 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-1666 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-1667 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-1673 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-1664 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-1671 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-1700 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-1701 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-1678 NTLM Security Feature Bypass Vulnerability No No 4.3 No
CVE-2021-1668 Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-1665 GDI+ Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-1649 Active Template Library Elevation of Privilege Vulnerability No No 7.8 No

Summary Graphs

Patch Tuesday - January 2021
Patch Tuesday - January 2021
Patch Tuesday - January 2021
Patch Tuesday - January 2021

Note: Graph data is reflective of data presented by Microsoft’s CVRF at the time of writing.